Andy Swiffin wrote: > Did anyone think the ePE value a little odd? I've queried this with > the federation helpdesk, they're asking me to deliver: > "BUFVC_BOB-NATIONAL". I thought that ePE values that are let loose > in the wild are all supposed to be URIs: From Technical > Recommendations for Participants: "Values of eduPersonEntitlement > take the form of a URI, most frequently using the http or urn > schemes." It is odd - I think it should be a URI. I didn't like the idea of mixing URIs with non-URIs in our LDAP directory, so we're storing the awkward ones in URNs like this: urn:mace:ac.uk:manchester.ac.uk:dir:noncompliant-entitlement:BUFVC_BOB-NATIONAL Then the IDP's attribute resolver chops off the prefixed URI and only sends the entitlement wanted by the SP. It's a bodge but everyone gets the data they want. Pete -- Peter Birkinshaw Senior Directory and Registration Administrator IT Services Division | +44 (0)161 306 3118 The University of Manchester | PGP: 0xB7B0B433