Home

norEduPersonLIN

Submitted by Andreas Åkre Solberg [1] on 10 November, 2007 - 10:47

norEduPersonLIN

A short description

Local identity number, for instance student number or employee number.

Usage

Utility classUtility class
[ Core | Standard | Extended ]
Basic applications like white pages and some authorization data.

RequiredIs attribute required?
Optional. Application selects whether it will support attribute or not.

ConfidentialityConfidentiality
Medium. Personal information.

IntegrityIntegrity
High. Values are required to be up to date, maximum 24 hours latency.

AvailabilityAvailability
Medium. If the LDAP uses this attribute, it should normally be provided for relevant objects. Authorization may fail if no value is available.

details

Details

Multivalued Multiple values?
Multivalued

value format Value format
DirectoryString

Origin Attribute origin
norEdu*

details

LDAP

OID
1.3.6.1.4.1.2428.90.1.4
Datatype
DirectoryString

« Back to view list of all attributes

This identifier may also be used for scoped identity numbers, provided that the issuer prepends the identifier with a realm for the issuing authority. Another use is similar to the attribute eduPersonTargetedID. A given value is intended only for consumption by a specific requester.

When guaranteed global uniqueness is required, eduPersonEntitlement should be preferred over norEduPersonLIN. norEduPersonLIN is not guaranteed to be unique across several enterprise directory servers (the same locally assigned norEduPersonLIN may be issued to several persons), unless these are coordinated e.g. through use of a unique prefix.

Feide usage notes

The format consists of a prefix to ensure global uniqueness, and a string in a locally defined format. In Feide, the realm part of the eduPersonPrincipalName (i.e. the string to the right of the '@') should be used as a prefix.

The attribute is obtained from the institution's employee registry or student registry. It is mostly added for backwards compatibility with legacy systems.

Example applications for which this attribute would be useful:

Library systems, legacy payroll systems, targets with need to maintain a persistent but opaque identifier for a given user for purposes of personalization or record-keeping.

Examples

  • uninett.no:employee:035016