Versions Compared

Old Version 3

changes.mady.by.user Unknown User (tzangerl@pdc.kth.se)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (tzangerl@pdc.kth.se)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The entitlement is the IdP's way of notifying Confusa that the given user is entitled to certain actions. This is not a required attribute for other users than the administrators. I.e. the IdP can easily remove an administrator. However, we do not want the IdPs to wildly add new administrator, so this attribute is a necessary but not sufficient condition for getting administrator privileges.
If not set, the user cannot be administrator. The attribute is freely configurable on the NREN-level. we have disabled it on the subscriber-level to avoid having subscriber-admins lock themselves and their whole institution out of the portal. However, we recommend usage of the eduPersonEntitlement attribute.

TCS-
\
[eScience
\
|Personal
\
]-Portal

The central TCS eScience portal currently uses the following entitlement attributes:

  • urn:mace:terena.org:tcs:escience-user (may request eScience certificates)
  • urn:mace:terena.org:tcs:escience-admin (eScience institution administrator)
  • urn:mace:terena.org:tcs:personal-user (may request personal certificates)
  • urn:mace:terena.org:tcs:personal-admin (personal portal institution administrator)
Panel
Wiki Markup

...

 

ePPN

ePODN

mail

Full Name

entitlement

enforced

Log in

required

optional

optional

optional

optional

yes

Admin

required

required

optional

optional

required

yes

Create certificate

required

required

required

required

required

yes

Revoke certificate (user)

required

optional

optional

optional

optional

yes

E-Mail certificate

required

optional

required

optional

optional

yes

The 3 different Attribute Mapping cases

...