From ae55fb928b33221f3020b84b567afb2baa3f9d95 Mon Sep 17 00:00:00 2001 From: Marcus Date: Mon, 31 Mar 2025 09:07:18 +0200 Subject: [PATCH 01/17] initial translation to scim --- schema/scim/eduperson_SCIM_example.json | 94 ++++ schema/scim/eduperson_schema.json | 658 ++++++++++++++++++++++++ 2 files changed, 752 insertions(+) create mode 100644 schema/scim/eduperson_SCIM_example.json create mode 100644 schema/scim/eduperson_schema.json diff --git a/schema/scim/eduperson_SCIM_example.json b/schema/scim/eduperson_SCIM_example.json new file mode 100644 index 0000000..62db102 --- /dev/null +++ b/schema/scim/eduperson_SCIM_example.json @@ -0,0 +1,94 @@ +{ + "schemas": [ + "urn:to-be-determined:scim:schemas:eduperson:User" + ], + "id": "d7a53cb23423420398409de7355956560282158ecac8f3d2c770b474862f4756", + "meta": { + "resourceType": "User", + "created": "2011-08-01T18:29:49.793Z", + "lastModified": "Invalid date", + "location": "https://example.com/v2/Users/2819c223...", + "version": "W/\"f250dd84f0671c3\"" + }, + + "eduPersonAffiliation": [ + "faculty"," staff"," member" + ], + "eduPersonEntitlement": [ + "http://xstor.com/contracts/HEd123", + "urn:mace:washington.edu:confocalMicroscope" + ], + "eduPersonNickname": "Spike", + "eduPersonOrgDN": "o=Hogwarts, dc=hsww, dc=wiz", + "eduPersonOrgUnitDN": "ou=Potions, o=Hogwarts, dc=hsww, dc=wiz", + "eduPersonPrimaryAffiliation": "student", + "eduPersonPrimaryOrgUnitDN": "ou=Music Department, o=Notre Dame, dc=nd, dc=edu", + "eduPersonPrincipalName": "hputter@hsww.wiz", + "eduPersonPrincipalNamePrior": [ + "baz@hsww.wiz", + "foo@hsww.wiz", + "bar@hsww.wiz" + ], + "eduPersonScopedAffiliation": "faculty@cs.berkeley.edu", + "eduPersonTargetedID": "https://aai-logon.switch.ch/idp/shibboleth!https://aai-viewer.switch.ch/shibboleth!a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35", + "eduPersonAssurance": "", + "eduPersonAssurance": [ + "https://refeds.org/assurance/IAP/high", + "https://refeds.org/assurance/IAP/medium", + "https://refeds.org/assurance/IAP/local-enterprise", + "https://refeds.org/assurance/ID/eppn-unique-no-reassign", + "https://refeds.org/assurance/ATP/ePA-1m", + "https://refeds.org/assurance/ATP/ePA-1d", + "https://aai.egi.eu/LoA#Substantial", + "https://refeds.org/assurance/ID/unique", + "https://refeds.org/assurance/profile/cappuccino", + "https://refeds.org/assurance/IAP/low" + ], + "eduPersonUniqueId": "28c5353b8bb34984a8bd4169ba94c606@foo.edu", + "eduPersonOrcid": "https://orcid.org/0000-0002-1825-0097", + "eduPersonAnalyticsTag": [ + "FOOBAR_ZORKMID", + "FOOBAR_ZORKMID2" + ], + "edupersonDisplayPronouns": [ + "She", "Ella", "她/她", "היא" + ], + # "audio": "", + "cn": "Mary Francis Xavier", + "description": "A jolly good felon", + "displayName": "Jack Dougherty", + "facsimileTelephoneNumber": "+44 71 123 4567", + "givenName": "Stephen", + "homePhone": "+1 608 555 1212", + "homePostalAddress": "1212 Como Ave.$Midton, SD 45621$USA", + "initials": [ "f", "x" ], + # "jpegPhoto": "", + "localityName": "Hudson Valley", + "labeledURI": "http://www.hsww.wiz/%7Eputter Harry's home page", + "mail": "dumbledwore@hsww.wiz", + "manager": "uid=twilliams, ou=people, dc=hobart, dc=edu", + "mobile": "+47 22 44 66 88", + "o": "St. Cloud State", + "ou": "Faculty Senate", + "pager": "+1 202 555 4321", + "postalAddress": "postalAddress: P.O. Box 333$Whoville, WH 99999$USA", + "postalCode": "54321", + "postOfficeBox": "109260", + "preferredLanguage": "EO", + "seeAlso": "cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk", + "sn": + [ + "sn: Carson-Smith", + "sn: Carson", + "sn: Smith" + ], + "st": "IL", + "street": "303 Mulberry St.", + "telephoneNumber": "+1 212 555 1234", + "title": "Assistant Vice-Deputy for Redundancy Reduction", + "uid": "gmettes" + # "uniqueIdentifier": "", + # "userPassword": "", + # "userSMIMECertificate": "", + # "x500uniqueIdentifier": "" +} diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json new file mode 100644 index 0000000..8cfb368 --- /dev/null +++ b/schema/scim/eduperson_schema.json @@ -0,0 +1,658 @@ +{ + "id": "urn:to-be-determined:scim:schemas:eduperson:User", + "name": "SCIM schema for eduPerson", + "description": "Attributes to describe a user in the context of eduPerson", + "attributes": [ + { + "name": "eduPersonAffiliation", + "saml_attribute_name": "eduPersonAffiliation", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.1", + "status": "stable", + "description": "eduPerson per Internet2 and EDUCAUSE", + "type": "string", # maybe complex; support controlled vocabulary + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "comment": "faculty, student, staff, alum, member, affiliate, employee, library-walk-in", + "comment": "Permissible values", + "uniqueness": "none" + },{ + "name": "eduPersonEntitlement", + "saml_attribute_name": "eduPersonEntitlement", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.7", + "status": "stable", + "description": "URI (either URN or URL) that indicates a set of rights to specific resources.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonNickname", + "saml_attribute_name": "eduPersonNickname", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.2", + "status": "stable", + "description": "Person's nickname, or the informal name by which they are accustomed to be hailed.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonOrgDN", + "saml_attribute_name": "eduPersonOrgDN", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.3", + "status": "stable", + "description": "The distinguished name (DN) of the directory entry representing the institution with which the person is associated.The directory entry pointed to by this dn should be represented in the X.521(2001) 'organization' object class The attribute set for organization is defined as follows: o (Organization Name, required}", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, # EQUALITY distinguishedNameMatch + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonOrgUnitDN", + "saml_attribute_name": "eduPersonOrgUnitDN", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.4", + "status": "stable", + "description": "The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s). May be multivalued, as for example, in the case of a faculty member with appointments in multiple departments or a person who is a student in one department and an employee in another.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, # EQUALITY distinguishedNameMatch + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrimaryAffiliation", + "saml_attribute_name": "eduPersonPrimaryAffiliation", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.5", + "status": "stable", + "description": "Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc", + "comment": "Permissible values faculty, student, staff, alum, member, affiliate, employee, library-walk-in", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrimaryOrgUnitDN", + "saml_attribute_name": "eduPersonPrimaryOrgUnitDN", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.8", + "status": "stable", + "description": "The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s).", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, # EQUALITY distinguishedNameMatch + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrincipalName", + "saml_attribute_name": "eduPersonPrincipalName", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", + "status": "stable", + "description": "A scoped identifier for a person. It should be represented in the form 'user@scope' where 'user' is a name-based identifier for the person and where the 'scope' portion MUST be the administrative domain of the identity system where the identifier was created and assigned. Each value of 'scope' defines a namespace within which the assigned identifiers MUST be unique. Given this rule, if two eduPersonPrincipalName (ePPN) values are the same at a given point in time, they refer to the same person. There must be one and only one '@' sign in valid values of eduPersonPrincipalName.", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrincipalNamePrior", + "saml_attribute_name": "eduPersonPrincipalNamePrior", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.12", + "status": "stable", + "description": "Each value of this multi-valued attribute represents an ePPN (eduPersonPrincipalName) value that was previously associated with the entry. The values MUST NOT include the currently valid ePPN value. There is no implied or assumed order to the values. This attribute MUST NOT be populated if ePPN values are ever reassigned to a different entry (after, for example, a period of dormancy). That is, they MUST be unique in space and over time.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonScopedAffiliation", + "saml_attribute_name": "eduPersonScopedAffiliation", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.9", + "status": "stable", + "description": "Specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. The values consist of a left and right component separated by an '@' sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary.This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName. The 'scope' portion MUST be the administrative domain to which the affiliation applies. Multiple '@' signs are not recommended, but in any case, the first occurrence of the '@' sign starting from the left is to be taken as the delimiter between components. Thus, user identifier is to the left, security domain to the right of the first '@'. This parsing rule conforms to the POSIX 'greedy' disambiguation method in regular expression processing.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonTargetedID", + "saml_attribute_name": "eduPersonTargetedID", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.10", + "status": "stable", + "description": "DEPRECATED", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "server" + },{ + "name": "eduPersonAssurance", + "saml_attribute_name": "eduPersonAssurance", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.11", + "status": "stable", + "description": "Set of URIs that assert compliance with specific standards for identity assurance.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonUniqueId", + "saml_attribute_name": "eduPersonUniqueId", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.13", + "status": "stable", + "description": "A long-lived, non re-assignable, omnidirectional identifier suitable for use as a principal identifier by authentication providers or as a unique external key by applications.", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "global" + },{ + "name": "eduPersonOrcid", + "saml_attribute_name": "eduPersonOrcid", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.16", + "status": "stable", + "description": "ORCID iDs are persistent digital identifiers for individual researchers. Their primary purpose is to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "global" + },{ + "name": "eduPersonAnalyticsTag", + "saml_attribute_name": "eduPersonAnalyticsTag", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.17", + "status": "stable", + "description": "An opaque string that aggregates the use of a service by a set of subjects for the purpose of reporting or analytics by the originating organization.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonDisplayPronouns", + "saml_attribute_name": "eduPersonDisplayPronouns", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.18", + "status": "stable", + "description": "Text representing the word(s) a person prefers as their personal pronoun(s). Multiple personal pronouns should include separators to support human readability, e.g., ‘Ashe’, ‘she/her/hers’, or ‘ella, ellas’, or ‘היא’, or ‘She/ella*, O /او , 她/她, היא’.", + "type": "string", + "multiValued": false, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + } + + , + + { + "name": "audio", + "saml_attribute_name": "audio", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.55", + "status": "stable", + "description": "RFC1274 notes that the proprietary format they recommend is 'interim' only.