AAI Attribute Specification Change Log

The document Attribute Specification specifies the attributes used in the SWITCHaai federation. This page documents the changes.

Back to the full list of Attributes

Implementing the changes on the IdP and SP

Changes in version 1.6 (2017-04-11)

  • list of attributes sorted by origin (PDF version only)
  • more consistent format for the attribute descriptions
  • swissEduPersonUniqueID: recommends to use only alphanumeric characters for the local part for compatibility with eduPersonUniqueId
  • swissLibraryPersonAffiliation: sets friendly name to 'Library Patron Affiliation'
  • swissLibraryPersonResidence: corrects the vocabulary to ISO 3166-1, sets friendly name to 'Library Patron Residence'
  • adopts the changes from eduPerson(201310) to eduPerson(201602)
  • eduPersonAssurance: renames the friendly name from 'Assurance level' to 'Assurance profile'
  • eduPersonNickname: corrects the '# of values' from 'single' to 'multi'
  • adds attributes: eduPersonOrcid, isMemberOf, ou, schacHomeOrganization, schacHomeOrganizationType
  • postalAddress, homePostalAddress: updates the examples to current recommomendations (no ISO country codes)
  • preferredLanguage: corrects the syntax from 'Integer {1}' to 'Directory String' and fixes the examples where the region codes were in lower case

Changes in version 1.5.0 (2015-09-01)

  • dropped the 'Usage' from all attribute descriptions
  • new attributes: swissLibraryPersonAffiliation, swissLibraryPersonResidence, eduPersonUniqueId, swissEduID
  • adopts the changes from eduPerson(201203) to eduPerson(201310)

Changes in version 1.4.2 (2012-10-25)

  • Updated Notes and Semantics according the changes from eduPerson(200806) to eduPerson(201203)

Changes in version 1.4.1 (2012-07-26)

  • Corrected the links to the cvs files in Appendix B and updated the example values for study branch 2 and 3

Changes in version 1.4 (2011-01-05)

  • Added new values tertiaryb and uppersecondary in swissEduPersonHomeOrganizationType attribute.

Changes in version 1.3 (2010-06-23)

Modified Document Title
"Attribute Specification" (used to be "AAI Attribute Specification")
Implementation Status on website
Added new chapter "Implementing the Attribute Specification" and removed implementation status from attribute definitions, now having the master information on the website for the implementation status.
New swissEduPerson Attribute
New swissEduPerson attribute added: swissEduPersonCardUID ("Card UID")
Alignment with eduPerson Specification
  • Added complete set of attributes from eduPerson specification to this document: (eduPersonTargetedID, eduPersonPrincipalName, eduPersonNickname, eduPersonScopedAffiliation, eduPersonPrimaryAffiliation, eduPersonPrimaryOrgUnitDN, eduPersonAssurance).
  • Added new value library-walk-in in eduPersonAffiliation attribute.
Layout
New layout of the document.

Changes in version 1.2 (2007-09-05)

Modified Document Title
To better reflect the purpose of this attribute specification, the title was changed from Authorization Attribute Specification to AAI Attribute Specification.
The attributes defined are used in the context of AAI and get transported via AAI from the Identity Provider to the Service Provider. There, they may be used for authorization purposes, but also beyond.
New Introduction
The newly written Introduction chapter refers to privacy and data protection considerations each person getting in touch with AAI attributes should take into account.
New Attribute 'User ID'
  • It provides a unique identifier for a person, like the swissEduPersonUniqueID. However, User ID is generally an ID used for authentication (login) within the users home organization.
  • For security reasons, the User ID attribute value should not be provided to resources outside the issuing home organization.
New Attribute 'Matriculation number'
It is a unique number assigned to each student when he/she matriculates the first time to a Swiss University or University of Applied Sciences.
New Attribute 'Employee number'
  • It identifies an employee within an organization, similar to the matriculation number for students.
  • For security reasons, the Employee number attribute value should not be provided to resources outside the issuing home organization, since it might be part of the credentials used for authentication (login).
'E-mail' mandatory to implement at IdP
It is now mandatory to implement this attribute at an Identity Provider participating in SWITCHaai. Before it was recommended only, but all existing IdPs have already implemented it.
'Unique ID': maximum length increased to 255 characters
The maximum length allowed for Unique ID was increased to 255 characters. That allows to use UUIDs (Universally Unique Identifier) as local part of such values.
UAS study branches updated and study levels added
For Universities of Applied Sciences (UAS), the list of study branch codes was updated and additional study levels were added. This follows the definitions provided by the SIUS/SHIS of the Federal Statistical Office.