Schac attributes
and common vocabularies
TF-EMC2 16-17.10.2006
Mikael Linden
CSC, the Finnish IT Center for Science
Outline





Why vocabularies?
Why cross-national vocabularies?
schac attributes with no vocabulary
schac attributes with obvious vocabulary
Vocabulary definition for HomeOrganizationType,
UniqueCode and UniqueID
 Vocabulary definition for PersonalPosition and
UserStatus
Why vocabularies?
 If we intend to use attributes for authorization, there should be
common understanding on their semantics between the users
(for example, IdPs and SPs)
 for example ”this service is authorised for university students”
 what is a university?
 what is a student?
 eduPerson defines one vocabulary: eduPersonAffiliation
•
•
student/staff/faculty/employee/member/affiliate/alum
(it still leaves the interpretation quite open…)
Why cross-national vocabularies?
 If we are some day going to have cross-national
confederation (e.g. eduGAIN), we need common
vocabularies as part of the schema
 it’s easier to design the vocabularies now, when our
federations are still young
•
later it will be painfull – too many changes to too many
production level systems
 How to define vocabularies in an interoperable but still
flexible way?
No vocabulary, no problem
 schacDateOfBirth
•
for example: 19660412
 schacPlaceOfBirth
•
for example: Algeciras, Spain
 schacSn1, schacSn2
•
for example, Lopez de la Moraleda
 schacPersonalTitle
•
for example, Prof
 schacUserPrecenseID
•
URIs, for example sip:pepe@myweb.com
 schacExpiryDate
•
for example: 20051231125959Z
 schacUserPrivateAttribute
•
for example, mail, telephoneNumber
Vocabulary is obvious (hope so!)
 schacMotherTongue – ISO 639
•
for example, fr, es-ES
 schacGender – ISO 5218
•
1=male, 2=female, 0=not known, 9 = not specified
 schacCountryOfCitizenship – ISO 3166
•
for example, es
 schacHomeOrganization – domain names
•
for example, tut.fi
 schacCountryOfRecidence – ISO 3166
•
for example, es
 schacUUID – UUID defined by RFC 4530
•
for example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6
Outline of the proposed solution
 for HomeOrganizationType, UniqueCode and UniqueID
1. We define an international/EU-wide vocabulary, when we can identify a
common European denominator
2. Additionally, each NREN maintains a national vocabulary for national
extensions
• may delegate namespaces for institutional vocabularies
3. Terena gathers links to the national vocabularies and publishes them in
http://www.terena.nl/registry/terena.org/schac/
•
Benefits
•
•
EU-wide vocabulary understood in every country
National vocabularies make it possible to use and publish national
semantics, even to services in another countries, if necessary
schacHomeOrganizationType
 Purpose: authorization of cross-national services
•
For example, ”for higher education students in any EU country”
 Proposed international/EU vocabulary
PREFIX=urn:mace:terena.org:schac:homeOrganizationType
• PREFIX:eu:higherEducationInstitution
// HE defined by Bologna
• PREFIX:eu:educationInstitution
// other educational institutions
• PREFIX:eu:NREN
// NREN defined by TERENA
• PREFIX:eu:universityHospital
• PREFIX:eu:NRENAffiliate
// organisations part of the
NREN constituency
• Bologna process seems to have no definition for a university
 National extensions, for example in Finland
•
PREFIX:fi:university, PREFIX:fi:polytechnic, PREFIX:fi:researchInstitution,
PREFIX:fi:other
 Terena gathers links to national ”homepages”
•
http://www.terena.nl/registry/terena.org/schac/homeorgtype/
schacPersonalUniqueID
 National identification number/social security number
 assigned by national governments, each country (except Germany)
has at least one
 considered as sensitive in many countries (strong identifier)
 each NREN maintains the national namespace
•
for example the Finnish Identification Code (FIC)
urn:mace:terena.org:schac:personalUniqueID:fi:FIC:010161-123L
 Terena gathers links to national ”homepages”:
http://www.terena.nl/registry/terena.org/schac/personalUniqueID/
schacPersonalUniqueCode
 Local (=not government-assigned) identification codes
•
•
Student number, Library patron number, etc
Notice: employeeNumber is already defined by InetOrgPerson
 One international namespace proposed for a student number
•
•
•
to make student numbers understood automatically between countries
urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:‹tld›:‹code›
for example,
urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:tut.fi:159345
 for other local identifiers, each NREN maintains the national
namespace
 Terena gathers links to national ”homepages”:
http://www.terena.nl/registry/terena.org/schac/personalUniqueCode/
The rest two without separate namespace
maintenance
schacPersonalPosition
 defines a personal position in an institution
 for example,
urn:mace:terena.org:schac:personalPosition:umk.pl:programmer
 to manage namespace, it is recommended to use domain name after
the prefix (urn:mace:terena.org:schac:personalPosition)
schacUserStatus
 specifies persons status as a user of services
 for example,
urn:mace:terena.org:schac:userStatus:uma.es:affiliation:expired
urn:mace:terena.org:schac:userStatus:uma.es:sendMail:expired
urn:mace:terena.org:schac:userStatus:uma.es:getMail:active
 to manage namespace, it is recommended to use domain name after
the prefix (urn:mace:terena.org:schac:userStatus)