Subject Re: use of eduPersonEntitlement
From Rhys Smith <smith@xxxxxxxxxxxxx>
Date Wed, 15 May 2013 17:32:34 +0100

On 15 May 2013, at 14:25, "Vries, Ale de (ELS-NYC)" <ale@xxxxxxxxxxxx> wrote:

Our SP _generally_ requires the eduPersonEntitlement value, but coincidentally we've been running into the issue recently that more and more IdPs in more and more federations release multiple values for that attribute. 

If you're a service that requires a particular ePE, then you're very likely to receive more than one, and not because of incorrect attribute filtering policies - many places, for example, will release the common-lib-terms entitlement to any SP. Where that's the case, you'll always get that plus whatever the filtering rules have allowed through to your particular service...

Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet - the UK's research and education network

email: smith@xxxxxxxxxxxxx / rhys.smith@xxxxxx
GPG: 0xDE2F024C