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "cn", + "saml_attribute_name": "cn", + "saml_attribute_urn": "urn:oid:2.5.4.3", + "status": "stable", + "description": "Common name. According to RFC4519, The 'cn' ('commonName' in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "description", + "saml_attribute_name": "description", + "saml_attribute_urn": "urn:oid:2.5.4.13", + "status": "stable", + "description": "Open-ended; whatever the person or the directory manager puts here. According to RFC4519, The 'description' attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "displayName", + "saml_attribute_name": "displayName", + "saml_attribute_urn": "urn:oid:2.16.840.1.113730.3.1.241", + "status": "stable", + "description": "The name(s) that should appear in white-pages-like applications for this person. From RFC2798 description: 'preferred name of a person to be used when displaying entries.'", + "type": "string", + "multiValued": false, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "facsimileTelephoneNumber", + "saml_attribute_name": "facsimileTelephoneNumber", + "saml_attribute_urn": "urn:oid:2.5.4.23", + "status": "stable", + "description": "According to RFC4519: 'The 'facsimileTelephoneNumber' attribute type contains telephone numbers (and, optionally, the parameters) for facsimile terminals. Each telephone number is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "givenName", + "saml_attribute_name": "givenName", + "saml_attribute_urn": "urn:oid:2.5.4.42", + "status": "stable", + "description": "From RFC4519 description: 'The 'givenName' attribute type contains name strings that are the part of a person's name that is not their surname. Each string is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "homePhone", + "saml_attribute_name": "homePhone", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.20", + "status": "stable", + "description": "From RFC1274 description: 'The [homePhone] attribute type specifies a home telephone number associated with a person.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "homePostalAddress", + "saml_attribute_name": "homePostalAddress", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.39", + "status": "stable", + "description": "From RFC1274 description: 'The Home postal address attribute type specifies a home postal address for an object. This should be limited to up to 6 lines of 30 characters each.' Semantics Home address. OrgPerson has a PostalAddress that complements this attribute.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "initials", + "saml_attribute_name": "initials", + "saml_attribute_urn": "urn:oid:2.5.4.43", + "status": "stable", + "description": "'The 'initials' attribute type contains strings of initials of some or all of an individual's names, except the surname(s). Each string is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "jpegPhoto", + "saml_attribute_name": "jpegPhoto", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.60", + "status": "stable", + "description": "Follow inetOrgPerson definition of RFC2798: 'Used to store one or more images of a person using the JPEG File Interchange Format [JFIF].'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "localityName", + "saml_attribute_name": "localityName", + "saml_attribute_urn": "urn:oid:2.5.4.7", + "status": "stable", + "description": "According to RFC4519, 'The 'l' ('localityName' in X.500) attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "labeledURI", + "saml_attribute_name": "labeledURI", + "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.250.1.57", + "status": "stable", + "description": "Follow inetOrgPerson definition of RFC2079: 'Uniform Resource Identifier with optional label.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "mail", + "saml_attribute_name": "mail", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.3", + "status": "stable", + "description": "From RFC4524: The 'mail' (rfc822mailbox) attribute type holds Internet mail addresses in Mailbox [RFC2821] form (e.g., user@example.com).", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "manager", + "saml_attribute_name": "manager", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.10", + "status": "stable", + "description": "From RFC4524: 'The 'manager' attribute specifies managers, by distinguished name, of the person (or entity).'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "mobile", + "saml_attribute_name": "mobile", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.41", + "status": "stable", + "description": "From RFC4524: 'The 'mobile' (mobileTelephoneNumber) attribute specifies mobile telephone numbers (e.g., '+1 775 555 6789' associated with a person (or entity).'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "o", + "saml_attribute_name": "o", + "saml_attribute_urn": "urn:oid:2.5.4.10", + "status": "stable", + "description": "Standard name of the top-level organization (institution) with which this person is associated.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "ou", + "saml_attribute_name": "ou", + "saml_attribute_urn": "urn:oid:2.5.4.11", + "status": "stable", + "description": "Organizational unit(s). According to X.520(2000), 'The Organizational Unit Name attribute type specifies an organizational unit. When used as a component of a directory name it identifies an organizational unit with which the named object is affiliated.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "pager", + "saml_attribute_name": "pager", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.42", + "status": "stable", + "description": "From RFC4524: 'The 'pager' (pagerTelephoneNumber) attribute specifies pager telephone numbers (e.g., '+1 775 555 5555') for an object.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "postalAddress", + "saml_attribute_name": "postalAddress", + "saml_attribute_urn": "urn:oid:2.5.4.16", + "status": "stable", + "description": "Campus or office address. inetOrgPerson has a homePostalAddress that complements this attribute. X.520(2000) reads: 'The Postal Address attribute type specifies the address information required for the physical postal delivery to an object.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "postalCode", + "saml_attribute_name": "postalCode", + "saml_attribute_urn": "urn:oid:2.5.4.17", + "status": "stable", + "description": "Follow X.500(2001): 'The postal code attribute type specifies the postal code of the named object. If this attribute value is present, it will be part of the object's postal address.' Zipcode in USA, postal code for other countries.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "postOfficeBox", + "saml_attribute_name": "postOfficeBox", + "saml_attribute_urn": "urn:oid:2.5.4.18", + "status": "stable", + "description": "From RFC4519: 'The 'postOfficeBox' attribute type contains postal box identifiers that a Postal Service uses when a customer arranges to receive mail at a box on the premises of the Postal Service. Each postal box identifier is a single value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "preferredLanguage", + "saml_attribute_name": "preferredLanguage", + "saml_attribute_urn": "urn:oid:2.16.840.1.113730.3.1.39", + "status": "stable", + "description": "Follow inetOrgPerson definition of RFC2798: 'preferred written or spoken language for a person.'", + "type": "string", + "multiValued": false, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "seeAlso", + "saml_attribute_name": "seeAlso", + "saml_attribute_urn": "urn:oid:2.5.4.34", + "status": "stable", + "description": "From RFC4519: The 'seeAlso' attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "sn", + "saml_attribute_name": "sn", + "saml_attribute_urn": "urn:oid:2.5.4.4", + "status": "stable", + "description": "Surname or family name. From RFC4519: 'The 'sn' ('surname' in X.500) attribute type contains name strings for the family names of a person. Each string is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "st", + "saml_attribute_name": "st", + "saml_attribute_urn": "urn:oid:2.5.4.8", + "status": "stable", + "description": "Abbreviation for state or province name. Format: The values should be coordinated on a national level. If well-known shortcuts exist, like the two-letter state abbreviations in the US, these abbreviations are preferred over longer full names. From RFC4519: 'The 'st' ('stateOrProvinceName' in X.500) attribute type contains the full names of states or provinces. Each name is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "street", + "saml_attribute_name": "street", + "saml_attribute_urn": "urn:oid:2.5.4.9", + "status": "stable", + "description": "From RFC4519: 'The 'street' ('streetAddress' in X.500) attribute type contains site information from a postal address (i.e., the street name, place, avenue, and the house number). Each street is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "telephoneNumber", + "saml_attribute_name": "telephoneNumber", + "saml_attribute_urn": "urn:oid:2.5.4.20", + "status": "stable", + "description": "Office/campus phone number. Attribute values should comply with the international format specified in ITU Recommendation E.123: e.g., '+44 71 123 4567.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "title", + "saml_attribute_name": "title", + "saml_attribute_urn": "urn:oid:2.5.4.12", + "status": "stable", + "description": "From RFC4519: 'The 'title' attribute type contains the title of a person in their organizational context. Each title is one value of this multi-valued attribute.' ", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "uid", + "saml_attribute_name": "uid", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.1", + "status": "stable", + "description": "From RFC4519: 'The 'uid' ('userid' in RFC1274) attribute type contains computer system login names associated with the object. Each name is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "uniqueIdentifier", + "saml_attribute_name": "uniqueIdentifier", + "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.44", + "status": "stable", + "description": "From RFC4524: 'The 'uniqueIdentifier' attribute specifies a unique identifier for an object represented in the Directory. The domain within which the identifier is unique and the exact semantics of the identifier are for local definition. For a person, this might be an institution- wide payroll number. For an organizational unit, it might be a department code.'", + "type": "string", + "multiValued": true, + "comment": "multi or single valued?", + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "userPassword", + "saml_attribute_name": "userPassword", + "saml_attribute_urn": "urn:oid:2.5.4.35", + "status": "stable", + "description": "This attribute identifies the entry's password and encryption method in the following format: {encryption method}encrypted password.", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "userSMIMECertificate", + "saml_attribute_name": "userSMIMECertificate", + "saml_attribute_urn": "urn:oid:2.16.840.1.113730.3.1.40", + "status": "stable", + "description": "An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634).", + "type": "string", + "multiValued": true, + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "x500uniqueIdentifier", + "saml_attribute_name": "x500uniqueIdentifier", + "saml_attribute_urn": "urn:oid:2.5.4.45", + "status": "stable", + "description": "Defined originally in X.509(96) and included in RFC2256.", + "type": "string", + "multiValued": false, + "comment": "multi or single valued", + "required": false, + # "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + } + ], + "meta": { + "resourceType": "Schema", + "location": "https://to-be-determited/scim/schemas/urn:geant:aarc:scim:schemas:AARC_Community_Identity" + } +} From 47f71e67e6c133448917c1b875a137e24fb149a0 Mon Sep 17 00:00:00 2001 From: Marcus Date: Mon, 31 Mar 2025 09:12:10 +0200 Subject: [PATCH 02/17] parseable version --- schema/scim/eduperson_SCIM_example.json | 12 +- schema/scim/eduperson_schema.json | 228 ++++-------------------- 2 files changed, 44 insertions(+), 196 deletions(-) diff --git a/schema/scim/eduperson_SCIM_example.json b/schema/scim/eduperson_SCIM_example.json index 62db102..028fec4 100644 --- a/schema/scim/eduperson_SCIM_example.json +++ b/schema/scim/eduperson_SCIM_example.json @@ -53,7 +53,7 @@ "edupersonDisplayPronouns": [ "She", "Ella", "她/她", "היא" ], - # "audio": "", + "cn": "Mary Francis Xavier", "description": "A jolly good felon", "displayName": "Jack Dougherty", @@ -62,7 +62,7 @@ "homePhone": "+1 608 555 1212", "homePostalAddress": "1212 Como Ave.