SlideShare uma empresa Scribd logo

20230922 - ACAMP session on moving from eduPersonTargetedID to Subject Identifier.pptx

Transferir como PPTX, PDF
J
Jon Agland

Moving from eduPersonTargetedId to SAML Subject Identifier/Pairwise Identifer

Tecnologia
1 de 21
Moving from eduPersonTargetedId to SAML Subject Identifier/Pairwise Identifier? Jon Agland Trust and Identity, Jisc Internet2 ACAMP 2023 (Unconference session) 2023-09-22 [Slides based on a 2021 presentation, to aid discussion]
Subject Identifiers in the UK federation Subject Identifiers in the UK federation 2 • Background (What are they, existing, the new standard, problems) • Supporting the new standard as IdP (first) • Supporting the new standard as SP (later) • Supporting the new standard as a federation operator
What are Subject Identifiers? Subject - a person or thing that is being discussed, described, or dealt with. Identifier - a person or thing that identifies someone or something. Subject Identifiers in the UK federation 3
Existing Subject Identifiers in the federation From the eduPersonSchema [1] eduPersonTargetedID is an abstracted version of the SAML V2.0 Name Identifier format of "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" eduPersonPrincipalName is a scoped identifier for a person. It should be represented in the form "user@scope" where 'user' is a name-based identifier for the person. Each value of 'scope' defines a namespace within which the assigned identifiers MUST be unique [1] https://wiki.refeds.org/display/STAN/eduPerson Subject Identifiers in the UK federation 4
Further identifiers in the federation eduPersonNamePrincipalPrior  multi-valued  only one SP has this a Requested Attribute eduPersonUniqueID  appeared in 2013, low take-up  indication that 59 SPs have Requested Attributes for this  Only one of those directly registered in the UK federation.  [1] https://wiki.refeds.org/display/STAN/eduPerson Subject Identifiers in the UK federation 5
Requested Attribute as an indicator Requested Attributes as a (bad!) indicator of attribute usage... eduPersonTargetedID - 674 eduPersonPrinicpalName - 1269 • Federation default policy – advises release of both these by IdPs to SPs • Only 378 of 1731 SPs in the UK federation have Requested Attributes in their metadata. Subject Identifiers in the UK federation 6
Existing Subject Identifiers in SAML Subject Identifiers in the UK federation 7 Name Identifiers  Some commonly used NameIDs  urn:oasis:names:tc:SAML:2.0:nameid-format:persistent  urn:oasis:names:tc:SAML:2.0:nameid-format:transient  urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress  An IdP in the UK federation will typically release  Transient in the Subject  Persistent in a SAML Attribute (eduPersonTargetedID)
Email Address as an Identifier Subject Identifiers in the UK federation 8  Not guaranteed unique to a subject  e.g. service@ukfederation.org.uk  Maybe be re-assigned  e.g. vc@camford.ac.uk  e.g. joe.bloggs@camford.ac.uk  Life events or affiliation may change it  Not always assigned by institution  May not be validated  https://spaces.at.internet2.edu/display/federation/why-is-email- not-an-appropriate-user-identifier  Hear our war story! "Return To Sender" by pheezy is licensed under CC BY 2.0
New Standard – SAML Subject Identifiers Subject Identifiers in the UK federation 9 Two new SAML Attributes defined in a new standard [1]  urn:oasis:names:tc:SAML:attribute:subject-id  bob123132@example.ac.uk  Alignment with eduPersonUniqueID  urn:oasis:names:tc:SAML:attribute:pairwise-id  NVSXE2DNMFZWIZ3BONSGO2DBONSGOCQ=@example.ac.uk  Hang on this looks familiar? SAML1/eduPerson mace-dir/eduPersonTargetedID.old  Review the problem statement in the standard.  [1] http://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/saml-subject-id-attr-v1.0.html
Drivers – SAML Subject Identifiers Subject Identifiers in the UK federation 10 • New standard has been ratified for over two years. • Use cases are coming... • eduPerson 2020-01 marks existing identifier as deprecated • eduPersonTargetedID is DEPRECATED and will be marked as obsolete in a future version of this specification. • New REFEDS Research and Scholarship v2.0 entity category • Nearing consultation, will require the new SAML Subject Identifier. • Research intensive organisations, may need to support the new standard sooner. • Shibboleth project deprecating • Stay of execution in v5 (marked as deprecated?) "Winter is Coming" by Trey Ratcliff is licensed under CC BY-NC-SA 2.0
https://xkcd.com/927/ eduPersonTargetedID is dead, long live eduPersonTargetedID Subject Identifiers in the UK federation 11 2023 – NOT FOR MUCH LONGER
