Schac attributes and common vocabularies
11
Schac attributes and common vocabularies TF-EMC2 16-17.10.2006 Mikael Linden CSC, the Finnish IT Center for Science
description
Schac attributes and common vocabularies. TF-EMC2 16-17.10.2006 Mikael Linden CSC, the Finnish IT Center for Science. Outline. Why vocabularies? Why cross-national vocabularies? schac attributes with no vocabulary schac attributes with obvious vocabulary - PowerPoint PPT Presentation
Transcript of Schac attributes and common vocabularies
Schac attributes and common vocabularies
TF-EMC2 16-17.10.2006
Mikael Linden
CSC, the Finnish IT Center for Science
Outline
Why vocabularies? Why cross-national vocabularies? schac attributes with no vocabulary schac attributes with obvious vocabulary Vocabulary definition for HomeOrganizationType,
UniqueCode and UniqueID Vocabulary definition for PersonalPosition and
UserStatus
Why vocabularies?
If we intend to use attributes for authorization, there should be common understanding on their semantics between the users (for example, IdPs and SPs)
for example ”this service is authorised for university students” what is a university? what is a student?
eduPerson defines one vocabulary: eduPersonAffiliation• student/staff/faculty/employee/member/affiliate/alum• (it still leaves the interpretation quite open…)
Why cross-national vocabularies?
If we are some day going to have cross-national confederation (e.g. eduGAIN), we need common vocabularies as part of the schema
it’s easier to design the vocabularies now, when our federations are still young
• later it will be painfull – too many changes to too many production level systems
How to define vocabularies in an interoperable but still flexible way?
No vocabulary, no problem
schacDateOfBirth• for example: 19660412
schacPlaceOfBirth• for example: Algeciras, Spain
schacSn1, schacSn2• for example, Lopez de la Moraleda
schacPersonalTitle• for example, Prof
schacUserPrecenseID• URIs, for example sip:[email protected]
schacExpiryDate• for example: 20051231125959Z
schacUserPrivateAttribute• for example, mail, telephoneNumber
Vocabulary is obvious (hope so!)
schacMotherTongue – ISO 639• for example, fr, es-ES
schacGender – ISO 5218• 1=male, 2=female, 0=not known, 9 = not specified
schacCountryOfCitizenship – ISO 3166• for example, es
schacHomeOrganization – domain names• for example, tut.fi
schacCountryOfRecidence – ISO 3166• for example, es
schacUUID – UUID defined by RFC 4530• for example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6
Outline of the proposed solution
for HomeOrganizationType, UniqueCode and UniqueID1. We define an international/EU-wide vocabulary, when we can identify a
common European denominator
2. Additionally, each NREN maintains a national vocabulary for national extensions
• may delegate namespaces for institutional vocabularies
3. Terena gathers links to the national vocabularies and publishes them in http://www.terena.nl/registry/terena.org/schac/
• Benefits• EU-wide vocabulary understood in every country• National vocabularies make it possible to use and publish national
semantics, even to services in another countries, if necessary
schacHomeOrganizationType Purpose: authorization of cross-national services
• For example, ”for higher education students in any EU country”
Proposed international/EU vocabularyPREFIX=urn:mace:terena.org:schac:homeOrganizationType• PREFIX:eu:higherEducationInstitution // HE defined by Bologna• PREFIX:eu:educationInstitution // other educational institutions• PREFIX:eu:NREN // NREN defined by TERENA• PREFIX:eu:universityHospital• PREFIX:eu:NRENAffiliate // organisations part of the
NREN constituency• Bologna process seems to have no definition for a university
National extensions, for example in Finland• PREFIX:fi:university, PREFIX:fi:polytechnic, PREFIX:fi:researchInstitution,
PREFIX:fi:other
Terena gathers links to national ”homepages”• http://www.terena.nl/registry/terena.org/schac/homeorgtype/
schacPersonalUniqueID
National identification number/social security number assigned by national governments, each country (except Germany)
has at least one considered as sensitive in many countries (strong identifier) each NREN maintains the national namespace
• for example the Finnish Identification Code (FIC)urn:mace:terena.org:schac:personalUniqueID:fi:FIC:010161-123L
Terena gathers links to national ”homepages”:http://www.terena.nl/registry/terena.org/schac/personalUniqueID/
schacPersonalUniqueCode
Local (=not government-assigned) identification codes• Student number, Library patron number, etc• Notice: employeeNumber is already defined by InetOrgPerson
One international namespace proposed for a student number• to make student numbers understood automatically between countries• urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:‹tld›:‹code› • for example,
urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:tut.fi:159345
for other local identifiers, each NREN maintains the national namespace
Terena gathers links to national ”homepages”:http://www.terena.nl/registry/terena.org/schac/personalUniqueCode/
The rest two without separate namespace maintenance
schacPersonalPosition defines a personal position in an institution for example,
urn:mace:terena.org:schac:personalPosition:umk.pl:programmer
to manage namespace, it is recommended to use domain name after the prefix (urn:mace:terena.org:schac:personalPosition)
schacUserStatus specifies persons status as a user of services for example,
urn:mace:terena.org:schac:userStatus:uma.es:affiliation:expired
urn:mace:terena.org:schac:userStatus:uma.es:sendMail:expired
urn:mace:terena.org:schac:userStatus:uma.es:getMail:active
to manage namespace, it is recommended to use domain name after the prefix (urn:mace:terena.org:schac:userStatus)