$Midton, SD 45621$USA", "initials": [ "f", "x" ], - # "jpegPhoto": "", + "localityName": "Hudson Valley", "labeledURI": "http://www.hsww.wiz/%7Eputter Harry's home page", "mail": "dumbledwore@hsww.wiz", @@ -87,8 +87,8 @@ "telephoneNumber": "+1 212 555 1234", "title": "Assistant Vice-Deputy for Redundancy Reduction", "uid": "gmettes" - # "uniqueIdentifier": "", - # "userPassword": "", - # "userSMIMECertificate": "", - # "x500uniqueIdentifier": "" + + + + } diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index 8cfb368..1aa3a5a 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -5,24 +5,16 @@ "attributes": [ { "name": "eduPersonAffiliation", - "saml_attribute_name": "eduPersonAffiliation", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.1", - "status": "stable", "description": "eduPerson per Internet2 and EDUCAUSE", - "type": "string", # maybe complex; support controlled vocabulary + "type": "string", "multiValued": true, "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", - "comment": "faculty, student, staff, alum, member, affiliate, employee, library-walk-in", - "comment": "Permissible values", "uniqueness": "none" },{ "name": "eduPersonEntitlement", - "saml_attribute_name": "eduPersonEntitlement", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.7", - "status": "stable", "description": "URI (either URN or URL) that indicates a set of rights to specific resources.", "type": "string", "multiValued": true, @@ -33,9 +25,6 @@ "uniqueness": "none" },{ "name": "eduPersonNickname", - "saml_attribute_name": "eduPersonNickname", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.2", - "status": "stable", "description": "Person's nickname, or the informal name by which they are accustomed to be hailed.", "type": "string", "multiValued": true, @@ -46,37 +35,27 @@ "uniqueness": "none" },{ "name": "eduPersonOrgDN", - "saml_attribute_name": "eduPersonOrgDN", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.3", - "status": "stable", "description": "The distinguished name (DN) of the directory entry representing the institution with which the person is associated.The directory entry pointed to by this dn should be represented in the X.521(2001) 'organization' object class The attribute set for organization is defined as follows: o (Organization Name, required}", "type": "string", "multiValued": false, "required": false, - "caseExact": false, # EQUALITY distinguishedNameMatch + "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "eduPersonOrgUnitDN", - "saml_attribute_name": "eduPersonOrgUnitDN", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.4", - "status": "stable", "description": "The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s). May be multivalued, as for example, in the case of a faculty member with appointments in multiple departments or a person who is a student in one department and an employee in another.", "type": "string", "multiValued": true, "required": false, - "caseExact": false, # EQUALITY distinguishedNameMatch + "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "eduPersonPrimaryAffiliation", - "saml_attribute_name": "eduPersonPrimaryAffiliation", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.5", - "status": "stable", "description": "Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc", - "comment": "Permissible values faculty, student, staff, alum, member, affiliate, employee, library-walk-in", "type": "string", "multiValued": false, "required": false, @@ -86,22 +65,16 @@ "uniqueness": "none" },{ "name": "eduPersonPrimaryOrgUnitDN", - "saml_attribute_name": "eduPersonPrimaryOrgUnitDN", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.8", - "status": "stable", "description": "The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s).", "type": "string", "multiValued": false, "required": false, - "caseExact": false, # EQUALITY distinguishedNameMatch + "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "eduPersonPrincipalName", - "saml_attribute_name": "eduPersonPrincipalName", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", - "status": "stable", "description": "A scoped identifier for a person. It should be represented in the form 'user@scope' where 'user' is a name-based identifier for the person and where the 'scope' portion MUST be the administrative domain of the identity system where the identifier was created and assigned. Each value of 'scope' defines a namespace within which the assigned identifiers MUST be unique. Given this rule, if two eduPersonPrincipalName (ePPN) values are the same at a given point in time, they refer to the same person. There must be one and only one '@' sign in valid values of eduPersonPrincipalName.", "type": "string", "multiValued": false, @@ -112,9 +85,6 @@ "uniqueness": "none" },{ "name": "eduPersonPrincipalNamePrior", - "saml_attribute_name": "eduPersonPrincipalNamePrior", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.12", - "status": "stable", "description": "Each value of this multi-valued attribute represents an ePPN (eduPersonPrincipalName) value that was previously associated with the entry. The values MUST NOT include the currently valid ePPN value. There is no implied or assumed order to the values. This attribute MUST NOT be populated if ePPN values are ever reassigned to a different entry (after, for example, a period of dormancy). That is, they MUST be unique in space and over time.", "type": "string", "multiValued": true, @@ -125,9 +95,6 @@ "uniqueness": "none" },{ "name": "eduPersonScopedAffiliation", - "saml_attribute_name": "eduPersonScopedAffiliation", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.9", - "status": "stable", "description": "Specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. The values consist of a left and right component separated by an '@' sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary.This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName. The 'scope' portion MUST be the administrative domain to which the affiliation applies. Multiple '@' signs are not recommended, but in any case, the first occurrence of the '@' sign starting from the left is to be taken as the delimiter between components. Thus, user identifier is to the left, security domain to the right of the first '@'. This parsing rule conforms to the POSIX 'greedy' disambiguation method in regular expression processing.", "type": "string", "multiValued": true, @@ -138,9 +105,6 @@ "uniqueness": "none" },{ "name": "eduPersonTargetedID", - "saml_attribute_name": "eduPersonTargetedID", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.10", - "status": "stable", "description": "DEPRECATED", "type": "string", "multiValued": true, @@ -151,9 +115,6 @@ "uniqueness": "server" },{ "name": "eduPersonAssurance", - "saml_attribute_name": "eduPersonAssurance", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.11", - "status": "stable", "description": "Set of URIs that assert compliance with specific standards for identity assurance.", "type": "string", "multiValued": true, @@ -164,9 +125,6 @@ "uniqueness": "none" },{ "name": "eduPersonUniqueId", - "saml_attribute_name": "eduPersonUniqueId", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.13", - "status": "stable", "description": "A long-lived, non re-assignable, omnidirectional identifier suitable for use as a principal identifier by authentication providers or as a unique external key by applications.", "type": "string", "multiValued": false, @@ -177,9 +135,6 @@ "uniqueness": "global" },{ "name": "eduPersonOrcid", - "saml_attribute_name": "eduPersonOrcid", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.16", - "status": "stable", "description": "ORCID iDs are persistent digital identifiers for individual researchers. Their primary purpose is to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.", "type": "string", "multiValued": true, @@ -190,9 +145,6 @@ "uniqueness": "global" },{ "name": "eduPersonAnalyticsTag", - "saml_attribute_name": "eduPersonAnalyticsTag", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.17", - "status": "stable", "description": "An opaque string that aggregates the use of a service by a set of subjects for the purpose of reporting or analytics by the originating organization.", "type": "string", "multiValued": true, @@ -203,14 +155,11 @@ "uniqueness": "none" },{ "name": "eduPersonDisplayPronouns", - "saml_attribute_name": "eduPersonDisplayPronouns", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.5923.1.1.1.18", - "status": "stable", "description": "Text representing the word(s) a person prefers as their personal pronoun(s). Multiple personal pronouns should include separators to support human readability, e.g., ‘Ashe’, ‘she/her/hers’, or ‘ella, ellas’, or ‘היא’, or ‘She/ella*, O /او , 她/她, היא’.", "type": "string", "multiValued": false, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -220,432 +169,331 @@ { "name": "audio", - "saml_attribute_name": "audio", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.55", - "status": "stable", "description": "RFC1274 notes that the proprietary format they recommend is 'interim' only.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "cn", - "saml_attribute_name": "cn", - "saml_attribute_urn": "urn:oid:2.5.4.3", - "status": "stable", "description": "Common name. According to RFC4519, The 'cn' ('commonName' in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "description", - "saml_attribute_name": "description", - "saml_attribute_urn": "urn:oid:2.5.4.13", - "status": "stable", "description": "Open-ended; whatever the person or the directory manager puts here. According to RFC4519, The 'description' attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "displayName", - "saml_attribute_name": "displayName", - "saml_attribute_urn": "urn:oid:2.16.840.1.113730.3.1.241", - "status": "stable", "description": "The name(s) that should appear in white-pages-like applications for this person. From RFC2798 description: 'preferred name of a person to be used when displaying entries.'", "type": "string", "multiValued": false, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "facsimileTelephoneNumber", - "saml_attribute_name": "facsimileTelephoneNumber", - "saml_attribute_urn": "urn:oid:2.5.4.23", - "status": "stable", "description": "According to RFC4519: 'The 'facsimileTelephoneNumber' attribute type contains telephone numbers (and, optionally, the parameters) for facsimile terminals. Each telephone number is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "givenName", - "saml_attribute_name": "givenName", - "saml_attribute_urn": "urn:oid:2.5.4.42", - "status": "stable", "description": "From RFC4519 description: 'The 'givenName' attribute type contains name strings that are the part of a person's name that is not their surname. Each string is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "homePhone", - "saml_attribute_name": "homePhone", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.20", - "status": "stable", "description": "From RFC1274 description: 'The [homePhone] attribute type specifies a home telephone number associated with a person.