eduPersonScopedAffiliation
| dev |
|---|
eduPersonScopedAffiliation specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. The values consist of a left and right component separated by an "@" sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary.This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName since both identify a security domain.
Permissible values
eduPersonScopedAffiliation is a multi-valued string attribute. The UCLA identity provider asserts the following possible values within this attribute:
faculty@ucla.edu
staff@ucla.edu
employee@ucla.edu
student@ucla.edu
member@ucla.edu
affiliate@ucla.edu
Remark
eduPersonScopedAffiliation is a calculated attribute based on data in the Enterprise Directory.
to do: explain data calculation logic.
Release Policy
UCLA does not by default release this attribute to service providers. Each service provider is required to submit a request for data access and is subject to data privacy review from campus data stewards.
For additional information, please contact Albert Wu
See Also
The Official eduPerson Object Class Definition
eduPersonAffiliation
eduPersonPrincipalName
Usage
This is the usage of this attribute in the AAP.xml file. For more information about AAP configuration please visit AAP Configuration.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<AttributeRule Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" Scoped="true" CaseSensitive="false" Header="SHIBEPAFFILIATION" Alias="affiliation">
<!-- Filtering rule to limit values to eduPerson-defined enumeration. -->
<AnySite>
<Value>MEMBER</Value>
<Value>FACULTY</Value>
<Value>STUDENT</Value>
<Value>STAFF</Value>
<Value>ALUM</Value>
<Value>AFFILIATE</Value>
<Value>EMPLOYEE</Value>
</AnySite>
</AttributeRule>
|