Schac attributes and common vocabularies

1
Schac attributes and common vocabularies

• TF-EMC2 16-17.10.2006
• Mikael Linden
• CSC, the Finnish IT Center for Science

2
Outline

• Why vocabularies?
• Why cross-national vocabularies?
• schac attributes with no vocabulary
• schac attributes with obvious vocabulary
• Vocabulary definition for HomeOrganizationType,
  UniqueCode and UniqueID
• Vocabulary definition for PersonalPosition and
  UserStatus

3
Why vocabularies?

• If we intend to use attributes for authorization,
  there should be common understanding on their
  semantics between the users (for example, IdPs
  and SPs)
• for example this service is authorised for
  university students
• what is a university?
• what is a student?
• eduPerson defines one vocabulary
  eduPersonAffiliation
• student/staff/faculty/employee/member/affiliate/al
  um
• (it still leaves the interpretation quite open)

4
Why cross-national vocabularies?

• If we are some day going to have cross-national
  confederation (e.g. eduGAIN), we need common
  vocabularies as part of the schema
• its easier to design the vocabularies now, when
  our federations are still young
• later it will be painfull too many changes to
  too many production level systems
• How to define vocabularies in an interoperable
  but still flexible way?

5
No vocabulary, no problem

• schacDateOfBirth
• for example 19660412
• schacPlaceOfBirth
• for example Algeciras, Spain
• schacSn1, schacSn2
• for example, Lopez de la Moraleda
• schacPersonalTitle
• for example, Prof
• schacUserPrecenseID
• URIs, for example sippepe_at_myweb.com
• schacExpiryDate
• for example 20051231125959Z
• schacUserPrivateAttribute
• for example, mail, telephoneNumber

6
Vocabulary is obvious (hope so!)

• schacMotherTongue ISO 639
• for example, fr, es-ES
• schacGender ISO 5218
• 1male, 2female, 0not known, 9 not specified
• schacCountryOfCitizenship ISO 3166
• for example, es
• schacHomeOrganization domain names
• for example, tut.fi
• schacCountryOfRecidence ISO 3166
• for example, es
• schacUUID UUID defined by RFC 4530
• for example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6

7
Outline of the proposed solution

• for HomeOrganizationType, UniqueCode and UniqueID
• We define an international/EU-wide vocabulary,
  when we can identify a common European
  denominator
• Additionally, each NREN maintains a national
  vocabulary for national extensions
• may delegate namespaces for institutional
  vocabularies
• Terena gathers links to the national vocabularies
  and publishes them in http//www.terena.nl/regist
  ry/terena.org/schac/
• Benefits
• EU-wide vocabulary understood in every country
• National vocabularies make it possible to use and
  publish national semantics, even to services in
  another countries, if necessary

8
schacHomeOrganizationType

• Purpose authorization of cross-national services
• For example, for higher education students in
  any EU country
• Proposed international/EU vocabulary
• PREFIXurnmaceterena.orgschachomeOrganizationT
  ype
• PREFIXeuhigherEducationInstitution // HE
  defined by Bologna
• PREFIXeueducationInstitution // other
  educational institutions
• PREFIXeuNREN // NREN defined by TERENA
• PREFIXeuuniversityHospital
• PREFIXeuNRENAffiliate // organisations part of
  the NREN constituency
• Bologna process seems to have no definition for a
  university
• National extensions, for example in Finland
• PREFIXfiuniversity, PREFIXfipolytechnic,
  PREFIXfiresearchInstitution, PREFIXfiother
• Terena gathers links to national homepages
• http//www.terena.nl/registry/terena.org/schac/hom
  eorgtype/

9
schacPersonalUniqueID

• National identification number/social security
  number
• assigned by national governments, each country
  (except Germany) has at least one
• considered as sensitive in many countries (strong
  identifier)
• each NREN maintains the national namespace
• for example the Finnish Identification Code
  (FIC)urnmaceterena.orgschacpersonalUniqueIDf
  iFIC010161-123L
• Terena gathers links to national
  homepageshttp//www.terena.nl/registry/terena.
  org/schac/personalUniqueID/

10
schacPersonalUniqueCode

• Local (not government-assigned) identification
  codes
• Student number, Library patron number, etc
• Notice employeeNumber is already defined by
  InetOrgPerson
• One international namespace proposed for a
  student number
• to make student numbers understood automatically
  between countries
• urnmaceterena.orgschacpersonalUniqueCodeeust
  udentIDtldcode
• for example, urnmaceterena.orgschacpersonalUni
  queCodeeustudentIDtut.fi159345
• for other local identifiers, each NREN maintains
  the national namespace
• Terena gathers links to national
  homepageshttp//www.terena.nl/registry/terena.
  org/schac/personalUniqueCode/

11
The rest two without separate namespace
maintenance

• schacPersonalPosition
• defines a personal position in an institution
• for example, urnmaceterena.orgschacpersonalPo
  sitionumk.plprogrammer
• to manage namespace, it is recommended to use
  domain name after the prefix (urnmaceterena.org
  schacpersonalPosition)
• schacUserStatus
• specifies persons status as a user of services
• for example,
• urnmaceterena.orgschacuserStatusuma.esaffili
  ationexpired
• urnmaceterena.orgschacuserStatusuma.essendMa
  ilexpired
• urnmaceterena.orgschacuserStatusuma.esgetMai
  lactive
• to manage namespace, it is recommended to use
  domain name after the prefix (urnmaceterena.org
  schacuserStatus)