Shibboleth Attributes

The Shibboleth login and registration procedures for the booking service, require particular shibboleth attributes to be released by the Identity Provider. These attributes are listed below, together with descriptions of their use by the ja.net video conference booking service. Normal privacy concerns notwithstanding, the attribute release policy adopted by institutions which intend to support use of the Shibbolised booking service, must at least, embrace the mandatory attributes, displayed in red. Attribute names are from the document "InCommon Federation: Common Identity Atributes";  corresponding LDAP names are given in parenthesis. View the ja.net privacy policy.

Attributes used to moderate access to the booking service.

• Principle name(eduPersonPrincipalName)
  If available, saved along with the eduPersonTargetedId as a possible alternative method of identifying a booking service user. Though not implemented, a scheme had been proposed for identifying booking service users using either eduPersonTargetedId or eduPersonPrincipalName.
• Targeted identifier(eduPersonTargetedId)
  Used to identify a user to the booking service. There was much discussion early in the project as to whether eduPersonTargetedId or eduPersonPrincipalName should be used. The former was considered to be more likely to change and therefore be less reliable as a means of identifying a user. This issue now seems to have been resolved in favour of eduPersonTargetedId.
• Scoped affiliation (eduPersonScopedAffiliation)
  If available, checked against access lists maintained by the booking service restrict access to specific services to users with particular affiliations. By default all or any affiliation, including none, will be accepted