Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID

eduPerson & eduOrg Documentation

  • MACE administers OIDs for Internet2. This page lists OIDs currently assigned to eduPerson and eduOrg. General information about the registry, and the complete list of MACE-administered OIDs, is available here.
     

eduPerson Release History

 

eduPerson (201602) (supports ORCID Identifiers)

eduPerson (201310)

eduPerson (201203)

The Internet2 MACE-Dir Working Group has released this new (201203) version of the eduPerson specification. This principal change in this version is the clarification on eduPersonAffiliation values, modernization and simplification of eduPersonPrincipalName notes, and the addition of a references section.

Development of this specification was supported with funding from Internet2.

eduPerson (200806)

The Internet2 MACE-Dir Working Group has released this new (200806) version of the eduPerson specification. This principal change in this version is the addition of a new attribute: eduPersonAssurance. This multi-valued attribute represents identity assurance profiles (IAPs), which are the set of standards that are met by an identity assertion, based on the Identity Provider's identity management processes, the type of authentication credential used, the strength of its binding, etc.

Development of this specification was supported with funding from Internet2, EDUCAUSE, and the NSF Middleware Initiative (Cooperative Agreement No. ANI-0330626). For more details please see the NMI Enterprise and Desktop Integration Technologies (EDIT) site.

eduPerson (200712)

The Internet2 MACE-Dir Working Group has released this new (200712) version of the eduPerson specification. This version does not add any new attributes. The changes are limited to the addition of "library-walk-in" to "permissible values" and the addition of explanatory notes on "library-walk-in" in section 2.2.1, "eduPersonAffiliation" and in section 2.2.6, "eduPersonPrimaryAffiliation."

Development of this specification was supported with funding from Internet2, EDUCAUSE, and the NSF Middleware Initiative (Cooperative Agreement No. ANI-0330626). For more details please see the NMI Enterprise and Desktop Integration Technologies (EDIT) site.

eduPerson (200604)

The Internet2 MACE-Dir Working Group has released this new (200604) version of the eduPerson specification. This version does not add any new attributes. The changes are limited to clarifications and further specifications on three attributes, eduPersonPrincipalName, eduPersonScopedAffiliation and eduPersonTargetedID. eduPersonPrincipalName and eduPersonScopedAffiliation have a syntax with the general form "user"@"scope". In this draft, the syntax rules are clarified to specify that the first occurrence of "@" from the left delimits the two sub-components, user and scope. eduPersonTargetedID offers a way for pairings of identity providers and service providers to share unique, persistent identifiers about people in a way that avoids the privacy loss that would come from the use of a single, globally unique and persistent identifier for a given person. The new language in the specification offers guidance on sound practices for constructing values for this attribute that aligns with emerging standards for federated identity management.

Development of this specification was supported with funding from Internet2, EDUCAUSE, and the NSF Middleware Initiative (Cooperative Agreement No. ANI-0330626). For more details please see the NMI Enterprise and Desktop Integration Technologies (EDIT) site.

eduPerson (200312)

This is the previous production-ready specification for the eduPerson object class, the latest version being eduPerson (200505) (see above).

eduPerson (200210)

This is the previous production-ready specification for the eduPerson object class. The eduPerson attributes are listed first, followed by the attributes defined in earlier object classes, in alphabetical order by attribute name.

eduOrg (200210)

eduOrg (200210) associates attributes to institutions, such as management and security policies, and can be used to discern the organizational structure of a college, for example.

eduPerson 1.0

This was the first formally released version of the object class.

*LDIF (Lightweight Directory Interchange Format) is an ASCII file format that LDAP servers can import and export. The above LDIF files, when imported into an LDAP server will define the object class and its attributes so that the directory administrator can use them with new directory entries.

[7 KB PDF]  
[38 KB PDF]  

Background Materials

  • [25 KB DOC]


     

    K. Hazelton Presentation to the Net@EDU PKI Working Group, Tempe AZ, 8 Feb 2000


    [37 KB PPT]

eduPerson/eduOrg Object Identifier (OID) Registrations (45.0 KB)