Sorry to come in so late here with my tuppence.
eduPerson is originally an LDAP schema.
I would have thought that it's well worth populating LDAPs directly with
eduPerson attributes. It certainly would save us a lot of work in the
federation support team, explaining to people how to write scripts to
shoehorn yet another slightly different attribute into eduPerson.
Cheers,
Sara
On 25/11/2013 10:15, Alistair Young wrote:
> I have to agree with Andy on this. I can’t see any point in ‘domain
> creep’, where Shibboleth enters your AD infrastructure. IdPs are clever
> enough to map institutional data to external facing formats such as
> eduperson. We occasionally need to use non eduperson attributes and the
> IdP just does it, based on data in AD.
>
> tuppence dispensed, now skint.
>
> Alistair
>
> ------------------------------------
> Alistair Young
> Senior Software Engineer
> UHI@Sabhal Mòr Ostaig
>
>
> From: Andy Swiffin <[log in to unmask]
> <mailto:[log in to unmask]>>
> Reply-To: Discussion list for Shibboleth developments
> <[log in to unmask] <mailto:[log in to unmask]>>
> Date: Monday, 25 November 2013 09:51
> To: "[log in to unmask]
> <mailto:[log in to unmask]>" <[log in to unmask]
> <mailto:[log in to unmask]>>
> Subject: Re: Query on extent of eduPerson implementations in Directories
>
> Hi
>
> I believe a few people did this, i.e. extended their schema, but I never
> really understood why you would want to do that.
>
> The information which is used in the released eduperson attributes is
> there in our directory in other forms and it’s a fairly simple matter in
> attribute-resolver.xml to manipulate those into the form needed, for
> instance to create the staff/ student values for
> edupersonscopedaffiliation. It would be a tautology to create another
> attribute in the directory and go to all the trouble of populating it.
>
> EduPersonEntitlement values are usually kept in the form of group
> memberships which we can make easily manageable by, for example,
> library staff, without them having to manipulate some very queer
> value, and again the resolver can easily contain a scriptlet to test
> for group membership and set the required value to be released in ePE.
>
> My tuppence.
>
> Andy
>
> Dundee
>
> *From:*Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] *On Behalf Of *Karen Murphy
> *Sent:* 25 November 2013 08:42
> *To:* [log in to unmask] <mailto:[log in to unmask]>
> *Subject:* Query on extent of eduPerson implementations in Directories
>
> Hi,
>
>
>
> I hope this is the right forum for my question. I emailed Angel (LSE project –
>
> [log in to unmask] <mailto:[log in to unmask]>) but my email bounced, so I guess it is no longer active.
>
>
>
> I administer Shibboleth IdPs and SPs at Queen's Universities (Library) and we are
>
> trying to present the case for enriching attributes within our directories with a
>
> view to implementing eduPerson.
>
> We are interested to know if many institutions have implemented eduPerson schema
>
> extensions in Active Directory (as opposed to mapping arbitrary values within the
>
> directories to eduPerson attributes). I'm thinking of the methods described here
>
> at the Angel project site (section 2):
>
>
>
> http://www.angel.ac.uk/SECURe/deliverables/documentation/adconfig.html
>
>
>
> Queen's are currently considering their options around eduPerson schema and Active
>
> Directory in the medium to longer term. Any information on the extent to which other
>
> institutions have implemented this in production systems would be very useful.
>
>
>
> Thanks and Regards
>
> Karen
>
>
>
> --
>
> Karen Murphy
>
> Systems Analyst - Bibliographic Services
>
> The Library at Queen's
>
> Queen's University Belfast
>
> Belfast BT7 1LP
>
> Tel: 028 90976260
>
> Email:[log in to unmask] <mailto:[log in to unmask]>
>
>
> The University of Dundee is a registered Scottish Charity, No: SC015096
--
Sara Hopkins
Support Team
UK Access Management Federation for Education and Research
web: http://www.ukfederation.org.uk/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|