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "homePostalAddress", - "saml_attribute_name": "homePostalAddress", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.39", - "status": "stable", "description": "From RFC1274 description: 'The Home postal address attribute type specifies a home postal address for an object. This should be limited to up to 6 lines of 30 characters each.' Semantics Home address. OrgPerson has a PostalAddress that complements this attribute.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "initials", - "saml_attribute_name": "initials", - "saml_attribute_urn": "urn:oid:2.5.4.43", - "status": "stable", "description": "'The 'initials' attribute type contains strings of initials of some or all of an individual's names, except the surname(s). Each string is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "jpegPhoto", - "saml_attribute_name": "jpegPhoto", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.60", - "status": "stable", "description": "Follow inetOrgPerson definition of RFC2798: 'Used to store one or more images of a person using the JPEG File Interchange Format [JFIF].'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "localityName", - "saml_attribute_name": "localityName", - "saml_attribute_urn": "urn:oid:2.5.4.7", - "status": "stable", "description": "According to RFC4519, 'The 'l' ('localityName' in X.500) attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "labeledURI", - "saml_attribute_name": "labeledURI", - "saml_attribute_urn": "urn:oid:1.3.6.1.4.1.250.1.57", - "status": "stable", "description": "Follow inetOrgPerson definition of RFC2079: 'Uniform Resource Identifier with optional label.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "mail", - "saml_attribute_name": "mail", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.3", - "status": "stable", "description": "From RFC4524: The 'mail' (rfc822mailbox) attribute type holds Internet mail addresses in Mailbox [RFC2821] form (e.g., user@example.com).", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "manager", - "saml_attribute_name": "manager", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.10", - "status": "stable", "description": "From RFC4524: 'The 'manager' attribute specifies managers, by distinguished name, of the person (or entity).'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "mobile", - "saml_attribute_name": "mobile", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.41", - "status": "stable", "description": "From RFC4524: 'The 'mobile' (mobileTelephoneNumber) attribute specifies mobile telephone numbers (e.g., '+1 775 555 6789' associated with a person (or entity).'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "o", - "saml_attribute_name": "o", - "saml_attribute_urn": "urn:oid:2.5.4.10", - "status": "stable", "description": "Standard name of the top-level organization (institution) with which this person is associated.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "ou", - "saml_attribute_name": "ou", - "saml_attribute_urn": "urn:oid:2.5.4.11", - "status": "stable", "description": "Organizational unit(s). According to X.520(2000), 'The Organizational Unit Name attribute type specifies an organizational unit. When used as a component of a directory name it identifies an organizational unit with which the named object is affiliated.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "pager", - "saml_attribute_name": "pager", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.42", - "status": "stable", "description": "From RFC4524: 'The 'pager' (pagerTelephoneNumber) attribute specifies pager telephone numbers (e.g., '+1 775 555 5555') for an object.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "postalAddress", - "saml_attribute_name": "postalAddress", - "saml_attribute_urn": "urn:oid:2.5.4.16", - "status": "stable", "description": "Campus or office address. inetOrgPerson has a homePostalAddress that complements this attribute. X.520(2000) reads: 'The Postal Address attribute type specifies the address information required for the physical postal delivery to an object.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "postalCode", - "saml_attribute_name": "postalCode", - "saml_attribute_urn": "urn:oid:2.5.4.17", - "status": "stable", "description": "Follow X.500(2001): 'The postal code attribute type specifies the postal code of the named object. If this attribute value is present, it will be part of the object's postal address.' Zipcode in USA, postal code for other countries.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "postOfficeBox", - "saml_attribute_name": "postOfficeBox", - "saml_attribute_urn": "urn:oid:2.5.4.18", - "status": "stable", "description": "From RFC4519: 'The 'postOfficeBox' attribute type contains postal box identifiers that a Postal Service uses when a customer arranges to receive mail at a box on the premises of the Postal Service. Each postal box identifier is a single value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "preferredLanguage", - "saml_attribute_name": "preferredLanguage", - "saml_attribute_urn": "urn:oid:2.16.840.1.113730.3.1.39", - "status": "stable", "description": "Follow inetOrgPerson definition of RFC2798: 'preferred written or spoken language for a person.'", "type": "string", "multiValued": false, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "seeAlso", - "saml_attribute_name": "seeAlso", - "saml_attribute_urn": "urn:oid:2.5.4.34", - "status": "stable", "description": "From RFC4519: The 'seeAlso' attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "sn", - "saml_attribute_name": "sn", - "saml_attribute_urn": "urn:oid:2.5.4.4", - "status": "stable", "description": "Surname or family name. From RFC4519: 'The 'sn' ('surname' in X.500) attribute type contains name strings for the family names of a person. Each string is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "st", - "saml_attribute_name": "st", - "saml_attribute_urn": "urn:oid:2.5.4.8", - "status": "stable", "description": "Abbreviation for state or province name. Format: The values should be coordinated on a national level. If well-known shortcuts exist, like the two-letter state abbreviations in the US, these abbreviations are preferred over longer full names. From RFC4519: 'The 'st' ('stateOrProvinceName' in X.500) attribute type contains the full names of states or provinces. Each name is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "street", - "saml_attribute_name": "street", - "saml_attribute_urn": "urn:oid:2.5.4.9", - "status": "stable", "description": "From RFC4519: 'The 'street' ('streetAddress' in X.500) attribute type contains site information from a postal address (i.e., the street name, place, avenue, and the house number). Each street is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "telephoneNumber", - "saml_attribute_name": "telephoneNumber", - "saml_attribute_urn": "urn:oid:2.5.4.20", - "status": "stable", "description": "Office/campus phone number. Attribute values should comply with the international format specified in ITU Recommendation E.123: e.g., '+44 71 123 4567.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "title", - "saml_attribute_name": "title", - "saml_attribute_urn": "urn:oid:2.5.4.12", - "status": "stable", "description": "From RFC4519: 'The 'title' attribute type contains the title of a person in their organizational context. Each title is one value of this multi-valued attribute.' ", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "uid", - "saml_attribute_name": "uid", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.1", - "status": "stable", "description": "From RFC4519: 'The 'uid' ('userid' in RFC1274) attribute type contains computer system login names associated with the object. Each name is one value of this multi-valued attribute.'", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "uniqueIdentifier", - "saml_attribute_name": "uniqueIdentifier", - "saml_attribute_urn": "urn:oid:0.9.2342.19200300.100.1.44", - "status": "stable", "description": "From RFC4524: 'The 'uniqueIdentifier' attribute specifies a unique identifier for an object represented in the Directory. The domain within which the identifier is unique and the exact semantics of the identifier are for local definition. For a person, this might be an institution- wide payroll number. For an organizational unit, it might be a department code.'", "type": "string", "multiValued": true, - "comment": "multi or single valued?", "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "userPassword", - "saml_attribute_name": "userPassword", - "saml_attribute_urn": "urn:oid:2.5.4.35", - "status": "stable", "description": "This attribute identifies the entry's password and encryption method in the following format: {encryption method}encrypted password.", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "userSMIMECertificate", - "saml_attribute_name": "userSMIMECertificate", - "saml_attribute_urn": "urn:oid:2.16.840.1.113730.3.1.40", - "status": "stable", "description": "An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634).", "type": "string", "multiValued": true, "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" },{ "name": "x500uniqueIdentifier", - "saml_attribute_name": "x500uniqueIdentifier", - "saml_attribute_urn": "urn:oid:2.5.4.45", - "status": "stable", "description": "Defined originally in X.509(96) and included in RFC2256.", "type": "string", "multiValued": false, - "comment": "multi or single valued", "required": false, - # "caseExact": true, + "mutability": "readWrite", "returned": "default", "uniqueness": "none" From 9357b497ada1991993a9feb86569294c47579621 Mon Sep 17 00:00:00 2001 From: Marcus Date: Mon, 31 Mar 2025 09:42:43 +0200 Subject: [PATCH 03/17] add canoncialValues --- schema/scim/eduperson_schema.