Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

--- en:tech:categories [2017/02/10 07:02]
127.0.0.1 upraveno mimo DokuWiki
+++ en:tech:categories [2017/02/21 15:13]
jop@cesnet.cz
@@ Řádek 1: / Řádek 1: @@
-====== Entity Categories in eduID.cz ======
+====== Entity Categories ======
-In eduID.cz federation, Identity Providers (IdPs) and some Service Providers (SPs) have been classified into various Entity Categories (ECs). The categories are helpful for access control at the SP side and for releasing attributes at the IdP side.
+[[:en:index|eduID.cz]] federation supports various //Entity Categories// (EC) for //Identity Providers// (IdPs) and //Service Providers// (SPs).
-===== IdP categories =====
+There are specific //categories// for IdPs and SPs [[:en:tech:categories:eduidcz|suitable only for eduID.cz federation]], however, additional worldwide recognized and standardized categories available within [[http://www.edugain.org|eduGAIN]] are supported, too. Currently only [[https://refeds.org/category/research-and-scholarship|Research & Scholarship]] is supported, but SIRTFI and GÉANT Data Protection Code of Conduct will be available soon.
-Identity Providers within eduID.cz federation have been separated into five categories. Each category represents one type of an organisation. The category is assigned by the federation operator. We try to entitle every IdP exactly one category.
-<columns 100% 160px>
-{{  :cs:university.png?40|}}
-<newcolumn>**Public and private universities**\\
-eduPersonAffiliation values: alum, affiliate, __employee__, __faculty__,  __member__, __student__, __staff__
-EC name: ''%%http://eduid.cz/uri/idp-group/university%%''
-</columns>
-<columns 100% 160px>
-{{  :cs:av_logo.png?40|}}
-<newcolumn>**Institutions of The Czech Academy of Sciences**\\
-eduPersonAffiliation values: __member__
-EC name: ''%%http://eduid.cz/uri/idp-group/avcr%%''
-</columns>
-<columns 100% 160px>
-{{  :cs:library.png?40}}
-<newcolumn>**Libraries**\\
-eduPersonAffiliation values: affiliate, __employee__, member
-EC name: ''%%http://eduid.cz/uri/idp-group/library%%''
-</columns>
-<columns 100% 160px>
-{{  :cs:hospital3.png?40|}}
-<newcolumn>**Hospitals**\\
-eduPersonAffiliation values: __employee__ //(check)//
-EC name: ''%%http://eduid.cz/uri/idp-group/hospital%%''
-</columns>
-<columns 100% 160px>
-{{  :cs:cesnet-logo-400.png?150|}}
-<newcolumn>**CESNET** \\
-eduPersonAffiliation values: affiliate, __employee__, __member__\\
-EC name: ''%%http://eduid.cz/uri/idp-group/cesnet%%''
-</columns>
-Underlined [[cs:tech:eduperson#vyznam_jednotlivych_atributu|eduPersonAffiliation]] values mark users who belong to Research & Education (R&E) community.
-The following filter rule specifies users eligible to access a service. A filter written this way is relatively long, however, it is very easy to understand and when a new entity category is created, users from corresponding organizations do not have access to a service until the SP administrator decides to update the filter.
-{{page>cs:tech:include-filter&nofooter}}
-Alternatively, an exclude variant would look like this:
-{{page>cs:tech:exclude-filter&nofooter}}
-Specific Shibboleth Service Provider implementation is available in a single [[:en:tech:userfiltering|document]]. Any filters written for other SP implementations are welcomed and we will be happy to publish them.
-===== IdP and SP categories =====
-In addition to IdP categories as described above, there are also a few more categories in eduID.cz federation intended for labelling entities belonging to various projects. Such a labelling make sense when a group of SPs needs attributes which are not usually released to other entities in the federation. This greatly helps negotiation with particular IdPs about attribute release policy.
-<columns 100% 160px>
-{{  :cs:clarin-logo_4c14pure.png?90|}}
-<newcolumn>CLARIN is a group of SPs providing technical background and help to institutions or researchers who would like to create, share and modernise their instruments and data used in linguistic or other related research areas. The project also provides an open digital repository and an archive available to all academic users who desire to make their work preserved, propagated and widely available for others.
-EC name: ''%%http://eduid.cz/uri/sp-group/clarin%%''
-</columns>
-<columns 100% 160px>
-{{  :cs:logo-mefanet.png|}}
-<newcolumn>MEFANET (MEdical FAculties NETwork) is a project intended to build and strengthen cooperation between medical and non-medical health faculties in the Czech Republic and Slovakia. The aim of the project is a development of education with modern information and communication technology utilisation.
-EC name: ''%%http://eduid.cz/uri/group/mefanet%%''
-</columns>
-===== An example of entity label in metadata =====
-The following XML fragment depicts that the IdP of the Czech Technical University in Prague belongs to an entity category designated for universities.
-<code xml>
-<md:EntityDescriptor entityID="https://idp2.civ.cvut.cz/idp/shibboleth">
-  <md:Extensions>
-    <mdattr:EntityAttributes>
-      <saml:Attribute Name="http://macedir.org/entity-category"
-        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-        <saml:AttributeValue>http://eduid.cz/uri/idp-group/university</saml:AttributeValue>
-      </saml:Attribute>
-    </mdattr:EntityAttributes>
-  </md:Extensions>
-  <!-- additional metadata information follows -->
-</code>
-Entity category attributes usage is the same as user attributes usage sent by a user's IdP. An example of how to use it in Shibboleth SP is available in a separate [[:cs:tech:filtrovani-uzivatelu-dokumentace|document]].

Rozdíly

Links

Contact

Service desk