KNF:Attributen overzicht voor Service Providers/en
To authenticate and subsequently authorize a user the Entree Federation uses attributes. These attributes contain information (for example a firstname) about the user who wants access to a connected Service Provider.
There are two types of attributes used within the context of Entree Federation:
- Standard attributes
- Additional attributes
For most Service Providers the set with standard attributes will suffice to authenticate and authorize users. However there are situations in which a Service Provider requires more information about a user. In this case one or more additional attributes can be used.
In this table you can find the attributes that a Service Provider will always receive from Entree Federation.
|uid||Unique ID for the user. This is a encrypted version of the username and employeeNumber, followed by the realm||hash@realm||qj7cks8qdz9ph54@petteflat|
|eduPersonAffiliation||Role||student, employee, staff or affiliate||student|
|nlEduPersonHomeOrganizationId||BRIN code of the institution||4 or 6 characters||11ZZ03|
|nlEduPersonHomeOrganization||Name of the institution||string||Petteflat College|
The Service Provider will only receive these attributes after the school has given explicit permission by signing an Attribute Release Policy form.
|nlEduPersonRealId 1||Unencrypted version of the uid||[userId]@[realm]||pietjepukkelen@petteflatcollege|
If a school has multiple administrations the administrationnumber can be added after the @ as in the example
|eckId||Unique ECK pseudonym for students and teachers 2||string||https://ketenid.nl/pilot/8e0a9f57fc76854d3dd2d3c4fa732feaf7b7a2d5f549a5458ce300223b83172f5074aa88a8cef0712aca19b62e9b90d0352e98fc76f498cd3947e7cc810f03fa|
|nlEduPersonBirthDate||Date of birth||yyyymmdd||19801231|
|nlEduPersonProfile||Name of study preceded by CREBO<space>.
Optionally BOL_ or BBL_ can be added at the beginning
|nlEduPersonDepartment||Department or sector||string||Techniek|
|nlEduPersonUnit||Primary class or group. Unique within the school administration or domain||string||H2A|
|ou||Class or group||string||H2A|
In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education: nr. DUO/OND-2013/15135 M.
In accordance with annex I and II, corresponding to Article 1 of the Regulation of the Minister of OCW containing the determination of the elementcode table and studycode table for secondary and adult education:: nr. DUO/OND-2013/15135 M.
|digiDeliveryId||ECK digital delivery address||string||ED8AE607-WI3N-414C-T87A-624E74S7T005|
1 Attention: The encrypted version of this attribute will always be passed on to Service Providers. To pass on the unencrypted version the school has to sign an Attribute Release Policy.
2 For more information on the ECK-iD: https://www.eck-id.nl/ (in Dutch)
Attribute release policy
A school can give permission to pass on certain additional attributes to a specific Service Provider by signing an Attribute Release Policy. An overview of Attribute Release Policies can be found at the Kennisnet support pages.