Subject RE: use of eduPersonEntitlement
From "Vries, Ale de (ELS-NYC)" <ale@xxxxxxxxxxxx>
Date Wed, 15 May 2013 16:40:01 +0000

Oh, I didn’t mean to suggest it’s because of something being done incorrectly IdP-side – it’s just that we _assumed_ we would always get just one ePD for any given user, and it’s only taken about 7-8 years to turn out that that assumption was wrong J.


From: smith@xxxxxxxxxxxxx [mailto:smith@xxxxxxxxxxxxx]
Sent: Wednesday, May 15, 2013 12:33
To: Vries, Ale de (ELS-NYC)
Cc: Keith Hazelton; REFeds
Subject: Re: [refeds] use of eduPersonEntitlement


On 15 May 2013, at 14:25, "Vries, Ale de (ELS-NYC)" <ale@xxxxxxxxxxxx> wrote:

Our SP _generally_ requires the eduPersonEntitlement value, but coincidentally we've been running into the issue recently that more and more IdPs in more and more federations release multiple values for that attribute. 


If you're a service that requires a particular ePE, then you're very likely to receive more than one, and not because of incorrect attribute filtering policies - many places, for example, will release the common-lib-terms entitlement to any SP. Where that's the case, you'll always get that plus whatever the filtering rules have allowed through to your particular service...



Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet - the UK's research and education network

email: smith@xxxxxxxxxxxxx / rhys.smith@xxxxxx
GPG: 0xDE2F024C