KNF:Attributen overzicht voor Service Providers/en: verschil tussen versies

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen
 
(14 tussenliggende versies door 2 gebruikers niet weergegeven)
Regel 1: Regel 1:
{{Talen}}
{{PageTitleCustom|title=Attributes overview for Service Providers|name=Entree Federation|image=true|imageurl=KNF:Hoofdpagina/en}}
<br/>
<br/>
__TOC__
__TOC__
Regel 9: Regel 9:
For most Service Providers the set with standard attributes will suffice to authenticate and authorize users. However there are situations in which a Service Provider requires more information about a user. In this case one or more additional attributes can be used.
For most Service Providers the set with standard attributes will suffice to authenticate and authorize users. However there are situations in which a Service Provider requires more information about a user. In this case one or more additional attributes can be used.


==Standard attributes==
==Default attributes==
In this table you can find the attributes that a Service Provider will always receive from Entree Federation.
In this table you can find the attributes that a Service Provider will always receive from Entree Federation.
{| class="wikitable"
{| class="wikitable"
Regel 16: Regel 16:
| uid || Unique ID for the user. This is a encrypted version of the username and employeeNumber, followed by the realm || hash@realm || qj7cks8qdz9ph54@petteflat
| uid || Unique ID for the user. This is a encrypted version of the username and employeeNumber, followed by the realm || hash@realm || qj7cks8qdz9ph54@petteflat
|-
|-
| givenName&nbsp;'''<sup>1</sup>''' || First name || string || Piet
| givenName || First name || string || Piet
|-
| sn&nbsp;'''<sup>1</sup>''' || Surname || string || Pukkelen
|-
|-
| eduPersonAffiliation || Role || student, employee, staff or affiliate || student
| eduPersonAffiliation || Role || student, employee, staff or affiliate || student
Regel 25: Regel 23:
|-
|-
| nlEduPersonHomeOrganization || Name of the institution || string || Petteflat College
| nlEduPersonHomeOrganization || Name of the institution || string || Petteflat College
|-
| eckId * || Unique ECK pseudonym for student or teacher&nbsp;'''<sup>2</sup>''' || text || <nowiki>https://ketenid.nl/pilot/8e0a9f57fc76854d3dd2d3c4fa732feaf7b7a2d5f549a5458ce300223b83172f5074aa88a8cef0712aca19b62e9b90d0352e98fc76f498cd3947e7cc810f03fa</nowiki>
|}
|}
'''<sup>1</sup> Attention:''' During the implementation of the coupling the Service Provider can choose to receive either the first name or the surname. If the Service Provider prefers to receive both names the school has to sign an Attribute Release Policy form.<br/>


