5. Appendix A: Object classes (normative)#

This appendix is normative, to be considered an integral part of the norEdu* specification.

5.1. norEdu#

norEdu* has adopted the eduPerson and eduOrg object classes, but with some adaptations to the Nordic academic environment. Support for National Identity Numbers (norEduPersonNIN) and support for the numbering scheme for academic institutions have been added. Note that when the norEdu* schema is used in the Feide federation, several attributes which are optional (MAY) according to the schema definition, are mandatory by the Feide usage rules (equivalent to a schema MUST requirement).

5.1.1. norEduOrg#

objectclass (
    NAME 'norEduOrg'
    DESC 'Supplementary attributes for an educational organization'
    MAY (norEduOrgUniqueIdentifier $ norEduOrgNIN $
             norEduOrgAcronym $ norEduOrgSchemaVersion $
                                 dc $ mail $ labeledURI ))

5.1.2. norEduOrgUnit#

objectclass (
    NAME 'norEduOrgUnit'
    DESC 'Supplementary attributes for a unit of an educational organization'
    MAY (norEduOrgUnitUniqueIdentifier $ norEduOrgAcronym $
                                 cn $ mail $ labeledURI))

5.1.3. norEduPerson#

objectclass (
    NAME 'norEduPerson'
    DESC 'Supplementary attributes for a person affiliated with an educational organization'
    MAY (norEduPersonNIN $ norEduPersonLIN $ norEduPersonBirthDate $
norEduPersonLegalName $ norEduPersonServiceAuthnLevel $ norEduPersonAuthnMethod))

5.1.4. norEduObsolete#

objectclass (
    NAME 'norEduObsolete'
    DESC 'Attributes obsoleted in norEdu 1.4 or later'
    MAY (norEduOrgUniqueNumber $ norEduOrgUnitUniqueNumber $

5.2. eduPerson#

EduPerson is an auxiliary object class for campus directories designed to facilitate communication among higher education institutions. It consists of a set of data elements or attributes about individuals within higher education, along with recommendations on the syntax and semantics of the data that may be assigned to those attributes. The eduPerson attributes are found in the next section. All these attribute names are prefaced with eduPerson. The eduPerson auxiliary object class contains all of them as “MAY” attributes:

objectclass (
    NAME 'eduPerson'
    MAY ( eduPersonAffiliation $
        eduPersonNickname $
        eduPersonOrgDN $
        eduPersonOrgUnitDN $
        eduPersonPrimaryAffiliation $
        eduPersonPrincipalName $
        eduPersonEntitlement $
        eduPersonPrimaryOrgUnitDN $
        eduPersonScopedAffiliation $
        eduPersonTargetedID $
        eduPersonAssurance $
        eduPersonPrincipalNamePrior $
        eduPersonUniqueId $
        eduPersonOrcid )

It is recommended that person entries have the person, organizationalPerson and inetOrgPerson object classes defined. The former two are defined in X.521 (2001) and inetOrgPerson is defined in RFC 2798 and based in part on RFC 2256 (now obsoleted by RFC 4519). EduPerson attributes would be brought in to the person entry as appropriate from the auxiliary eduPerson object class.

Attributes from the person, organizationalPerson and inetOrgPerson classes are listed. The purpose of listing them is primarily as a convenience to enterprise directory designers, but in some cases notes were added to clarify aspects of meaning or usage in the education community beyond what can be found in the original standards documents.

Additional information on eduPerson including LDIF for implementing the object class and attributes, is available at its home on the web: https://www.internet2.edu/products-services/trust-identity/eduperson-eduorg/.

5.3. eduOrg#

eduOrg describes attributes for higher education organizations.

objectclass (
    NAME 'eduOrg'
    MAY (eduOrgHomePageURI $ eduOrgIdentityAuthNPolicyURI $
        eduOrgLegalName $ eduOrgSuperiorURI $
        eduOrgWhitePagesURI $ cn ))