One existing problem - Case sensitivity • Existing Identifiers may be using case sensitive values • Existing Shibboleth IdPs, Base64, ComputedID StoredID. • How does an SP handle this scenario? https://idp.example.ac.uk/idp!https://sp.example.org/sp!bWVyaG1hc2RnYXNkZ2hhc2RnCg== https://idp.example.ac.uk/idp!https://sp.example.org/sp!BWVYAG1HC2RNYXNKZ2HHC2RNCG== • New(er) Shibboleth IdPs deployers should use Base32. • SPs can test with the UK federation Test IdP (accounts Yanny and Laurel) [1] [1] https://www.ukfederation.org.uk/content/Documents/TestIdP Subject Identifiers in the UK federation 12
Supporting the SAML subject identifiers - IdPs Subject Identifiers in the UK federation 13 A fresh start?  If your existing ComputedID connector uses Base64, then you should.  Change to Base32  Change source attribute  ObjectGUID, ObjectSid – these tie you heavily to Microsoft Active Directory, Binary Attributes tricky to handle  uid, sAMAccountName, userPrincipalName, cn, mail – all potentially affected by changes of name, affiliation  employee and student number – on the face of it, a great choice as a source pairwise-id  What source for subject-id?
Two more questions for IdPs (another poll!)  What source attribute would you use for subject-id?  (urn:oasis:names:tc:SAML:attribute:subject-id)  What source attribute would you use for pairwise-id? (urn:oasis:names:tc:SAML:attribute:pairwise-id) Subject Identifiers in the UK federation 14
Signalling Subject Identifiers in the UK federation 15 We talked about Requested Attributes.. • SPs signalling what attributes they support/require using Requested Attributes • Existing Requested Attributes are another problem • Can’t say "I’d like one of eduPersonPrincipalName, eduPersonTargetedID or mail (Email address) please?" • Can only say "these are required, these are not required/optional" • New entity category has options of pairwise-id, subject-id, any or none • How do IdP operators feel about subject-id being auto released? • Will you being using an attribute containing personal information? • Quick poll..
entityIDs vs scopes Subject Identifiers in the UK federation 16  Existing SAML attributes are tied based on entityID - another problem!  Deployment of the new Subject Identifiers  Will eventually free us from the tie of the entityID  Will tie us instead to the scope  In the meantime, we will be tied to both?  Aren't we already?  Scopes  A single scope can be asserted by multiple IdPs  IdPs can assert multiple scopes (depending on their software/configuration)  Scopes and the domains they represent are verified for compliance with our metadata registration practice statement [1] [1] https://docs.ukfederation.org.uk/mdrps/
Supporting the SAML subject identifiers - SP Subject Identifiers in the UK federation 17  No personalisation, no worries?  Possibly one, reporting may show more unique users.
Supporting the SAML subject identifiers - SP Subject Identifiers in the UK federation 18 Maintaining Personalisation  Problem of mapping X to Y in a lot of cases  https://idp.example.ac.uk/idp!https://sp.example.org/sp!bWVyaG1hc2RnYXNkZ2hhc2RnCg==  NVSXE2DNMFZWIZ3BONSGO2DBONSGOCQ=@example.ac.uk  Will likely need co-ordination between IdP and SP  Might need to share and log the most recent Assertion ID to aid this process.  Attribute priority might need to be done per customer, rather than per service?  In the Shibboleth SP REMOTE_USER vs Attribute itself
Supporting the SAML subject identifiers - SP Subject Identifiers in the UK federation 19 Building a new SP  If I was deploying an SP today and required personalisation attributes..  urn:oasis:names:tc:SAML:attribute:subject-id fallback to eduPersonPrincipalName  urn:oasis:names:tc:SAML:attribute:pairwise-id fallback to eduPersonTargetedID • urn:oasis:names:tc:SAML:attribute:pairwise-id fallback to eduPersonPrincipalName  Handy if your end application can’t handle SPentityID!IdPentityID!value
Supporting the SAML subject identifiers – UK federation  What do we need to do?  Build the new entity category support into our tooling, so that SPs can signal their support  Setup IdP test accounts that release pairwise-id and subject-id  Test SP and attribute viewer  Might be additional entityIDs based on the four values of the entity attribute  Guidance/documentation for Shibboleth IdP and SP operators  Your thoughts and feedback? Subject Identifiers in the UK federation 20
Two questions for IdPs? Subject Identifiers in the UK federation 21 • How are you deriving eduPersonTargetedID? • (what is the source attribute) • Or persistent-name-id • How are you deriving eduPersonPrincipalName? • (what is the source attribute)?