==Additional attributes==
==Additional attributes==
The Service Provider will only receive these attributes when the school has given explicit permission by signing an [https://support.kennisnet.org/index.php?/Knowledgebase/Article/View/226/0/wat-is-een-arp Attribute Release Policy] form.
The Service Provider will only receive these attributes after the school has given explicit permission by signing an [https://support.kennisnet.org/index.php?/Knowledgebase/Article/View/226/0/wat-is-een-arp Attribute Release Policy] form.
{| class="wikitable"
{| class="wikitable"
! '''Attributename''' || '''Description''' || '''Format''' || '''Example'''
! '''Attributename''' || '''Description''' || '''Format''' || '''Example'''
Regel 35: Regel 34:
| nlEduPersonRealId&nbsp;'''<sup>1</sup>''' || Unencrypted version of the uid || [userId]@[realm] || pietjepukkelen@petteflatcollege
| nlEduPersonRealId&nbsp;'''<sup>1</sup>''' || Unencrypted version of the uid || [userId]@[realm] || pietjepukkelen@petteflatcollege
|-
|-
| givenName&nbsp;'''<sup>2</sup>''' || First name|| string || Pietje
| nlEduPersonProfileId || ECK attribute<br/>If a school has multiple administrations the administrationnumber can be added after the @ as in the example || studentnumber@administrationnumber.schooldomain.nl || 95312@1.kennisnet.nl
|-
| eckId|| Unique ECK pseudonym for students and teachers&nbsp;'''<sup>2</sup>''' || string || <nowiki>https://ketenid.nl/pilot/8e0a9f57fc76854d3dd2d3c4fa732feaf7b7a2d5f549a5458ce300223b83172f5074aa88a8cef0712aca19b62e9b90d0352e98fc76f498cd3947e7cc810f03fa</nowiki>
|-
|-
| nlEduPersonTussenvoegsels || Insertion || string || van
| nlEduPersonTussenvoegsels || Insertion || string || van
|-
|-
| sn&nbsp;'''<sup>2</sup>''' || Surname || string || Pukkelen
| sn || Surname || string || Pukkelen
|-
|-
| mail || Email address || string || pietjepukkelen@petteflatcollege.nl
| mail || Email address || string || pietjepukkelen@petteflatcollege.nl
Regel 48: Regel 49:
|-
|-
| mobile || Mobile number || string || +31612345678
| mobile || Mobile number || string || +31612345678
|-
| homePostalAddress || Address || Maximum of 6 lines each containing a maximum of 30 characters || Petteflat 121e <br/> 2518PP Zoetermeer
|-
|-
| nlEduPersonBirthDate || Date of birth|| yyyymmdd || 19801231
| nlEduPersonBirthDate || Date of birth|| yyyymmdd || 19801231
Regel 62: Regel 61:
|-
|-
| nlEduPersonCohort || Starting year || string || 2014
| nlEduPersonCohort || Starting year || string || 2014
|-
| nlEduPersonProfileId || ECK attribute<br/>If a school has multiple administrations the administrationnumber can be added after the @ as in the example || studentnumber@administrationnumber.schooldomain.nl || 95312@1.kennisnet.nl
|-
|-
| ocwILTRegistratiecode || ILT Registrationcode<br/>''In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education: nr. DUO/OND-2013/15135 M.'' || four digit-code || 0011
| ocwILTRegistratiecode || ILT Registrationcode<br/>''In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education: nr. DUO/OND-2013/15135 M.'' || four digit-code || 0011
|-
|-
| ocwILTLeerjaar || ILT cohort<br/>''In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education:: nr. DUO/OND-2013/15135 M.'' || one digit|| 1
| ocwILTLeerjaar || ILT cohort<br/>''In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education:: nr. DUO/OND-2013/15135 M.'' || one digit|| 1
|-
| digiDeliveryId || ECK digital delivery address || string || ED8AE607-WI3N-414C-T87A-624E74S7T005
|-
| nlEduPersonHomeOrganizationBranchId || Establishment number (BRIN 6) || String of 6 alpha-numeric characters || 11ZZ03
|-
| preferredLanguage || Preferred Language || Languagecode (https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) || nl
|-
| country || Country || Countrycode (https://en.wikipedia.org/wiki/ISO_3166-1) || NL
|}
|}
'''<sup>1</sup> Attention:''' The encrypted version of this attribute will always be passed on to Service Providers. To pass on the unencrypted version the school has to sign an Attribute Release Policy.<br/>
'''<sup>1</sup> Attention:''' The encrypted version of this attribute will always be passed on to Service Providers. To pass on the unencrypted version the school has to sign an Attribute Release Policy.<br/>
'''<sup>2</sup> Attention:''' During the implementation of the coupling the Service Provider can choose to receive either the first name or the surname. If the Service Provider prefers to receive both names the school has to sign an Attribute Release Policy form.
'''<sup>2</sup>''' For more information on the ECK-iD: https://www.eck-id.nl/ (in Dutch)


==Attribute release policy==
==Attribute release policy==
A school can give permission to pass on certain additional attributes to a specific Service Provider by signing an Attribute Release Policy. An overview of Attribute Release Policies can be found at  [https://support.kennisnet.org/index.php?/Knowledgebase/Article/View/226/0/wat-is-een-arp the Kennisnet support pages].
A school can give permission to pass on certain additional attributes to a specific Service Provider by signing an Attribute Release Policy. An overview of Attribute Release Policies can be found at  [https://support.kennisnet.org/Knowledgebase/Article/View/511/0/er-zijn-meer-attributen-van-gebruikers-nodig-wat-nu the Kennisnet support pages].


