| Next revision | Previous revision |
| en:aai:attributes_best_practice [2021/07/14 10:24] – created Silke Meyer | en:aai:attributes_best_practice [2021/12/14 18:11] (current) – Wolfgang Pempe |
|---|
| FIXME **This page is not fully translated, yet. Please help completing the translation.** | ====== Recommended Best Practices for the use of attributes in DFN-AAI ====== |
| | (back to the [[de:attributes|Overview]] (de)) |
| |
| ====== Best Practice Empfehlungen zur Verwendung von Attributen in der DFN-AAI ====== | You can find configuration samples for attribute resolver, attribute filter, and relying party configuration [[de:shibidp:config-attributes-aaiplus|on this page]]. |
| (Zurück zur [[de:attributes|Übersicht]]) | |
| |
| Konfigurationsbeispiele für Attribute Resolver und Filter sowie Relying Party finden sich [[de:shibidp:config-attributes-aaiplus|auf dieser Seite]]. | | **1. Name Identifier and attributes with similar functions** \\ (also see [[https://saml2int.org/|SAML2int Profile V2.0]], section "3.1.3. Subject Identification") || |
| | |
| | **1. Name Identifier und funktionsanaloge Attribute** \\ (siehe hierzu auch [[https://saml2int.org/|SAML2int Profile V2.0]], Abschnitt "3.1.3. Subject Identification") || | |
| ^ 1.1 Omni-directional, non-targeted ^^ | ^ 1.1 Omni-directional, non-targeted ^^ |
| | ''urn:oasis:names:tc:SAML:attribute:subject-id'' [[de:common_attributes#a16|Doku]]| empfohlen | | | ''urn:oasis:names:tc:SAML:attribute:subject-id'' [[de:common_attributes#a16|docs]] (de)| recommended | |
| | ''eduPersonUniqueId'' [[de:common_attributes#a12|Doku]] | deprecated - der Wert, der vor dem Scope steht, muss identisch mit dem entsprechenden Wert der subject-id sein | | | ''eduPersonUniqueId'' [[de:common_attributes#a12|docs]] (de) | deprecated - the value in front of the scope should - if ever possible - be identical to the value of the subject-id | |
| | <del>''eduPersonPrincipalName''</del> | nicht verwenden! | | | <del>''eduPersonPrincipalName''</del> | do not use! | |
| | <del>''mail''</del> | nicht zur Identifizierung verwenden! | | | <del>''mail''</del> | do not use as identifier! | |
| ^ 1.2 Pairwise / targeted ^^ | ^ 1.2 Pairwise / targeted ^^ |
| | ''urn:oasis:names:tc:SAML:attribute:pairwise-id'' [[de:common_attributes#a17|Doku]] | empfohlen - Stored Id! (plus Scope)| | | ''urn:oasis:names:tc:SAML:attribute:pairwise-id'' [[de:common_attributes#a17|docs]] (de) | recommended - stored Id! (plus scope)| |
| | ''eduPersonTargetedID'' [[de:common_attributes#a11|Doku]] | deprecated - Wert muss identisch mit dem Wert pairwise-id sein, der vor dem Scope steht | | | ''eduPersonTargetedID'' [[de:common_attributes#a11|docs]](de) | deprecated - value should - if ever possible - be identical to the pairwise-id (the part in front of the scope) | |
| | ''persistent Id'' (SAML2 Name ID) | deprecated - Wert muss identisch mit dem Wert der pairwise-id sein, der vor dem Scope steht | | | ''persistent Id'' (SAML2 Name ID) | deprecated - value should - if ever possible - be identical to the pairwise-id (the part in front of the scope) | |
| ^ 1.3 Sonstige ^^ | ^ 1.3 Others ^^ |
| | ''transient Id'' ( SAML2 Name ID) | empfohlen (für Logout benötigt) | | | ''transient Id'' ( SAML2 Name ID) | recommended (required for Logout) | |
| ^ 2. Personennamen ^^ | ^ 2. Person names ^^ |
| | ''displayName'' [[de:common_attributes#a02|Doku]] | empfohlen | | | ''displayName'' [[de:common_attributes#a02|docs]] (de) | recommended | |
| ^ 3. E-Mail-Adresse(n) - nicht als Identifier verwenden! ^^ | ^ 3. Email address(es) - do not use as identifier! ^^ |
| | ''mail'' [[de:common_attributes#a05|Doku]] | empfohlen (idealerweise **ein** Wert) | | | ''mail'' [[de:common_attributes#a05|docs]] (de) | recommended (ideally a single value) | |
| ^ 4. Name der Heimateinrichtung ^^ | ^ 4. Name of the home organization ^^ |
| | ''schacHomeOrganization'' **und** ''o'' Doku zu [[de:common_attributes#a06|o]] und [[de:common_attributes#a18|schacHomeOrganization]]| empfohlen | | | ''schacHomeOrganization'' **and** ''o'' Documentation about [[de:common_attributes#a06|o]] (de) und [[de:common_attributes#a18|schacHomeOrganization]] (de)| recommended | |
| ^ 5. Sonstige Attribute, die grundsätzlich definiert (Attribute Resolver) sein müssen ^^ | ^ 5. Other attributes that have to be defined (Attribute Resolver) ^^ |
| | ''eduPersonAssurance'' [[de:common_attributes#a14|Doku]] | siehe [[https://refeds.org/assurance|REFEDS Assurance Framework]] | | | ''eduPersonAssurance'' [[de:common_attributes#a14|docs]] (de) | see [[https://refeds.org/assurance|REFEDS Assurance Framework]] and [[de:aai:assurance_idp|configuration examples for IdPs]] | |
| | ''eduPersonEntitlement'' [[de:common_attributes#a10|Doku]] || | | ''eduPersonEntitlement'' [[de:common_attributes#a10|docs]] (de) || |
| | ''eduPersonOrcid'' [[de:common_attributes#a13|Doku]] | bleibt ggf. leer | | | ''eduPersonOrcid'' [[de:common_attributes#a13|docs]] (de) | possibly empty | |
| | ''eduPersonScopedAffiliation'' [[de:common_attributes#a09|Doku]] || | | ''eduPersonScopedAffiliation'' [[de:common_attributes#a09|docs]] (de) || |
| | ''schacUserStatus'' [[de:common_attributes#a15|Doku]] | insbes. zur [[de:shibidp:config-deprovisionierung|SP-seitigen Deprovisionierung]]| | | ''schacUserStatus'' [[de:common_attributes#a15|docs]] (de) | for the [[de:shibidp:config-deprovisionierung|deprovisioning of user accounts on SP side]] (de)| |
| |
| {{tag>subjectIdentifierAttributes aaiplus attribute}} | {{tag>subjectIdentifierAttributes aaiplus attribute}} |