...
| Table of Contents | ||
|---|---|---|
|
...
Community User Identifier
| Name | eduTEAMS Community User Identifier |
|---|---|
| Description | User’s Community Identifier is an opaque and non-revocable identifier (i.e. it cannot change over time) that follows the syntax of eduPersonUniqueId attribute of eduPerson. It consists of “uniqueID” part and fixed scope “eduteams.org”, separated by at sign. The uniqueID part contains up to 64 hexadecimal digits (a-f, 0-9) |
| SAML Attribute(s) | - 1.3.6.1.4.1.5923.1.1.1.13 (eduPersonUniqueId) - urn:oasis:names:tc:SAML:attribute:subject-id |
| OIDC claim(s) | sub (public) |
| OIDC claim location | The claim is available in: ☑ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
| OIDC scope | openid |
| Origin | eduTEAMS assigns this attribute to a user when they register on the Service |
| Changes | No |
| Multiplicity | Single-valued |
| Availability | Mandatory |
| Example | 28c5353b8bb34984a8bd4169ba94c606@eduteams.org |
| Notes | eduPerson defines the comparison rule caseIgnoreMatch for eduPersonUniqueID. Relying services are encouraged to validate the scope of this attribute against the values permitted for eduTEAMS. eduTEAMS makes exclusive use of scope eduteams.org“. The eduTEAMS identifier and username “test@eduteams.org” are test accounts reserved for testing and monitoring the proper functioning of the eduTEAMS Login. The Relying parties should not authorise it to access any valuable resources. |
...
| Name | eduTEAMS Username |
|---|---|
| Description | The eduTEAMS username is a user selected, human-readable, revocable identifier (i.e. the user can change it). It is intended to be used when a unique identifier needs to be displayed in the user interface (e.g. wikis or Unix accounts). It has the syntax of eduPersonPrincipalName, which consists of “user” part and a fixed scope “eduteams.org”, separated by the @ sign. The user part (syntax derived from Linux accounts) begins with a lowercase letter or an underscore, followed by lower case letters, digits, underscores, or dashes and should between 4 and 16 characters long. The following regular expression applies: (^[a-z0-9_-]{4,16}$) The usernames beginning with an underscore are dedicated to eduTEAMS service IDs. (Experimental) |
| SAML Attribute(s) | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (eduPersonPrincipalName) |
| OIDC claim(s) | eduperson_principal_name |
| OIDC claim location | The claim is available in: ☐ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
| OIDC scope | eduperson_principal_name |
| Origin | Set when a user registers on eduTEAMS |
| Changes | Yes |
| Multiplicity | Single-valued |
| Availability | Mandatory |
| Example | dougherty@eduteams.org |
| Notes | Revoked identifiers will not be reassigned. Relying services are encouraged to validate the scope of this attribute against the values permitted for eduTEAMS. eduTEAMS will make exclusive use of scope “eduteams.org”. The eduTEAMS identifier and eduTEAMS username “test@eduteams.org are test accounts reserved for testing and monitoring the proper functioning of the eduTEAMS Login. The Relying parties should not authorise it to access any valuable resources. |
SSH Public Key
| Name | SSH Public Key - Experimental |
|---|---|
| Description | SSH public key of the user |
| SAML Attribute(s) | urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13 (sshPublicKey) |
| OIDC claim(s) | ssh_public_key |
| OIDC claim location | The claim is available in: ☐ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
| OIDC scope | ssh_public_key |
| Origin | Created and uploaded to eduTEAMS by the user. |
| Changes | Yes |
| Multiplicity | Multi-valued |
| Availability | Optional |
| Example | ssh-ed25519 AAAAC3NqaC1lZDI1TTE5AAAAIJ4pfKk7hRdUVeMfrKdLYhxdKy92nVPuHDlVVvZMyqeP |
| Notes | This attribute is not deployed yet |