Recomendados

OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OpenIDFoundation
 
Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...
Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...
Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...Alasdair Gray
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
Application development with Oracle NoSQL Database 3.0
Application development with Oracle NoSQL Database 3.0Application development with Oracle NoSQL Database 3.0
Application development with Oracle NoSQL Database 3.0Anuj Sahni
 
1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case Study1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case StudyJISC.AM
 
CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...
CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...
CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...Syed Ahmad Chan Bukhari, PhD
 
Web Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and SimplicityWeb Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and Simplicityhannonhill
 
AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...
AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...
AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...Amazon Web Services
 

Recomendados

OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OpenIDFoundation
 
Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...
Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...
Tutorial: Describing Datasets with the Health Care and Life Sciences Communit...Alasdair Gray
 
CANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethCANARIE - What Do I Need to Connect with eduroam and Shibboleth
CANARIE - What Do I Need to Connect with eduroam and ShibbolethChris Phillips
 
Application development with Oracle NoSQL Database 3.0
Application development with Oracle NoSQL Database 3.0Application development with Oracle NoSQL Database 3.0
Application development with Oracle NoSQL Database 3.0Anuj Sahni
 
1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case Study1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case StudyJISC.AM
 
CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...
CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...
CEDAR: Easing Authoring of Metadata to Make Biomedical Data Sets More Findabl...Syed Ahmad Chan Bukhari, PhD
 
Web Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and SimplicityWeb Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and Simplicityhannonhill
 
AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...
AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...
AWS re:Invent 2016: Zillow Group: Developing Classification and Recommendatio...Amazon Web Services
 
Sem tech 2011 v8
Sem tech 2011 v8Sem tech 2011 v8
Sem tech 2011 v8dallemang
 
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...Digitised Manuscripts to Europeana
 
DataScience SG | Undergrad Series | 26th Sep 19
DataScience SG | Undergrad Series | 26th Sep 19DataScience SG | Undergrad Series | 26th Sep 19
DataScience SG | Undergrad Series | 26th Sep 19Yong Siang (Ivan) Tan
 
PerformanceSCORM
PerformanceSCORMPerformanceSCORM
PerformanceSCORMopenforum
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestChris Phillips
 
C4l2008charper
C4l2008charperC4l2008charper
C4l2008charpercharper
 
Modeling Tricks My Relational Database Never Taught Me
Modeling Tricks My Relational Database Never Taught MeModeling Tricks My Relational Database Never Taught Me
Modeling Tricks My Relational Database Never Taught MeDavid Boike
 
Mark logic text analytics
Mark logic text analyticsMark logic text analytics
Mark logic text analyticsFernando Mesa
 
Paper presentation
Paper presentationPaper presentation
Paper presentationK.K. Tripathi
 
Bacnet for field technicians
Bacnet for field techniciansBacnet for field technicians
Bacnet for field techniciansJuan Taveras
 
Virtuoso -- The Prometheus of RDF
Virtuoso -- The Prometheus of RDFVirtuoso -- The Prometheus of RDF
Virtuoso -- The Prometheus of RDFOpenLink Software
 
Elastic @ Adobe: Making Search Smarter with Machine Learning at Scale
Elastic @ Adobe: Making Search Smarter with Machine Learning at ScaleElastic @ Adobe: Making Search Smarter with Machine Learning at Scale
Elastic @ Adobe: Making Search Smarter with Machine Learning at ScaleElasticsearch
 
