Supported Attributes
- We do not provide attributes that are only single valued: Especially Displayname
- All additional names get put into CN
- In the future offer proxy to do aggregation on behalf of SP
2.2.1. eduPersonAffiliation
2.2.2. eduPersonEntitlement
2.2.8. eduPersonPrincipalName -> Only incoming
2.2.10. eduPersonScopedAffiliation
2.2.11. eduPersonTargetedID -> Only incoming
2.2.12. eduPersonAssurance
2.2.13 eduPersonUniqueId
2.2.14 eduPersonOrcid
3.2. cn (commonName)
3.3. description
3.4. displayName -> Via IdP (R&S)
3.6. givenName
3.13. mail
3.15. mobile -> future use?
3.24. sn (surname)
3.27. telephoneNumber -> future use?
3.31. userCertificate
x.y IsMemberOf
Support of ssh pubkey?
Attribute Scoping
IsMemberOf and eduPersonEntitlement are both scoped to the VO using an at sign