Andy Swiffin wrote:
> Did anyone think the ePE value a little odd? I've queried this with
> the federation helpdesk, they're asking me to deliver:
> "BUFVC_BOB-NATIONAL". I thought that ePE values that are let loose
> in the wild are all supposed to be URIs: From Technical
> Recommendations for Participants: "Values of eduPersonEntitlement
> take the form of a URI, most frequently using the http or urn
> schemes."
It is odd - I think it should be a URI. I didn't like the idea of mixing
URIs with non-URIs in our LDAP directory, so we're storing the awkward
ones in URNs like this:
urn:mace:ac.uk:manchester.ac.uk:dir:noncompliant-entitlement:BUFVC_BOB-NATIONAL
Then the IDP's attribute resolver chops off the prefixed URI and only
sends the entitlement wanted by the SP. It's a bodge but everyone gets
the data they want.
Pete
--
Peter Birkinshaw
Senior Directory and Registration Administrator
IT Services Division | +44 (0)161 306 3118
The University of Manchester | PGP: 0xB7B0B433
|