Entitlement   othershow all attributes
Name eduPersonEntitlement
Description URI (either URL or URN) that indicates a set of rights to specific resources
Vocabulary URIs only, i.e. a URL or URN
References eduPerson, RFC3986
OIDC Claim: eduPersonEntitlement
Type: JSON array
Scope: https://login.eduid.ch/authz/User.Read
OID 1.3.6.1.4.1.5923.1.1.1.7
LDAP Syntax Directory String
# of values multi
Example values
  • http://unil.ch/resources/biblio92
  • urn:mace:dir:entitlement:common-lib-terms

Definition

URI (either URN or URL) that indicates a set of rights to specific resources.

Notes

  • A simple example would be a URL for a contract with a licensed resource provider. When a principal's home institutional directory is allowed to assert such entitlements, the business rules that evaluate a person's attributes to determine eligibility are evaluated there. The target resource provider does not learn characteristics of the person beyond their entitlement.
    The trust between the two parties must be established out of band. One check would be for the target resource provider to maintain a list of subscribing institutions. Assertions of entitlement from institutions not on this list would not be honored.

  • URN values would correspond to a set of rights to resources based on an agreement across the relevant community. MACE (Middleware Architecture Committee for Education) affiliates may opt to register with MACE as a naming authority, enabling them to create their own URN values.
    https://swit.ch/eduidMACE


All attribute definitions in a single document: Switch edu-ID Attribute Specification