4. Document information¶
This chapter is informative only, and does not form part of the norEdu* specification.
Editing team: Ingrid Melve, Jon Strømme, Bård Henry Moum Jakobsen, Anders Lund, Walter Tveter, Ketil Albertsen, Snorre Løvås, Annette Grande, Hildegunn Vada and Jaime Pérez. Contact address is firstname.lastname@example.org
Thanks to Keith Hazelton and Internet2/NMI for allowing us to reuse the eduPerson and eduOrg documentation. Without your example and your kind help, this document would have been much harder to write.
Thanks to Peter Green for giving access to auEduPerson and answering questions. Thanks to the SWITCH AAI team for publishing switchEduPerson and documenting choices made.
Thanks to the GNOMIS community for feedback and support. Discussions on funetEduPerson attributes proved helpful.
Among other persons who provided valuable help and feedback are Steinar Hamre, Hallvard Furuseth, Per-Steinar Iversen and Tor Gjerde.
4.2. Change log¶
4.2.1. From version 1.0 to 1.1¶
- Changed OIDs for the Feide attributes that are not inherited from eduPerson or eduOrg.
- Changed names of Feide attributes (norEduPersonBirthDate, norEduPersonNIN, norEduPersonLIN, norEduOrgAcronym, norEduOrgUniqueNumber, norEduOrgUnitUniqueNumber).
- Changed norEduPersonNIN type from Integer to DirectoryString
- Changed givenName to MANDATORY, due to popular demand.
- Indexing information for eduOrg200210 updated and changed as result of testing
- Changed matching rules from caseExactIA5Match to caseExactMatch
4.2.2. From version 1.1 to 1.2¶
- Changed givenName back to OPTIONAL, after discussions with service providers
- userSMIMECertificate and userCertificate both have the same confidentiality level of medium
- Fixed typos and removed warning about beta
4.2.3. From version 1.2 to 1.3¶
- Changed object classes to Auxiliary to minimize interoperability problems.
- Removed all unused attributes from the document
- Feide realm specification, added feideSchema for versioning information of AT
- Restrictions on Feide name (eduPersonPrincipalName) changed to prevent reuse
- Added definitions for jpegPhoto, mobile, eduPersonEntitlement, eduPersonScopedAffiliation
- Changed data type from Integer to NumericString for norEduPersonBirthDate and norEduPersonNIN
- norEduPersonLIN is defined to include all scoped identifiers. The attribute must be parsed to separate the issuer from the value of the identifier.
- labeledURI may be part of norEduOrg, duplicates eduOrgHomePageURI and eduOrgWhitePageURI
- Added norEduOrgUniqueIdentifier (replaces norEduOrgUniqueNumber) and norEduOrgUnitUniqueIdentifier (replaces norEduOrgUnitUniqueNumber), and moved the two deprecated attributes to a new object class norEduObsolete
- Added federationFeideSchemaVersion attribute in the new object class federationFeideSchema
4.2.4. From version 1.3 to 1.4¶
Schema related changes:
- norEdu* objects now has no MUST attributes. In the Norwegian Feide federation, a number of attributes are defined as mandatory, as a federation defined restriction on use of the schema.
- Added attributes norEduOrgNIN and norEduOrgSchemaVersion.
- User password encryption method is no longer required to be MD5. However, a strong encryption method should be used.
- Included description of schac attributes schacHomeOrganization and schacUserPrivateAttribute, eduPerson attributes eduPersonNickname and eduPersonTargetedID, and common attribute dc.
- Obsoleted attribute federationFeideSchemaVersion and object class feideFederationSchema in favor of norEduOrgSchemaVersion, norEduOrgUniqueNumber in favor of norEduOrgUniqueIdentifier and norEduOrguUnitUniqueNumber in favor of norEduOrgUnitUniqueIdentifier.
- The norEdu* grammar definitions in Appendix A and B is cleaned up and is now formally correct.
- Removed search type info from individual attribute description. This information is found in the formal grammar in the appendix.