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index 1aa3a5a..d68939c 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -12,6 +12,16 @@ "caseExact": false, "mutability": "readWrite", "returned": "default", + "canonicalValues": [ + "faculty", + "student", + "staff", + "alum", + "member", + "affiliate", + "employee", + "library-walk-in" + ], "uniqueness": "none" },{ "name": "eduPersonEntitlement", From 90084c53dc3d43cd93b922f4dd87ab5a5ef13708 Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 29 Apr 2025 13:48:15 +0200 Subject: [PATCH 04/17] Change name to a geant urn --- schema/scim/eduperson_schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index d68939c..79486c6 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -1,5 +1,5 @@ { - "id": "urn:to-be-determined:scim:schemas:eduperson:User", + "id": "urn:geant:scim:schemas:eduperson:User", "name": "SCIM schema for eduPerson", "description": "Attributes to describe a user in the context of eduPerson", "attributes": [ From 438360ab0f81f7d63f7c02a2bb6e8d2df2f9f31f Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 12:20:23 +0200 Subject: [PATCH 05/17] raw version of schema --- schema/scim/eduperson_SCIM_example_raw.json | 92 ++++ schema/scim/eduperson_schema_raw.json | 516 ++++++++++++++++++++ 2 files changed, 608 insertions(+) create mode 100644 schema/scim/eduperson_SCIM_example_raw.json create mode 100644 schema/scim/eduperson_schema_raw.json diff --git a/schema/scim/eduperson_SCIM_example_raw.json b/schema/scim/eduperson_SCIM_example_raw.json new file mode 100644 index 0000000..b39dbce --- /dev/null +++ b/schema/scim/eduperson_SCIM_example_raw.json @@ -0,0 +1,92 @@ +{ + "schemas": [ + "urn:ietf:params:scim:schemas:core:2.0:User", # Required by parser + "urn:geant:scim:schemas:eduperson:User" + ], + "userName": "some id", # Required by scim:schemas:core:2.0:User + "id": "d7a53cb23423420398409de7355956560282158ecac8f3d2c770b474862f4756", + "meta": { + "resourceType": "User", + "created": "2011-08-01T18:29:49.793Z", + "lastModified": "Invalid date", + "location": "https://example.com/v2/Users/2819c223...", + "version": "W/\"f250dd84f0671c3\"" + }, + + "eduPersonAffiliation": [ + "faculty"," staff"," member" + ], + "eduPersonEntitlement": [ + "http://xstor.com/contracts/HEd123", + "urn:mace:washington.edu:confocalMicroscope" + ], + "eduPersonNickname": "Spike", + "eduPersonOrgDN": "o=Hogwarts, dc=hsww, dc=wiz", + "eduPersonOrgUnitDN": "ou=Potions, o=Hogwarts, dc=hsww, dc=wiz", + "eduPersonPrimaryAffiliation": "student", + "eduPersonPrimaryOrgUnitDN": "ou=Music Department, o=Notre Dame, dc=nd, dc=edu", + "eduPersonPrincipalName": "hputter@hsww.wiz", + "eduPersonPrincipalNamePrior": [ + "baz@hsww.wiz", + "foo@hsww.wiz", + "bar@hsww.wiz" + ], + "eduPersonScopedAffiliation": "faculty@cs.berkeley.edu", + "eduPersonTargetedID": "https://aai-logon.switch.ch/idp/shibboleth!https://aai-viewer.switch.ch/shibboleth!a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35", + "eduPersonAssurance": "", + "eduPersonAssurance": [ + "https://refeds.org/assurance/IAP/high", + "https://refeds.org/assurance/IAP/medium", + "https://refeds.org/assurance/IAP/local-enterprise", + "https://refeds.org/assurance/ID/eppn-unique-no-reassign", + "https://refeds.org/assurance/ATP/ePA-1m", + "https://refeds.org/assurance/ATP/ePA-1d", + "https://aai.egi.eu/LoA#Substantial", + "https://refeds.org/assurance/ID/unique", + "https://refeds.org/assurance/profile/cappuccino", + "https://refeds.org/assurance/IAP/low" + ], + "eduPersonUniqueId": "28c5353b8bb34984a8bd4169ba94c606@foo.edu", + "eduPersonOrcid": "https://orcid.org/0000-0002-1825-0097", + "eduPersonAnalyticsTag": [ + "FOOBAR_ZORKMID", + "FOOBAR_ZORKMID2" + ], + "edupersonDisplayPronouns": [ + "She", "Ella", "她/她", "היא" + ], + + "cn": "Mary Francis Xavier", + "description": "A jolly good felon", + "displayName": "Jack Dougherty", + "facsimileTelephoneNumber": "+44 71 123 4567", + "givenName": "Stephen", + "homePhone": "+1 608 555 1212", + "homePostalAddress": "1212 Como Ave.$Midton, SD 45621$USA", + "initials": [ "f", "x" ], + + "localityName": "Hudson Valley", + "labeledURI": "http://www.hsww.wiz/%7Eputter Harry's home page", + "mail": "dumbledwore@hsww.wiz", + "manager": "uid=twilliams, ou=people, dc=hobart, dc=edu", + "mobile": "+47 22 44 66 88", + "o": "St. Cloud State", + "ou": "Faculty Senate", + "pager": "+1 202 555 4321", + "postalAddress": "postalAddress: P.O. Box 333$Whoville, WH 99999$USA", + "postalCode": "54321", + "postOfficeBox": "109260", + "preferredLanguage": "EO", + "seeAlso": "cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk", + "sn": + [ + "sn: Carson-Smith", + "sn: Carson", + "sn: Smith" + ], + "st": "IL", + "street": "303 Mulberry St.", + "telephoneNumber": "+1 212 555 1234", + "title": "Assistant Vice-Deputy for Redundancy Reduction", + "uid": "gmettes" +} diff --git a/schema/scim/eduperson_schema_raw.json b/schema/scim/eduperson_schema_raw.json new file mode 100644 index 0000000..42eaa42 --- /dev/null +++ b/schema/scim/eduperson_schema_raw.json @@ -0,0 +1,516 @@ +{ + "id": "urn:geant:scim:schemas:eduperson:User", + "name": "SCIM schema for eduPerson", + "description": "Attributes to describe a user in the context of eduPerson", + "attributes": [ + { + "name": "eduPersonAffiliation", + "description": "eduPerson per Internet2 and EDUCAUSE", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "canonicalValues": [ + "faculty", + "student", + "staff", + "alum", + "member", + "affiliate", + "employee", + "library-walk-in" + ], + "uniqueness": "none" + },{ + "name": "eduPersonEntitlement", + "description": "URI (either URN or URL) that indicates a set of rights to specific resources.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonNickname", + "description": "Person's nickname, or the informal name by which they are accustomed to be hailed.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonOrgDN", + "description": "The distinguished name (DN) of the directory entry representing the institution with which the person is associated.The directory entry pointed to by this dn should be represented in the X.521(2001) 'organization' object class The attribute set for organization is defined as follows: o (Organization Name, required}", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonOrgUnitDN", + "description": "The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s). May be multivalued, as for example, in the case of a faculty member with appointments in multiple departments or a person who is a student in one department and an employee in another.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrimaryAffiliation", + "description": "Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrimaryOrgUnitDN", + "description": "The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s).", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrincipalName", + "description": "A scoped identifier for a person. It should be represented in the form 'user@scope' where 'user' is a name-based identifier for the person and where the 'scope' portion MUST be the administrative domain of the identity system where the identifier was created and assigned. Each value of 'scope' defines a namespace within which the assigned identifiers MUST be unique. Given this rule, if two eduPersonPrincipalName (ePPN) values are the same at a given point in time, they refer to the same person. There must be one and only one '@' sign in valid values of eduPersonPrincipalName.", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonPrincipalNamePrior", + "description": "Each value of this multi-valued attribute represents an ePPN (eduPersonPrincipalName) value that was previously associated with the entry. The values MUST NOT include the currently valid ePPN value. There is no implied or assumed order to the values. This attribute MUST NOT be populated if ePPN values are ever reassigned to a different entry (after, for example, a period of dormancy). That is, they MUST be unique in space and over time.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonScopedAffiliation", + "description": "Specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. The values consist of a left and right component separated by an '@' sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary.This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName. The 'scope' portion MUST be the administrative domain to which the affiliation applies. Multiple '@' signs are not recommended, but in any case, the first occurrence of the '@' sign starting from the left is to be taken as the delimiter between components. Thus, user identifier is to the left, security domain to the right of the first '@'. This parsing rule conforms to the POSIX 'greedy' disambiguation method in regular expression processing.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonTargetedID", + "description": "DEPRECATED", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "server" + },{ + "name": "eduPersonAssurance", + "description": "Set of URIs that assert compliance with specific standards for identity assurance.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonUniqueId", + "description": "A long-lived, non re-assignable, omnidirectional identifier suitable for use as a principal identifier by authentication providers or as a unique external key by applications.", + "type": "string", + "multiValued": false, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "global" + },{ + "name": "eduPersonOrcid", + "description": "ORCID iDs are persistent digital identifiers for individual researchers. Their primary purpose is to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": false, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "global" + },{ + "name": "eduPersonAnalyticsTag", + "description": "An opaque string that aggregates the use of a service by a set of subjects for the purpose of reporting or analytics by the originating organization.", + "type": "string", + "multiValued": true, + "required": false, + "caseExact": true, + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "eduPersonDisplayPronouns", + "description": "Text representing the word(s) a person prefers as their personal pronoun(s). Multiple personal pronouns should include separators to support human readability, e.g., ‘Ashe’, ‘she/her/hers’, or ‘ella, ellas’, or ‘היא’, or ‘She/ella*, O /او , 她/她, היא’.", + "type": "string", + "multiValued": false, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + } + + , + + { + "name": "audio", + "description": "RFC1274 notes that the proprietary format they recommend is 'interim' only.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "cn", + "description": "Common name. According to RFC4519, The 'cn' ('commonName' in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "description", + "description": "Open-ended; whatever the person or the directory manager puts here. According to RFC4519, The 'description' attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "displayName", + "description": "The name(s) that should appear in white-pages-like applications for this person. From RFC2798 description: 'preferred name of a person to be used when displaying entries.'", + "type": "string", + "multiValued": false, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "facsimileTelephoneNumber", + "description": "According to RFC4519: 'The 'facsimileTelephoneNumber' attribute type contains telephone numbers (and, optionally, the parameters) for facsimile terminals. Each telephone number is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "givenName", + "description": "From RFC4519 description: 'The 'givenName' attribute type contains name strings that are the part of a person's name that is not their surname. Each string is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "homePhone", + "description": "From RFC1274 description: 'The [homePhone] attribute type specifies a home telephone number associated with a person.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "homePostalAddress", + "description": "From RFC1274 description: 'The Home postal address attribute type specifies a home postal address for an object. This should be limited to up to 6 lines of 30 characters each.' Semantics Home address. OrgPerson has a PostalAddress that complements this attribute.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "initials", + "description": "'The 'initials' attribute type contains strings of initials of some or all of an individual's names, except the surname(s). Each string is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "jpegPhoto", + "description": "Follow inetOrgPerson definition of RFC2798: 'Used to store one or more images of a person using the JPEG File Interchange Format [JFIF].'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "localityName", + "description": "According to RFC4519, 'The 'l' ('localityName' in X.500) attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "labeledURI", + "description": "Follow inetOrgPerson definition of RFC2079: 'Uniform Resource Identifier with optional label.