The following is a list of the core and conditional attributes available to Service Providers in the federation. Service Providers consume user attributes sent by Identity Providers to make authorisation decisions and to manage users' experiences with a service.
To receive user attributes, a Service Provider must have an AAF subscription or an affiliation to an organisation who is a subscriber. Service Providers should select only those attributes necessary to provide a service effectively. Identity Providers collect and generate attributes for their users. On user access to a Service Provider, the Service Provider may request some or all user attributes from a user's Identity Provider. The Identity Provider will release user attributes to the Service Provider only with a user's consent.
An organisation which offers a Service Provider may also host an Identity Provider which permits its members to use AAF services. The list of core attributes may evolve in response to the needs of AAF Subscribers.
The AAF's reference definitions of core and optional attributes are accessible here https://validator.aaf.edu.au/documentation/categories.
AAF Core Attributes
|auEduPersonSharedToken||ZsiAvfxa0BXULgcz7QXknbGtfxk||A unique identifier enabling federation spanning services such as Grid and Repositories.|
|displayName||Jack Liam Dougherty||Preferred name of a person to be used when displaying entries.|
|Specifies the person’s relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.|
|eduPersonEntitlement||urn:mace:washington.edu:confocalMicroscope http://www.sirca.org.au/contract/GL123||URI (either URN or URL) that indicates a set of rights to specific resources.|
|Specifies the person’s affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc.|
|eduPersonTargetedID||https://idp.arcs.org.au/idp/shibboleth! https://manager.aaf.edu.au/shibboleth! cmWc3mKualJlxjAwfFdu2mVgRxw=||A persistent, non-reassigned, privacy-preserving identifier for a user shared between an identity provider and service provider. An identity provider uses the appropriate value of this attribute when communicating with a particular service provider or group of service providers, and does not reveal that value to any other service provider except in limited circumstances.|
|URI that describes the method(s) used to verify the person's identity.|
|Set of URIs that assert compliance with specific standards for identity assurance.|
|o (or organizationName)||The University of Queensland||Standard name of the top-level organization (institution) with which this person is associated.|
|firstname.lastname@example.org||Email address, single value. User’s preferred outward facing email address with regard to the organisation.|
|sn (surname)||Dougherty||The person's surname|
|givenName||Jack||Person's given or first name.|
|homeOrgainsation||uq.edu.au||Specifies a person ́s home organization using the domain name of the organization.|
|Type of Organization the user belongs too.|
|eduPersonPrincipalNameemail@example.com||A scoped identifier for a person.|
AAF Conditional Attribute
A set of Attributes selected by the Federation that all Identity Providers are required to support where they have implemented systems to support the Conditional Attributes.
|eduPersonOrcid||https://orcid.org/0000-0002-1825-0097||ORCID iDs are persistent digital identifiers for individual researchers. Their primary purpose is to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.|
Some identity providers support additional attributes which may be found in the AAF Optional Attributes. In general a service provider should NOT rely on an optional attribute being available from an IdP unless they have consulted with the IdP previously.
If you would like the federation to consider promoting an optional attribute to CORE status please contact AAF Support to discuss your requirements.
AAF Attribute Vocabularies https://validator.aaf.edu.au/documentation/categories
Production Attribute Validator https://validator.aaf.edu.au/
Test Attribute Validator https://validator.test.aaf.edu.au/
eduPerson Schema https://wiki.refeds.org/display/STAN/eduPerson
SCHAC - SCHema for ACademia https://wiki.refeds.org/display/STAN/SCHAC