How Linked Data Can Speed Information Discovery
How Linked Data Can Speed Information DiscoveryHow Linked Data Can Speed Information Discovery
How Linked Data Can Speed Information DiscoveryAlex Meadows
 
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference KeynoteKingsley Uyi Idehen
 
20th Feb 2020 json-ld-rdf-im-proposal.pdf
20th Feb 2020 json-ld-rdf-im-proposal.pdf20th Feb 2020 json-ld-rdf-im-proposal.pdf
20th Feb 2020 json-ld-rdf-im-proposal.pdfMichal Miklas
 
Off-Label Data Mesh: A Prescription for Healthier Data
Off-Label Data Mesh: A Prescription for Healthier DataOff-Label Data Mesh: A Prescription for Healthier Data
Off-Label Data Mesh: A Prescription for Healthier DataHostedbyConfluent
 
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and SparkVital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and SparkVital.AI
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docxhoney725342
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)Odinot Stanislas
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 

Mais conteúdo relacionado

Semelhante a 20230922 - ACAMP session on moving from eduPersonTargetedID to Subject Identifier.pptx

Sem tech 2011 v8
Sem tech 2011 v8Sem tech 2011 v8
Sem tech 2011 v8dallemang
 
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...Digitised Manuscripts to Europeana
 
DataScience SG | Undergrad Series | 26th Sep 19
DataScience SG | Undergrad Series | 26th Sep 19DataScience SG | Undergrad Series | 26th Sep 19
DataScience SG | Undergrad Series | 26th Sep 19Yong Siang (Ivan) Tan
 
PerformanceSCORM
PerformanceSCORMPerformanceSCORM
PerformanceSCORMopenforum
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestChris Phillips
 
C4l2008charper
C4l2008charperC4l2008charper
C4l2008charpercharper
 
Modeling Tricks My Relational Database Never Taught Me
Modeling Tricks My Relational Database Never Taught MeModeling Tricks My Relational Database Never Taught Me
Modeling Tricks My Relational Database Never Taught MeDavid Boike
 
Mark logic text analytics
Mark logic text analyticsMark logic text analytics
Mark logic text analyticsFernando Mesa
 
Bacnet for field technicians
Bacnet for field techniciansBacnet for field technicians
Bacnet for field techniciansJuan Taveras
 
Virtuoso -- The Prometheus of RDF
Virtuoso -- The Prometheus of RDFVirtuoso -- The Prometheus of RDF
Virtuoso -- The Prometheus of RDFOpenLink Software
 
Elastic @ Adobe: Making Search Smarter with Machine Learning at Scale
Elastic @ Adobe: Making Search Smarter with Machine Learning at ScaleElastic @ Adobe: Making Search Smarter with Machine Learning at Scale
Elastic @ Adobe: Making Search Smarter with Machine Learning at ScaleElasticsearch
 
How Linked Data Can Speed Information Discovery
How Linked Data Can Speed Information DiscoveryHow Linked Data Can Speed Information Discovery
How Linked Data Can Speed Information DiscoveryAlex Meadows
 
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference KeynoteKingsley Uyi Idehen
 
20th Feb 2020 json-ld-rdf-im-proposal.pdf
20th Feb 2020 json-ld-rdf-im-proposal.pdf20th Feb 2020 json-ld-rdf-im-proposal.pdf
20th Feb 2020 json-ld-rdf-im-proposal.pdfMichal Miklas
 
Off-Label Data Mesh: A Prescription for Healthier Data
Off-Label Data Mesh: A Prescription for Healthier DataOff-Label Data Mesh: A Prescription for Healthier Data
Off-Label Data Mesh: A Prescription for Healthier DataHostedbyConfluent
 
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and SparkVital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and SparkVital.AI
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docxhoney725342
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)Odinot Stanislas
 

Semelhante a 20230922 - ACAMP session on moving from eduPersonTargetedID to Subject Identifier.pptx (20)

Sem tech 2011 v8
Sem tech 2011 v8Sem tech 2011 v8
Sem tech 2011 v8
 
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
DM2E Project meeting Bergen: WP2 RDF Validation, Kai Eckert (University of Ma...
 