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "mail", + "description": "From RFC4524: The 'mail' (rfc822mailbox) attribute type holds Internet mail addresses in Mailbox [RFC2821] form (e.g., user@example.com).", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "manager", + "description": "From RFC4524: 'The 'manager' attribute specifies managers, by distinguished name, of the person (or entity).'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "mobile", + "description": "From RFC4524: 'The 'mobile' (mobileTelephoneNumber) attribute specifies mobile telephone numbers (e.g., '+1 775 555 6789' associated with a person (or entity).'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "o", + "description": "Standard name of the top-level organization (institution) with which this person is associated.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "ou", + "description": "Organizational unit(s). According to X.520(2000), 'The Organizational Unit Name attribute type specifies an organizational unit. When used as a component of a directory name it identifies an organizational unit with which the named object is affiliated.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "pager", + "description": "From RFC4524: 'The 'pager' (pagerTelephoneNumber) attribute specifies pager telephone numbers (e.g., '+1 775 555 5555') for an object.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "postalAddress", + "description": "Campus or office address. inetOrgPerson has a homePostalAddress that complements this attribute. X.520(2000) reads: 'The Postal Address attribute type specifies the address information required for the physical postal delivery to an object.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "postalCode", + "description": "Follow X.500(2001): 'The postal code attribute type specifies the postal code of the named object. If this attribute value is present, it will be part of the object's postal address.' Zipcode in USA, postal code for other countries.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "postOfficeBox", + "description": "From RFC4519: 'The 'postOfficeBox' attribute type contains postal box identifiers that a Postal Service uses when a customer arranges to receive mail at a box on the premises of the Postal Service. Each postal box identifier is a single value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "preferredLanguage", + "description": "Follow inetOrgPerson definition of RFC2798: 'preferred written or spoken language for a person.'", + "type": "string", + "multiValued": false, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "seeAlso", + "description": "From RFC4519: The 'seeAlso' attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "sn", + "description": "Surname or family name. From RFC4519: 'The 'sn' ('surname' in X.500) attribute type contains name strings for the family names of a person. Each string is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "st", + "description": "Abbreviation for state or province name. Format: The values should be coordinated on a national level. If well-known shortcuts exist, like the two-letter state abbreviations in the US, these abbreviations are preferred over longer full names. From RFC4519: 'The 'st' ('stateOrProvinceName' in X.500) attribute type contains the full names of states or provinces. Each name is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "street", + "description": "From RFC4519: 'The 'street' ('streetAddress' in X.500) attribute type contains site information from a postal address (i.e., the street name, place, avenue, and the house number). Each street is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "telephoneNumber", + "description": "Office/campus phone number. Attribute values should comply with the international format specified in ITU Recommendation E.123: e.g., '+44 71 123 4567.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "title", + "description": "From RFC4519: 'The 'title' attribute type contains the title of a person in their organizational context. Each title is one value of this multi-valued attribute.' ", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "uid", + "description": "From RFC4519: 'The 'uid' ('userid' in RFC1274) attribute type contains computer system login names associated with the object. Each name is one value of this multi-valued attribute.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "uniqueIdentifier", + "description": "From RFC4524: 'The 'uniqueIdentifier' attribute specifies a unique identifier for an object represented in the Directory. The domain within which the identifier is unique and the exact semantics of the identifier are for local definition. For a person, this might be an institution- wide payroll number. For an organizational unit, it might be a department code.'", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "userPassword", + "description": "This attribute identifies the entry's password and encryption method in the following format: {encryption method}encrypted password.", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "userSMIMECertificate", + "description": "An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634).", + "type": "string", + "multiValued": true, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + },{ + "name": "x500uniqueIdentifier", + "description": "Defined originally in X.509(96) and included in RFC2256.", + "type": "string", + "multiValued": false, + "required": false, + + "mutability": "readWrite", + "returned": "default", + "uniqueness": "none" + } + ], + "meta": { + "resourceType": "Schema", + "location": "https://to-be-determited/scim/schemas/urn:geant:scim:schemas:eduperson:User" + } +} From fc9efeb7c2b062de8a239fcd6d70a2205efbd5bd Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 12:20:47 +0200 Subject: [PATCH 06/17] convert raw to a valid schema / cim file --- schema/scim/make_parseable.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100755 schema/scim/make_parseable.sh diff --git a/schema/scim/make_parseable.sh b/schema/scim/make_parseable.sh new file mode 100755 index 0000000..341c146 --- /dev/null +++ b/schema/scim/make_parseable.sh @@ -0,0 +1,18 @@ +#!/bin/bash + + +cat eduperson_schema_raw.json\ + | grep -vE "(saml_attribute_name|saml_attribute_urn|status|comment)\":" \ + | sed s/"#.*"// \ + | sed s_\ //.*__ \ + | sed s/\"unclear.*\"/true/ \ + | sed s/\"to\ be\ evaluated\"/true/ \ + > eduperson_schema.json + +cat eduperson_SCIM_example_raw.json\ + | grep -vE "(saml_attribute_name|saml_attribute_urn|status|comment)\":" \ + | sed s/"#\ .*"// \ + | sed s_\ //.*__ \ + | sed s/\"unclear.*\"/true/ \ + | sed s/\"to\ be\ evaluated\"/true/ \ + > eduperson_SCIM_example.json From 16a957afee2d94f648d4496390e9a619fd22025f Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 12:21:13 +0200 Subject: [PATCH 07/17] short description --- schema/scim/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 schema/scim/README.md diff --git a/schema/scim/README.md b/schema/scim/README.md new file mode 100644 index 0000000..5e064d8 --- /dev/null +++ b/schema/scim/README.md @@ -0,0 +1 @@ +An eduperson representation in SCIM. From 0a8853e81b01588541602d922d42223b0af4db1e Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 12:24:27 +0200 Subject: [PATCH 08/17] change location of schema --- schema/scim/eduperson_schema.json | 2 +- schema/scim/eduperson_schema_raw.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index 79486c6..afc252e 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -511,6 +511,6 @@ ], "meta": { "resourceType": "Schema", - "location": "https://to-be-determited/scim/schemas/urn:geant:aarc:scim:schemas:AARC_Community_Identity" + "location": "https://refeds.org/eduperson/scim/urn:geant:scim:schemas:eduperson:User" } } diff --git a/schema/scim/eduperson_schema_raw.json b/schema/scim/eduperson_schema_raw.json index 42eaa42..afc252e 100644 --- a/schema/scim/eduperson_schema_raw.json +++ b/schema/scim/eduperson_schema_raw.json @@ -511,6 +511,6 @@ ], "meta": { "resourceType": "Schema", - "location": "https://to-be-determited/scim/schemas/urn:geant:scim:schemas:eduperson:User" + "location": "https://refeds.org/eduperson/scim/urn:geant:scim:schemas:eduperson:User" } } From 0876ab3c77f9a2505c06c60dd04d64962c46f670 Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 12:25:20 +0200 Subject: [PATCH 09/17] add core schema for parser to work --- schema/scim/eduperson_SCIM_example.json | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/schema/scim/eduperson_SCIM_example.json b/schema/scim/eduperson_SCIM_example.json index 028fec4..943106c 100644 --- a/schema/scim/eduperson_SCIM_example.json +++ b/schema/scim/eduperson_SCIM_example.json @@ -1,7 +1,9 @@ { "schemas": [ - "urn:to-be-determined:scim:schemas:eduperson:User" + "urn:ietf:params:scim:schemas:core:2.0:User", + "urn:geant:scim:schemas:eduperson:User" ], + "userName": "some id", "id": "d7a53cb23423420398409de7355956560282158ecac8f3d2c770b474862f4756", "meta": { "resourceType": "User", @@ -87,8 +89,4 @@ "telephoneNumber": "+1 212 555 1234", "title": "Assistant Vice-Deputy for Redundancy Reduction", "uid": "gmettes" - - - - } From a11b86f76cd41b8dc0770303820cf66e9e870930 Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 13:52:52 +0200 Subject: [PATCH 10/17] remove empty lines --- schema/scim/eduperson_schema.json | 36 ------------------------------- schema/scim/make_parseable.sh | 2 ++ 2 files changed, 2 insertions(+), 36 deletions(-) diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index afc252e..e6dd635 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -169,21 +169,17 @@ "type": "string", "multiValued": false, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" } - , - { "name": "audio", "description": "RFC1274 notes that the proprietary format they recommend is 'interim' only.", "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -193,7 +189,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -203,7 +198,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -213,7 +207,6 @@ "type": "string", "multiValued": false, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -223,7 +216,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -233,7 +225,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -243,7 +234,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -253,7 +243,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -263,7 +252,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -273,7 +261,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -283,7 +270,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -293,7 +279,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -303,7 +288,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -313,7 +297,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -323,7 +306,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -333,7 +315,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -343,7 +324,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -353,7 +333,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -363,7 +342,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -373,7 +351,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -383,7 +360,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -393,7 +369,6 @@ "type": "string", "multiValued": false, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -403,7 +378,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -413,7 +387,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -423,7 +396,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -433,7 +405,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -443,7 +414,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -453,7 +423,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -463,7 +432,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -473,7 +441,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -483,7 +450,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -493,7 +459,6 @@ "type": "string", "multiValued": true, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" @@ -503,7 +468,6 @@ "type": "string", "multiValued": false, "required": false, - "mutability": "readWrite", "returned": "default", "uniqueness": "none" diff --git a/schema/scim/make_parseable.sh b/schema/scim/make_parseable.sh index 341c146..054ee9e 100755 --- a/schema/scim/make_parseable.sh +++ b/schema/scim/make_parseable.sh @@ -7,6 +7,7 @@ cat eduperson_schema_raw.json\ | sed s_\ //.