• Security & Identity
• Authentication
  • About AAI
  • Participants
  • Join AAI
  • Support & Downloads
    • FAQ
    • Helpdesk
    • Documents
    • Presentations
    • HOWTO
    • Identity Providers
    • Service Providers
    • Metadata
    • Tools
  • Demo
  • Contact
• Computer Emergencies
• Certificates
• Spam protection

AAI Attribute Changes

The document AAI Attribute Specification specifies the attributes used in the SWITCHaai federation. This page documents the changes.

Back to the full list of AAI Attributes

Implementing the changes on the IdP and SP

Changes in version 1.4.1

Corrected the links to the cvs files in Appendix B and updated the example values for study branch 2 and 3

Changes in version 1.4

Added new values 'tertiaryb' and 'uppersecondary' in swissEduPersonHomeOrganizationType attribute.

Changes in version 1.3

Modified Document Title

"Attribute Specification" (used to be "AAI Attribute Specification")

Implementation Status on website

Added new chapter "Implementing the Attribute Specification" and removed implementation status from attribute definitions, now having the master information on the website for the implementation status.

New swissEduPerson Attribute

New swissEduPerson attribute added: swissEduPersonCardUID ("Card UID")

Alignment with eduPerson Specification

Added complete set of attributes from eduPerson specification to this document: (eduPersonTargetedID, eduPersonPrincipalName, eduPersonNickname, eduPersonScopedAffiliation, eduPersonPrimaryAffiliation, eduPersonPrimaryOrgUnitDN, eduPersonAssurance).

Added new value "library-walk-in" in eduPersonAffiliation attribute.

Layout

New layout of the document.

Changes in version 1.2

Modified Document Title

To better reflect the purpose of this attribute specification, the title was changed from Authorization Attribute Specification to AAI Attribute Specification.

The attributes defined are used in the context of AAI and get transported via AAI from the Identity Provider to the Service Provider. There, they may be used for authorization purposes, but also beyond.

New Introduction

The newly written Introduction chapter refers to privacy and data protection considerations each person getting in touch with AAI attributes should take into account.

New Attribute 'User ID'

It provides a unique identifier for a person, like the swissEduPersonUniqueID. However, User ID is generally an ID used for authentication (login) within the users home organization.

For security reasons, the User ID attribute value should not be provided to resources outside the issuing home organization.

New Attribute 'Matriculation number'

It is a unique number assigned to each student when he/she matriculates the first time to a Swiss University or University of Applied Sciences.

New Attribute 'Employee number'

It identifies an employee within an organization, similar to the matriculation number for students.

For security reasons, the Employee number attribute value should not be provided to resources outside the issuing home organization, since it might be part of the credentials used for authentication (login).

'E-mail' mandatory to implement at IdP

It is now mandatory to implement this attribute at an Identity Provider participating in SWITCHaai. Before it was recommended only, but all existing IdPs have already implemented it.

'Unique ID': maximum length increased to 255 characters

The maximum length allowed for Unique ID was increased to 255 characters. That allows to use UUIDs (Universally Unique Identifier) as local part of such values.

UAS study branches updated and study levels added

For Universities of Applied Sciences (UAS), the list of study branch codes was updated and additional study levels were added. This follows the definitions provided by the SIUS/SHIS of the Federal Statistical Office.