DataScience SG | Undergrad Series | 26th Sep 19
DataScience SG | Undergrad Series | 26th Sep 19DataScience SG | Undergrad Series | 26th Sep 19
DataScience SG | Undergrad Series | 26th Sep 19
 
PerformanceSCORM
PerformanceSCORMPerformanceSCORM
PerformanceSCORM
 
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interestCANARIE Eduroam and Shibboleth Lessons & Areas of interest
CANARIE Eduroam and Shibboleth Lessons & Areas of interest
 
C4l2008charper
C4l2008charperC4l2008charper
C4l2008charper
 
Modeling Tricks My Relational Database Never Taught Me
Modeling Tricks My Relational Database Never Taught MeModeling Tricks My Relational Database Never Taught Me
Modeling Tricks My Relational Database Never Taught Me
 
Mark logic text analytics
Mark logic text analyticsMark logic text analytics
Mark logic text analytics
 
Paper presentation
Paper presentationPaper presentation
Paper presentation
 
Bacnet for field technicians
Bacnet for field techniciansBacnet for field technicians
Bacnet for field technicians
 
Virtuoso -- The Prometheus of RDF
Virtuoso -- The Prometheus of RDFVirtuoso -- The Prometheus of RDF
Virtuoso -- The Prometheus of RDF
 
Elastic @ Adobe: Making Search Smarter with Machine Learning at Scale
Elastic @ Adobe: Making Search Smarter with Machine Learning at ScaleElastic @ Adobe: Making Search Smarter with Machine Learning at Scale
Elastic @ Adobe: Making Search Smarter with Machine Learning at Scale
 
How Linked Data Can Speed Information Discovery
How Linked Data Can Speed Information DiscoveryHow Linked Data Can Speed Information Discovery
How Linked Data Can Speed Information Discovery
 
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
Virtuoso, The Prometheus of RDF -- Sematics 2014 Conference Keynote
 
20th Feb 2020 json-ld-rdf-im-proposal.pdf
20th Feb 2020 json-ld-rdf-im-proposal.pdf20th Feb 2020 json-ld-rdf-im-proposal.pdf
20th Feb 2020 json-ld-rdf-im-proposal.pdf
 
Off-Label Data Mesh: A Prescription for Healthier Data
Off-Label Data Mesh: A Prescription for Healthier DataOff-Label Data Mesh: A Prescription for Healthier Data
Off-Label Data Mesh: A Prescription for Healthier Data
 
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and SparkVital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
Vital AI MetaQL: Queries Across NoSQL, SQL, Sparql, and Spark
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
 
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
1 Exploratory Data Analysis (EDA) by Melvin Ott, PhD.docx
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)
 

Último

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 

Último (20)

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 

20230922 - ACAMP session on moving from eduPersonTargetedID to Subject Identifier.pptx