*__ \ | sed s/\"unclear.*\"/true/ \ | sed s/\"to\ be\ evaluated\"/true/ \ + | sed '/^\ *$/d' \ > eduperson_schema.json cat eduperson_SCIM_example_raw.json\ @@ -15,4 +16,5 @@ cat eduperson_SCIM_example_raw.json\ | sed s_\ //.*__ \ | sed s/\"unclear.*\"/true/ \ | sed s/\"to\ be\ evaluated\"/true/ \ + | sed '/^\ *$/d' \ > eduperson_SCIM_example.json From 68508a9e4bf34604797547bdcae316fd8bea2224 Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 13:53:02 +0200 Subject: [PATCH 11/17] remove empty lines --- schema/scim/eduperson_SCIM_example.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/schema/scim/eduperson_SCIM_example.json b/schema/scim/eduperson_SCIM_example.json index 943106c..6f441a6 100644 --- a/schema/scim/eduperson_SCIM_example.json +++ b/schema/scim/eduperson_SCIM_example.json @@ -12,7 +12,6 @@ "location": "https://example.com/v2/Users/2819c223...", "version": "W/\"f250dd84f0671c3\"" }, - "eduPersonAffiliation": [ "faculty"," staff"," member" ], @@ -55,7 +54,6 @@ "edupersonDisplayPronouns": [ "She", "Ella", "她/她", "היא" ], - "cn": "Mary Francis Xavier", "description": "A jolly good felon", "displayName": "Jack Dougherty", @@ -64,7 +62,6 @@ "homePhone": "+1 608 555 1212", "homePostalAddress": "1212 Como Ave.$Midton, SD 45621$USA", "initials": [ "f", "x" ], - "localityName": "Hudson Valley", "labeledURI": "http://www.hsww.wiz/%7Eputter Harry's home page", "mail": "dumbledwore@hsww.wiz", From c4c7450daf7ce4906fa7d25efecf80d4836c393b Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 14:05:42 +0200 Subject: [PATCH 12/17] remove "meta" section --- schema/scim/eduperson_schema_raw.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/schema/scim/eduperson_schema_raw.json b/schema/scim/eduperson_schema_raw.json index afc252e..a2e9f7e 100644 --- a/schema/scim/eduperson_schema_raw.json +++ b/schema/scim/eduperson_schema_raw.json @@ -509,8 +509,4 @@ "uniqueness": "none" } ], - "meta": { - "resourceType": "Schema", - "location": "https://refeds.org/eduperson/scim/urn:geant:scim:schemas:eduperson:User" - } } From b251728cdeea7f596895a2643b1a9bc965b865cb Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 6 May 2025 14:08:45 +0200 Subject: [PATCH 13/17] remove optional "meta" section --- schema/scim/eduperson_schema.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index e6dd635..50196df 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -473,8 +473,4 @@ "uniqueness": "none" } ], - "meta": { - "resourceType": "Schema", - "location": "https://refeds.org/eduperson/scim/urn:geant:scim:schemas:eduperson:User" - } } From 6469507993cee9f9f264d0915216a4e1fdb069a5 Mon Sep 17 00:00:00 2001 From: Marcus Date: Fri, 5 Sep 2025 12:01:24 +0200 Subject: [PATCH 14/17] remove work-file --- schema/scim/eduperson_schema_raw.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schema/scim/eduperson_schema_raw.json b/schema/scim/eduperson_schema_raw.json index a2e9f7e..c53657f 100644 --- a/schema/scim/eduperson_schema_raw.json +++ b/schema/scim/eduperson_schema_raw.json @@ -508,5 +508,5 @@ "returned": "default", "uniqueness": "none" } - ], + ] } From 84883d979e1f9cfa782256484777fa9039857a7b Mon Sep 17 00:00:00 2001 From: Marcus Date: Fri, 5 Sep 2025 12:01:40 +0200 Subject: [PATCH 15/17] fix json syntax --- schema/scim/eduperson_schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schema/scim/eduperson_schema.json b/schema/scim/eduperson_schema.json index 50196df..d9fccf2 100644 --- a/schema/scim/eduperson_schema.json +++ b/schema/scim/eduperson_schema.json @@ -472,5 +472,5 @@ "returned": "default", "uniqueness": "none" } - ], + ] } From 6aa0f55ab74fc211cb78dafc9d00170f4c39e0ed Mon Sep 17 00:00:00 2001 From: Marcus Date: Fri, 5 Sep 2025 12:02:40 +0200 Subject: [PATCH 16/17] remove work-files --- schema/scim/eduperson_SCIM_example_raw.json | 92 ---- schema/scim/eduperson_schema_raw.json | 512 -------------------- 2 files changed, 604 deletions(-) delete mode 100644 schema/scim/eduperson_SCIM_example_raw.json delete mode 100644 schema/scim/eduperson_schema_raw.json diff --git a/schema/scim/eduperson_SCIM_example_raw.json b/schema/scim/eduperson_SCIM_example_raw.json deleted file mode 100644 index b39dbce..0000000 --- a/schema/scim/eduperson_SCIM_example_raw.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "schemas": [ - "urn:ietf:params:scim:schemas:core:2.0:User", # Required by parser - "urn:geant:scim:schemas:eduperson:User" - ], - "userName": "some id", # Required by scim:schemas:core:2.0:User - "id": "d7a53cb23423420398409de7355956560282158ecac8f3d2c770b474862f4756", - "meta": { - "resourceType": "User", - "created": "2011-08-01T18:29:49.793Z", - "lastModified": "Invalid date", - "location": "https://example.com/v2/Users/2819c223...", - "version": "W/\"f250dd84f0671c3\"" - }, - - "eduPersonAffiliation": [ - "faculty"," staff"," member" - ], - "eduPersonEntitlement": [ - "http://xstor.com/contracts/HEd123", - "urn:mace:washington.edu:confocalMicroscope" - ], - "eduPersonNickname": "Spike", - "eduPersonOrgDN": "o=Hogwarts, dc=hsww, dc=wiz", - "eduPersonOrgUnitDN": "ou=Potions, o=Hogwarts, dc=hsww, dc=wiz", - "eduPersonPrimaryAffiliation": "student", - "eduPersonPrimaryOrgUnitDN": "ou=Music Department, o=Notre Dame, dc=nd, dc=edu", - "eduPersonPrincipalName": "hputter@hsww.wiz", - "eduPersonPrincipalNamePrior": [ - "baz@hsww.wiz", - "foo@hsww.wiz", - "bar@hsww.wiz" - ], - "eduPersonScopedAffiliation": "faculty@cs.berkeley.edu", - "eduPersonTargetedID": "https://aai-logon.switch.ch/idp/shibboleth!https://aai-viewer.switch.ch/shibboleth!a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35", - "eduPersonAssurance": "", - "eduPersonAssurance": [ - "https://refeds.org/assurance/IAP/high", - "https://refeds.org/assurance/IAP/medium", - "https://refeds.org/assurance/IAP/local-enterprise", - "https://refeds.org/assurance/ID/eppn-unique-no-reassign", - "https://refeds.org/assurance/ATP/ePA-1m", - "https://refeds.org/assurance/ATP/ePA-1d", - "https://aai.egi.eu/LoA#Substantial", - "https://refeds.org/assurance/ID/unique", - "https://refeds.org/assurance/profile/cappuccino", - "https://refeds.org/assurance/IAP/low" - ], - "eduPersonUniqueId": "28c5353b8bb34984a8bd4169ba94c606@foo.edu", - "eduPersonOrcid": "https://orcid.org/0000-0002-1825-0097", - "eduPersonAnalyticsTag": [ - "FOOBAR_ZORKMID", - "FOOBAR_ZORKMID2" - ], - "edupersonDisplayPronouns": [ - "She", "Ella", "她/她", "היא" - ], - - "cn": "Mary Francis Xavier", - "description": "A jolly good felon", - "displayName": "Jack Dougherty", - "facsimileTelephoneNumber": "+44 71 123 4567", - "givenName": "Stephen", - "homePhone": "+1 608 555 1212", - "homePostalAddress": "1212 Como Ave.$Midton, SD 45621$USA", - "initials": [ "f", "x" ], - - "localityName": "Hudson Valley", - "labeledURI": "http://www.hsww.wiz/%7Eputter Harry's home page", - "mail": "dumbledwore@hsww.wiz", - "manager": "uid=twilliams, ou=people, dc=hobart, dc=edu", - "mobile": "+47 22 44 66 88", - "o": "St. Cloud State", - "ou": "Faculty Senate", - "pager": "+1 202 555 4321", - "postalAddress": "postalAddress: P.O. Box 333$Whoville, WH 99999$USA", - "postalCode": "54321", - "postOfficeBox": "109260", - "preferredLanguage": "EO", - "seeAlso": "cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk", - "sn": - [ - "sn: Carson-Smith", - "sn: Carson", - "sn: Smith" - ], - "st": "IL", - "street": "303 Mulberry St.", - "telephoneNumber": "+1 212 555 1234", - "title": "Assistant Vice-Deputy for Redundancy Reduction", - "uid": "gmettes" -} diff --git a/schema/scim/eduperson_schema_raw.json b/schema/scim/eduperson_schema_raw.json deleted file mode 100644 index c53657f..0000000 --- a/schema/scim/eduperson_schema_raw.json +++ /dev/null @@ -1,512 +0,0 @@ -{ - "id": "urn:geant:scim:schemas:eduperson:User", - "name": "SCIM schema for eduPerson", - "description": "Attributes to describe a user in the context of eduPerson", - "attributes": [ - { - "name": "eduPersonAffiliation", - "description": "eduPerson per Internet2 and EDUCAUSE", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "canonicalValues": [ - "faculty", - "student", - "staff", - "alum", - "member", - "affiliate", - "employee", - "library-walk-in" - ], - "uniqueness": "none" - },{ - "name": "eduPersonEntitlement", - "description": "URI (either URN or URL) that indicates a set of rights to specific resources.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": true, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonNickname", - "description": "Person's nickname, or the informal name by which they are accustomed to be hailed.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonOrgDN", - "description": "The distinguished name (DN) of the directory entry representing the institution with which the person is associated.The directory entry pointed to by this dn should be represented in the X.521(2001) 'organization' object class The attribute set for organization is defined as follows: o (Organization Name, required}", - "type": "string", - "multiValued": false, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonOrgUnitDN", - "description": "The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s). May be multivalued, as for example, in the case of a faculty member with appointments in multiple departments or a person who is a student in one department and an employee in another.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonPrimaryAffiliation", - "description": "Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc", - "type": "string", - "multiValued": false, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonPrimaryOrgUnitDN", - "description": "The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s).", - "type": "string", - "multiValued": false, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonPrincipalName", - "description": "A scoped identifier for a person. It should be represented in the form 'user@scope' where 'user' is a name-based identifier for the person and where the 'scope' portion MUST be the administrative domain of the identity system where the identifier was created and assigned. Each value of 'scope' defines a namespace within which the assigned identifiers MUST be unique. Given this rule, if two eduPersonPrincipalName (ePPN) values are the same at a given point in time, they refer to the same person. There must be one and only one '@' sign in valid values of eduPersonPrincipalName.", - "type": "string", - "multiValued": false, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonPrincipalNamePrior", - "description": "Each value of this multi-valued attribute represents an ePPN (eduPersonPrincipalName) value that was previously associated with the entry. The values MUST NOT include the currently valid ePPN value. There is no implied or assumed order to the values. This attribute MUST NOT be populated if ePPN values are ever reassigned to a different entry (after, for example, a period of dormancy). That is, they MUST be unique in space and over time.