On 31 Aug 2010, at 10:49, Andy Swiffin wrote:
> Did anyone think the ePE value a little odd? I've queried this with the federation helpdesk, they're asking me to deliver: "BUFVC_BOB-NATIONAL". I thought that ePE values that are let loose in the wild are all supposed to be URIs: From Technical Recommendations for Participants: "Values of eduPersonEntitlement take the form of a URI, most frequently using the http or urn schemes."
That's technically true, yes, eduPerson requires that eduPersonEntitlement values are URIs, see:
http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-200806.html#eduPersonEntitlement
"Definition
URI (either URN or URL) that indicates a set of rights to specific resources."
In practice, though, very few if any implementations enforce that constraint; instead, the value is normally treated as "just a string". So a value like this doesn't conform to the eduPerson specification, but it's unlikely to cause problems in practice. Well, until someone comes along with an IdP or SP product that actually checks of course...
It's always regrettable when someone does something like this, but the world somehow manages to continue in its orbit.
Pete Birkinshaw:
> I didn't like the idea of mixing
> URIs with non-URIs in our LDAP directory, so we're storing the awkward
> ones in URNs like this:
>
> urn:mace:ac.uk:manchester.ac.uk:dir:noncompliant-entitlement:BUFVC_BOB-NATIONAL
First, I'd like to congratulate Pete on being one of the very few people I've ever come across who actually went to the trouble of registering a urn: tree (which theoretically should be true for every urn:-scheme URI anyone invents):
http://www.ja.net/services/urn/urn-registry.html
Because I'm mean-spirited, though, I have to point out that the URI you quote above apparently isn't present in your own subordinate registry:
https://login.manchester.ac.uk/info/urns.html
I kid, of course. But this is the kind of reason why these days I'd recommend people to steer clear of urn:-scheme URIs entirely and just use http:-scheme URLs instead.
-- Ian "there's no place like urn:oid:1.3.6.1.4.1.21829" Young
|