  • 1. Moving from eduPersonTargetedId to SAML Subject Identifier/Pairwise Identifier? Jon Agland Trust and Identity, Jisc Internet2 ACAMP 2023 (Unconference session) 2023-09-22 [Slides based on a 2021 presentation, to aid discussion]
  • 2. Subject Identifiers in the UK federation Subject Identifiers in the UK federation 2 • Background (What are they, existing, the new standard, problems) • Supporting the new standard as IdP (first) • Supporting the new standard as SP (later) • Supporting the new standard as a federation operator
  • 3. What are Subject Identifiers? Subject - a person or thing that is being discussed, described, or dealt with. Identifier - a person or thing that identifies someone or something. Subject Identifiers in the UK federation 3
  • 4. Existing Subject Identifiers in the federation From the eduPersonSchema [1] eduPersonTargetedID is an abstracted version of the SAML V2.0 Name Identifier format of "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" eduPersonPrincipalName is a scoped identifier for a person. It should be represented in the form "user@scope" where 'user' is a name-based identifier for the person. Each value of 'scope' defines a namespace within which the assigned identifiers MUST be unique [1] https://wiki.refeds.org/display/STAN/eduPerson Subject Identifiers in the UK federation 4
  • 5. Further identifiers in the federation eduPersonNamePrincipalPrior  multi-valued  only one SP has this a Requested Attribute eduPersonUniqueID  appeared in 2013, low take-up  indication that 59 SPs have Requested Attributes for this  Only one of those directly registered in the UK federation.  [1] https://wiki.refeds.org/display/STAN/eduPerson Subject Identifiers in the UK federation 5
  • 6. Requested Attribute as an indicator Requested Attributes as a (bad!) indicator of attribute usage... eduPersonTargetedID - 674 eduPersonPrinicpalName - 1269 • Federation default policy – advises release of both these by IdPs to SPs • Only 378 of 1731 SPs in the UK federation have Requested Attributes in their metadata. Subject Identifiers in the UK federation 6
  • 7. Existing Subject Identifiers in SAML Subject Identifiers in the UK federation 7 Name Identifiers  Some commonly used NameIDs  urn:oasis:names:tc:SAML:2.0:nameid-format:persistent  urn:oasis:names:tc:SAML:2.0:nameid-format:transient  urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress  An IdP in the UK federation will typically release  Transient in the Subject  Persistent in a SAML Attribute (eduPersonTargetedID)
  • 8. Email Address as an Identifier Subject Identifiers in the UK federation 8  Not guaranteed unique to a subject  e.g. service@ukfederation.org.uk  Maybe be re-assigned  e.g. vc@camford.ac.uk  e.g. joe.bloggs@camford.ac.uk  Life events or affiliation may change it  Not always assigned by institution  May not be validated  https://spaces.at.internet2.edu/display/federation/why-is-email- not-an-appropriate-user-identifier  Hear our war story! "Return To Sender" by pheezy is licensed under CC BY 2.0
  • 9. New Standard – SAML Subject Identifiers Subject Identifiers in the UK federation 9 Two new SAML Attributes defined in a new standard [1]  urn:oasis:names:tc:SAML:attribute:subject-id  bob123132@example.ac.uk  Alignment with eduPersonUniqueID  urn:oasis:names:tc:SAML:attribute:pairwise-id  NVSXE2DNMFZWIZ3BONSGO2DBONSGOCQ=@example.ac.uk  Hang on this looks familiar? SAML1/eduPerson mace-dir/eduPersonTargetedID.old  Review the problem statement in the standard.  [1] http://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/saml-subject-id-attr-v1.0.html
  • 10. Drivers – SAML Subject Identifiers Subject Identifiers in the UK federation 10 • New standard has been ratified for over two years. • Use cases are coming... • eduPerson 2020-01 marks existing identifier as deprecated • eduPersonTargetedID is DEPRECATED and will be marked as obsolete in a future version of this specification. • New REFEDS Research and Scholarship v2.0 entity category • Nearing consultation, will require the new SAML Subject Identifier. • Research intensive organisations, may need to support the new standard sooner. • Shibboleth project deprecating • Stay of execution in v5 (marked as deprecated?) "Winter is Coming" by Trey Ratcliff is licensed under CC BY-NC-SA 2.0
  • 11. https://xkcd.com/927/ eduPersonTargetedID is dead, long live eduPersonTargetedID Subject Identifiers in the UK federation 11 2023 – NOT FOR MUCH LONGER
  • 12. One existing problem - Case sensitivity • Existing Identifiers may be using case sensitive values • Existing Shibboleth IdPs, Base64, ComputedID StoredID. • How does an SP handle this scenario? https://idp.example.ac.uk/idp!https://sp.example.org/sp!bWVyaG1hc2RnYXNkZ2hhc2RnCg== https://idp.example.ac.uk/idp!https://sp.example.org/sp!BWVYAG1HC2RNYXNKZ2HHC2RNCG== • New(er) Shibboleth IdPs deployers should use Base32. • SPs can test with the UK federation Test IdP (accounts Yanny and Laurel) [1] [1] https://www.ukfederation.org.uk/content/Documents/TestIdP Subject Identifiers in the UK federation 12
