Subject Re: use of eduPersonEntitlement
From Thomas Lenggenhager <lenggenhager@xxxxxxxxx>
Date Thu, 16 May 2013 11:05:45 +0200

On 15.05.13 16:40, Keith Hazelton wrote:
> Very much ON topic in my view. This bears on how ePEntitlement can be used in various real situations. I'll be quite interested to hear from others about the question of filtering ePE values by SP. --Keith

In the SWITCHaai Federation we use eduPersonEntitlement as well. We
promote especially the use of the common-lib-terms value but we also use
it to identify and categorize the guest accounts in our virtual home
organization (VHO), to know to which VHO group they belong. In addition,
a couple of institutions use it to encode local group memberships.

Since the federation management tool (Resource Registry) provides for
each IdP tailored attribute-filter.xml files the regularly update we
also provide SP admins the possibility to configure filters for
attribute like the entitlement which that way gets automatically
deployed in all IdPs. So publisher SPs get only the value
common-lib-terms and no other values.


Thomas Lenggenhager, Central Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505  direct +41 44 268 1541