[[Categorie:Entree Federatie]]
[[Categorie:Entree Federatie]]
[[Categorie:Entree Federatie Service Provider]]

Huidige versie van 18 jul 2022 om 13:31

KNF-symbol.png Entree Federation: Attributes overview for Service Providers

Nl.gif Nederlands En.gif English


To authenticate and subsequently authorize a user the Entree Federation uses attributes. These attributes contain information (for example a firstname) about the user who wants access to a connected Service Provider.
There are two types of attributes used within the context of Entree Federation:

  • Standard attributes
  • Additional attributes

For most Service Providers the set with standard attributes will suffice to authenticate and authorize users. However there are situations in which a Service Provider requires more information about a user. In this case one or more additional attributes can be used.

Default attributes

In this table you can find the attributes that a Service Provider will always receive from Entree Federation.

Attributename Description Format Example
uid Unique ID for the user. This is a encrypted version of the username and employeeNumber, followed by the realm hash@realm qj7cks8qdz9ph54@petteflat
givenName First name string Piet
eduPersonAffiliation Role student, employee, staff or affiliate student
nlEduPersonHomeOrganizationId BRIN code of the institution 4 or 6 characters 11ZZ03
nlEduPersonHomeOrganization Name of the institution string Petteflat College
eckId * Unique ECK pseudonym for student or teacher 2 text https://ketenid.nl/pilot/8e0a9f57fc76854d3dd2d3c4fa732feaf7b7a2d5f549a5458ce300223b83172f5074aa88a8cef0712aca19b62e9b90d0352e98fc76f498cd3947e7cc810f03fa

Additional attributes

The Service Provider will only receive these attributes after the school has given explicit permission by signing an Attribute Release Policy form.

Attributename Description Format Example
nlEduPersonRealId 1 Unencrypted version of the uid [userId]@[realm] pietjepukkelen@petteflatcollege
nlEduPersonProfileId ECK attribute
If a school has multiple administrations the administrationnumber can be added after the @ as in the example		 studentnumber@administrationnumber.schooldomain.nl 95312@1.kennisnet.nl
eckId Unique ECK pseudonym for students and teachers 2 string https://ketenid.nl/pilot/8e0a9f57fc76854d3dd2d3c4fa732feaf7b7a2d5f549a5458ce300223b83172f5074aa88a8cef0712aca19b62e9b90d0352e98fc76f498cd3947e7cc810f03fa
nlEduPersonTussenvoegsels Insertion string van
sn Surname string Pukkelen
mail Email address string pietjepukkelen@petteflatcollege.nl
initials Initials string P.
homePhone Phone number string +31791234567
mobile Mobile number string +31612345678
nlEduPersonBirthDate Date of birth yyyymmdd 19801231
nlEduPersonProfile Name of study preceded by CREBO<space>.
Optionally BOL_ or BBL_ can be added at the beginning		 string 2345 BOL_ICT.Gamedeveloper
nlEduPersonDepartment Department or sector string Techniek
nlEduPersonUnit Primary class or group. Unique within the school administration or domain string H2A
ou Class or group string H2A
nlEduPersonCohort Starting year string 2014
ocwILTRegistratiecode ILT Registrationcode
In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education: nr. DUO/OND-2013/15135 M.		 four digit-code 0011
ocwILTLeerjaar ILT cohort
In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education:: nr. DUO/OND-2013/15135 M.		 one digit 1
digiDeliveryId ECK digital delivery address string ED8AE607-WI3N-414C-T87A-624E74S7T005
nlEduPersonHomeOrganizationBranchId Establishment number (BRIN 6) String of 6 alpha-numeric characters 11ZZ03
preferredLanguage Preferred Language Languagecode (https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) nl
country Country Countrycode (https://en.wikipedia.org/wiki/ISO_3166-1) NL

1 Attention: The encrypted version of this attribute will always be passed on to Service Providers. To pass on the unencrypted version the school has to sign an Attribute Release Policy.
2 For more information on the ECK-iD: https://www.eck-id.nl/ (in Dutch)

Attribute release policy

A school can give permission to pass on certain additional attributes to a specific Service Provider by signing an Attribute Release Policy. An overview of Attribute Release Policies can be found at the Kennisnet support pages.

Overgenomen van "https://developers.wiki.kennisnet.nl/index.php?title=KNF:Attributen_overzicht_voor_Service_Providers/en&oldid=12506"