Survey

Skip to end of metadata
Go to start of metadata

Survey Preview (PDF)

(rev. 20-Sep-2012)

Objective and Background

The eduPerson Object Class Specification includes a number of attributes used to identify individuals. Email list discussion has raised a number of questions about these attributes, their definition, and how they are used.  A working group has been formed to understand and document areas of concern and recommend text to develop a more consistent use of these attributes.  In some cases, it may be necessary to define new attributes.  The survey below is being developed to aid this process and your assistance in completing it is appreciated. This survey is designed to collect information from service and identity providers regarding the use and problem areas of the following attributes:

  • eduPersonPrincipalName
  • eduPersonTargetedID
  • mail
  • uid
  • uniqueIdentifier

Identity/Service Provider Information

What role(s) does your organization have:

  • Service Provider
  • Identity Provider
  • Both Identity and Service Provider

Usage Information

For each of the attributes that you use, please try to answer as many questions as are relevant. 

eduPersonPrincipalName (specification)
  1. Do you use this attribute?
  2. If yes, please describe how you are currently using it and for how many:
    1. For Service Providers, how many IdPs are providing this attribute? 
    2. For Identity Providers, to how many Service Providers do you send this information?
  3. Form and format of the data in the attribute:
    1. For Service Providers, describe the form/format of the data you can effectively accept and process.  For example, in the case of EPPN, do you assume it is a valid email address? What if it is not?
    2. For identity providers what are the semantics of the attribute and how to you populate it, that is where does the information come from? 
  4. Were there any issues related to the definition/understanding of the attribute during initial start up?
  5. Are there problems that arise when you federate with new partners? If so, please describe them.
  6. Are there or have there been any issues with the value of this attribute changing for users?
  7. With regard to this attribute, what could be done to avoid issues on-boarding new IdPs and/or federating with new SPs?
  8. Are there any on-going issues related to this attribute, if so, please describe.
  9. Does your use of this attribute pre-date the use of SAML and federation? 
eduPersonTargetedID (specification)
  1. Do you use this attribute?
  2. If yes, please describe how you are currently using it and for how many:
    1. For Service Providers, how many IdPs are providing this attribute? 
    2. For Identity Providers, to how many Service Providers do you send this information?
  3. Form and format of the data in the attribute:
    1. For Service Providers, describe the form/format of the data you can effectively accept and process.  For example, in the case of EPPN, do you assume it is a valid email address? What if it is not?
    2. For identity providers what are the semantics of the attribute and how to you populate it, that is where does the information come from? 
  4. Were there any issues related to the definition/understanding of the attribute during initial start up?
  5. Are there problems that arise when you federate with new partners? If so, please describe them.
  6. Are there or have there been any issues with the value of this attribute changing for users?
  7. With regard to this attribute, what could be done to avoid issues on-boarding new IdPs and/or federating with new SPs?
  8. Are there any on-going issues related to this attribute, if so, please describe.
mail (specification)
  1. Do you use this attribute?
  2. If yes, please describe how you are currently using it and for how many:
    1. For Service Providers, how many IdPs are providing this attribute? 
    2. For Identity Providers, to how many Service Providers do you send this information?
  3. Form and format of the data in the attribute:
    1. For Service Providers, describe the form/format of the data you can effectively accept and process.  For example, in the case of EPPN, do you assume it is a valid email address? What if it is not?
    2. For identity providers what are the semantics of the attribute and how to you populate it, that is where does the information come from? 
  4. Were there any issues related to the definition/understanding of the attribute during initial start up?
  5. Are there problems that arise when you federate with new partners? If so, please describe them.
  6. Are there or have there been any issues with the value of this attribute changing for users?
  7. With regard to this attribute, what could be done to avoid issues on-boarding new IdPs and/or federating with new SPs?
  8. Are there any on-going issues related to this attribute, if so, please describe.
uid (specification)
  1. Do you use this attribute?
  2. If yes, please describe how you are currently using it and for how many:
    1. For Service Providers, how many IdPs are providing this attribute? 
    2. For Identity Providers, to how many Service Providers do you send this information?
  3. Form and format of the data in the attribute:
    1. For Service Providers, describe the form/format of the data you can effectively accept and process.  For example, in the case of EPPN, do you assume it is a valid email address? What if it is not?
    2. For identity providers what are the semantics of the attribute and how to you populate it, that is where does the information come from? 
  4. Were there any issues related to the definition/understanding of the attribute during initial start up?
  5. Are there problems that arise when you federate with new partners? If so, please describe them.
  6. Are there or have there been any issues with the value of this attribute changing for users?
  7. With regard to this attribute, what could be done to avoid issues on-boarding new IdPs and/or federating with new SPs?
  8. Are there any on-going issues related to this attribute, if so, please describe.
uniqueIdentifier (specification)
  1. Do you use this attribute?
  2. If yes, please describe how you are currently using it and for how many:
    1. For Service Providers, how many IdPs are providing this attribute? 
    2. For Identity Providers, to how many Service Providers do you send this information?
  3. Form and format of the data in the attribute:
    1. For Service Providers, describe the form/format of the data you can effectively accept and process.  For example, in the case of EPPN, do you assume it is a valid email address? What if it is not?
    2. For identity providers what are the semantics of the attribute and how to you populate it, that is where does the information come from? 
  4. Were there any issues related to the definition/understanding of the attribute during initial start up?
  5. Are there problems that arise when you federate with new partners? If so, please describe them.
  6. Are there or have there been any issues with the value of this attribute changing for users?
  7. With regard to this attribute, what could be done to avoid issues on-boarding new IdPs and/or federating with new SPs?
  8. Are there any on-going issues related to this attribute, if so, please describe.

General Questions 

  1. Is the stability of any of the identifiers problematic?
  2. What are your requirments for the stability of a user identifier (that is how long must it uniquely identify an individual?)
  3. Are there privacy concerns with regard to any of the use of any of the attributes or with their (un)intended disclosure?
  4. Please describe any special use conditions/cases you have.  That is, are there special needs for information and processing of that information that are or are not being met with the current attributes.
  5. Is there information not contained in any of the user identifier attributes in this survey that you feel you need? Please describe it.
  6. If one or more attributes were added to address common concerns identified by this survey, which attributes, how willing would you be to implement them? What would it take for you to invest in their implemenation?
  7. Are there any on-going issues related to any attribute that you have not already mentioned? If so, please describe.
  8. Are there any other attributes not listed above that you use for user identification purposes? What are they and how are they used?
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.