  • 13. Supporting the SAML subject identifiers - IdPs Subject Identifiers in the UK federation 13 A fresh start?  If your existing ComputedID connector uses Base64, then you should.  Change to Base32  Change source attribute  ObjectGUID, ObjectSid – these tie you heavily to Microsoft Active Directory, Binary Attributes tricky to handle  uid, sAMAccountName, userPrincipalName, cn, mail – all potentially affected by changes of name, affiliation  employee and student number – on the face of it, a great choice as a source pairwise-id  What source for subject-id?
  • 14. Two more questions for IdPs (another poll!)  What source attribute would you use for subject-id?  (urn:oasis:names:tc:SAML:attribute:subject-id)  What source attribute would you use for pairwise-id? (urn:oasis:names:tc:SAML:attribute:pairwise-id) Subject Identifiers in the UK federation 14
  • 15. Signalling Subject Identifiers in the UK federation 15 We talked about Requested Attributes.. • SPs signalling what attributes they support/require using Requested Attributes • Existing Requested Attributes are another problem • Can’t say "I’d like one of eduPersonPrincipalName, eduPersonTargetedID or mail (Email address) please?" • Can only say "these are required, these are not required/optional" • New entity category has options of pairwise-id, subject-id, any or none • How do IdP operators feel about subject-id being auto released? • Will you being using an attribute containing personal information? • Quick poll..
  • 16. entityIDs vs scopes Subject Identifiers in the UK federation 16  Existing SAML attributes are tied based on entityID - another problem!  Deployment of the new Subject Identifiers  Will eventually free us from the tie of the entityID  Will tie us instead to the scope  In the meantime, we will be tied to both?  Aren't we already?  Scopes  A single scope can be asserted by multiple IdPs  IdPs can assert multiple scopes (depending on their software/configuration)  Scopes and the domains they represent are verified for compliance with our metadata registration practice statement [1] [1] https://docs.ukfederation.org.uk/mdrps/
  • 17. Supporting the SAML subject identifiers - SP Subject Identifiers in the UK federation 17  No personalisation, no worries?  Possibly one, reporting may show more unique users.
  • 18. Supporting the SAML subject identifiers - SP Subject Identifiers in the UK federation 18 Maintaining Personalisation  Problem of mapping X to Y in a lot of cases  https://idp.example.ac.uk/idp!https://sp.example.org/sp!bWVyaG1hc2RnYXNkZ2hhc2RnCg==  NVSXE2DNMFZWIZ3BONSGO2DBONSGOCQ=@example.ac.uk  Will likely need co-ordination between IdP and SP  Might need to share and log the most recent Assertion ID to aid this process.  Attribute priority might need to be done per customer, rather than per service?  In the Shibboleth SP REMOTE_USER vs Attribute itself
  • 19. Supporting the SAML subject identifiers - SP Subject Identifiers in the UK federation 19 Building a new SP  If I was deploying an SP today and required personalisation attributes..  urn:oasis:names:tc:SAML:attribute:subject-id fallback to eduPersonPrincipalName  urn:oasis:names:tc:SAML:attribute:pairwise-id fallback to eduPersonTargetedID • urn:oasis:names:tc:SAML:attribute:pairwise-id fallback to eduPersonPrincipalName  Handy if your end application can’t handle SPentityID!IdPentityID!value
  • 20. Supporting the SAML subject identifiers – UK federation  What do we need to do?  Build the new entity category support into our tooling, so that SPs can signal their support  Setup IdP test accounts that release pairwise-id and subject-id  Test SP and attribute viewer  Might be additional entityIDs based on the four values of the entity attribute  Guidance/documentation for Shibboleth IdP and SP operators  Your thoughts and feedback? Subject Identifiers in the UK federation 20
  • 21. Two questions for IdPs? Subject Identifiers in the UK federation 21 • How are you deriving eduPersonTargetedID? • (what is the source attribute) • Or persistent-name-id • How are you deriving eduPersonPrincipalName? • (what is the source attribute)?

Notas do Editor

  1. * Attribute generated by the Directory Service (objectGUID, objectSid)? * Attribute based on the Users firstname/surname (uid, sAMAccountName, userPrincipalName, cn, mail)? * Attribute based on an organisation identifier (employee number, student number)? * Other?
  2. How are you deriving eduPersonTargetedID? (what is the source attribute) * Attribute generated by the Directory Service (objectGUID, objectSid)? * Attribute based on the Users firstname/surname (uid, sAMAccountName, userPrincipalName, cn, mail)? * Attribute based on an organisation identifier (employee number, student number)? * Other? How are you deriving eduPersonPrincipalName (what is the source attribute)? * Attribute generated by the Directory Service (objectGUID, objectSid)? * Attribute based on the Users firstname/surname (uid, sAMAccountName, userPrincipalName, cn, mail)? * Attribute based on an organisation identifier (employee number, student number)? * Other?