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonScopedAffiliation", - "description": "Specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. The values consist of a left and right component separated by an '@' sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary.This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName. The 'scope' portion MUST be the administrative domain to which the affiliation applies. Multiple '@' signs are not recommended, but in any case, the first occurrence of the '@' sign starting from the left is to be taken as the delimiter between components. Thus, user identifier is to the left, security domain to the right of the first '@'. This parsing rule conforms to the POSIX 'greedy' disambiguation method in regular expression processing.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonTargetedID", - "description": "DEPRECATED", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": true, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "server" - },{ - "name": "eduPersonAssurance", - "description": "Set of URIs that assert compliance with specific standards for identity assurance.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": true, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonUniqueId", - "description": "A long-lived, non re-assignable, omnidirectional identifier suitable for use as a principal identifier by authentication providers or as a unique external key by applications.", - "type": "string", - "multiValued": false, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "global" - },{ - "name": "eduPersonOrcid", - "description": "ORCID iDs are persistent digital identifiers for individual researchers. Their primary purpose is to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned, managed and maintained by the ORCID organization.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": false, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "global" - },{ - "name": "eduPersonAnalyticsTag", - "description": "An opaque string that aggregates the use of a service by a set of subjects for the purpose of reporting or analytics by the originating organization.", - "type": "string", - "multiValued": true, - "required": false, - "caseExact": true, - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "eduPersonDisplayPronouns", - "description": "Text representing the word(s) a person prefers as their personal pronoun(s). Multiple personal pronouns should include separators to support human readability, e.g., ‘Ashe’, ‘she/her/hers’, or ‘ella, ellas’, or ‘היא’, or ‘She/ella*, O /او , 她/她, היא’.", - "type": "string", - "multiValued": false, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - } - - , - - { - "name": "audio", - "description": "RFC1274 notes that the proprietary format they recommend is 'interim' only.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "cn", - "description": "Common name. According to RFC4519, The 'cn' ('commonName' in X.500) attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "description", - "description": "Open-ended; whatever the person or the directory manager puts here. According to RFC4519, The 'description' attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "displayName", - "description": "The name(s) that should appear in white-pages-like applications for this person. From RFC2798 description: 'preferred name of a person to be used when displaying entries.'", - "type": "string", - "multiValued": false, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "facsimileTelephoneNumber", - "description": "According to RFC4519: 'The 'facsimileTelephoneNumber' attribute type contains telephone numbers (and, optionally, the parameters) for facsimile terminals. Each telephone number is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "givenName", - "description": "From RFC4519 description: 'The 'givenName' attribute type contains name strings that are the part of a person's name that is not their surname. Each string is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "homePhone", - "description": "From RFC1274 description: 'The [homePhone] attribute type specifies a home telephone number associated with a person.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "homePostalAddress", - "description": "From RFC1274 description: 'The Home postal address attribute type specifies a home postal address for an object. This should be limited to up to 6 lines of 30 characters each.' Semantics Home address. OrgPerson has a PostalAddress that complements this attribute.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "initials", - "description": "'The 'initials' attribute type contains strings of initials of some or all of an individual's names, except the surname(s). Each string is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "jpegPhoto", - "description": "Follow inetOrgPerson definition of RFC2798: 'Used to store one or more images of a person using the JPEG File Interchange Format [JFIF].'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "localityName", - "description": "According to RFC4519, 'The 'l' ('localityName' in X.500) attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "labeledURI", - "description": "Follow inetOrgPerson definition of RFC2079: 'Uniform Resource Identifier with optional label.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "mail", - "description": "From RFC4524: The 'mail' (rfc822mailbox) attribute type holds Internet mail addresses in Mailbox [RFC2821] form (e.g., user@example.com).", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "manager", - "description": "From RFC4524: 'The 'manager' attribute specifies managers, by distinguished name, of the person (or entity).'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "mobile", - "description": "From RFC4524: 'The 'mobile' (mobileTelephoneNumber) attribute specifies mobile telephone numbers (e.g., '+1 775 555 6789' associated with a person (or entity).'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "o", - "description": "Standard name of the top-level organization (institution) with which this person is associated.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "ou", - "description": "Organizational unit(s). According to X.520(2000), 'The Organizational Unit Name attribute type specifies an organizational unit. When used as a component of a directory name it identifies an organizational unit with which the named object is affiliated.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "pager", - "description": "From RFC4524: 'The 'pager' (pagerTelephoneNumber) attribute specifies pager telephone numbers (e.g., '+1 775 555 5555') for an object.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "postalAddress", - "description": "Campus or office address. inetOrgPerson has a homePostalAddress that complements this attribute. X.520(2000) reads: 'The Postal Address attribute type specifies the address information required for the physical postal delivery to an object.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "postalCode", - "description": "Follow X.500(2001): 'The postal code attribute type specifies the postal code of the named object. If this attribute value is present, it will be part of the object's postal address.' Zipcode in USA, postal code for other countries.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "postOfficeBox", - "description": "From RFC4519: 'The 'postOfficeBox' attribute type contains postal box identifiers that a Postal Service uses when a customer arranges to receive mail at a box on the premises of the Postal Service. Each postal box identifier is a single value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "preferredLanguage", - "description": "Follow inetOrgPerson definition of RFC2798: 'preferred written or spoken language for a person.'", - "type": "string", - "multiValued": false, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "seeAlso", - "description": "From RFC4519: The 'seeAlso' attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "sn", - "description": "Surname or family name. From RFC4519: 'The 'sn' ('surname' in X.500) attribute type contains name strings for the family names of a person. Each string is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "st", - "description": "Abbreviation for state or province name. Format: The values should be coordinated on a national level. If well-known shortcuts exist, like the two-letter state abbreviations in the US, these abbreviations are preferred over longer full names. From RFC4519: 'The 'st' ('stateOrProvinceName' in X.500) attribute type contains the full names of states or provinces. Each name is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "street", - "description": "From RFC4519: 'The 'street' ('streetAddress' in X.500) attribute type contains site information from a postal address (i.e., the street name, place, avenue, and the house number). Each street is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "telephoneNumber", - "description": "Office/campus phone number. Attribute values should comply with the international format specified in ITU Recommendation E.123: e.g., '+44 71 123 4567.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "title", - "description": "From RFC4519: 'The 'title' attribute type contains the title of a person in their organizational context. Each title is one value of this multi-valued attribute.' ", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "uid", - "description": "From RFC4519: 'The 'uid' ('userid' in RFC1274) attribute type contains computer system login names associated with the object. Each name is one value of this multi-valued attribute.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "uniqueIdentifier", - "description": "From RFC4524: 'The 'uniqueIdentifier' attribute specifies a unique identifier for an object represented in the Directory. The domain within which the identifier is unique and the exact semantics of the identifier are for local definition. For a person, this might be an institution- wide payroll number. For an organizational unit, it might be a department code.'", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "userPassword", - "description": "This attribute identifies the entry's password and encryption method in the following format: {encryption method}encrypted password.", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "userSMIMECertificate", - "description": "An X.509 certificate specifically for use in S/MIME applications (see RFCs 2632, 2633 and 2634).", - "type": "string", - "multiValued": true, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - },{ - "name": "x500uniqueIdentifier", - "description": "Defined originally in X.509(96) and included in RFC2256.", - "type": "string", - "multiValued": false, - "required": false, - - "mutability": "readWrite", - "returned": "default", - "uniqueness": "none" - } - ] -} From f11a19d8f8444ebf7d5b37e23543919486ba64f9 Mon Sep 17 00:00:00 2001 From: Marcus Date: Fri, 5 Sep 2025 12:03:24 +0200 Subject: [PATCH 17/17] remove uneeded tool --- schema/scim/make_parseable.sh | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100755 schema/scim/make_parseable.sh diff --git a/schema/scim/make_parseable.sh b/schema/scim/make_parseable.sh deleted file mode 100755 index 054ee9e..0000000 --- a/schema/scim/make_parseable.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - - -cat eduperson_schema_raw.json\ - | grep -vE "(saml_attribute_name|saml_attribute_urn|status|comment)\":" \ - | sed s/"#.*"// \ - | sed s_\ //.*__ \ - | sed s/\"unclear.*\"/true/ \ - | sed s/\"to\ be\ evaluated\"/true/ \ - | sed '/^\ *$/d' \ - > eduperson_schema.json - -cat eduperson_SCIM_example_raw.json\ - | grep -vE "(saml_attribute_name|saml_attribute_urn|status|comment)\":" \ - | sed s/"#\ .*"// \ - | sed s_\ //.*__ \ - | sed s/\"unclear.*\"/true/ \ - | sed s/\"to\ be\ evaluated\"/true/ \ - | sed '/^\ *$/d' \ - > eduperson_SCIM_example.json