- References to eduPerson updated to include reference to 2004 version. Several citations of eduPerson descriptions updated to the 2004 version of eduPerson. All eduPerson attributes are now incorporated into the norEdu* description.
- Moved obsolete attributes to appendix.
- Complete rewrite of introductory chapters, format of attribute descriptions etc. norEdu attributes are now described in alphabetical order (similar to schac and eduPerson/eduOrg schema descriptions). For the electronic document version, the majority of external references have been made clickable links (where such have been found).
- Added index of attributes, with clickable (intra document) links to the description and grammar.
- References to RFC 2251 to 2256 updated to refer to the revised LDAP RFCs 4510 to 4519.
Feide specific changes:
- Changed Feide relevance from Mandatory to Optional for the ou attribute.
- Added definition of Feide urn:mace:feide.no:value-def:foresatt for use in eduPersonEntitlement.
- In Feide, norEduOrgNIN (the “foretaksnummer”, assigned by Brønnøysundregistrene) replaces norEduOrgUniqueIdentifier (assigned by SO) as a mandatory attribute.
4.2.5. From version 1.4 to 1.4.1¶
- In the norEduOrg and norEduOrgUnit object classes, those common
attributes which are neither specified in the MAY parts of the
eduOrg/eduOrgUnit classes nor the X.521 organization object class. The
affected attributes are,
norEduOrg: dc, mail, labeledURI
norEduOrgUnit: cn, mail, labeledURI
(These were specified in norEdu 1.3, but the 1.4 class definitions included norEdu attributes only in the MAY part of the Appendix B definitions).
- The description of norEduOrgAcronym in chapter 3.1.1 stated that the attribute is to be used with the norEduOgr and norEduOrgUnit class, while it was omitted from the norEduOrgUnit class description in Appendix A. It is now included in both class definitions.
- The documentation now states explicitly that Appendix A and B are considered normative, i.e. part of the norEdu specification. Appendix C is informative, i.e. it is not a formal part of the specification.
- Chapter 1 now describes how information about new versions and revisions of the specification shall be distributed.
4.2.6. From version 1.4.1 to 1.5¶
- Removed the column “Feide relevance” in the Attribute Survey table in 3.1. All information regarding Feide relevance is now found in the two documents “GO-attributter” and “UH-attributter”, for the primary and secondary school and higher education respectively.
- Added attribute description and definition for new attribute norEduPersonLegalName.
- Removed references to and information about the schac attributes.
- Updated information about userPassword. Changed the example from using MD5 to using the SSHA hashing algorithm. Also included a reference to a NIST recommendation for approved algorithms.
- Updated the document according to eduPerson200712 and eduPerson200806.
- Updated the Feide usage notes and the norEdu attribute descriptions with regard to the increasing use of this specification in primary and secondary education.
4.2.7. From version 1.5 to 1.5.1¶
- Added one attribute definition from the schac schema (schacHomeOrganization).
- Updated the document according to eduPerson201203.
- Updated references.
4.2.8. From version 1.5.1 to 1.6¶
- Added two attribute definitions to the norEdu schema for multi-factor authentication.
- Updated description of the schac schema as well as its reference.
- Updated links to the TERENA website.
- Updated references pointing to the attribute table.
- Those using this document should from now on monitor www.feide.no for new versions and changes of this document, and not email@example.com, firstname.lastname@example.org or email@example.com.
4.2.9. From version 1.6 to 2.0¶
- Updated document to eduPerson201602:
- Changes since eduPerson201203: eduPerson201602: 4. Change log
- Attribute added: eduPersonPrincipalNamePrior
- Attribute added: eduPersonOrcid
- Attribute added and reserved for future use: eduPersonUniqueId
- Updated document to reference schac 1.5.
- Clarified use of mobile attribute for one-time passwords.
- Removed availability column from attribute survey. This information is no longer correct because of divergent use.
- Removed outdated password hash algorithm SSHA.
- Added a note on the mail attribute about some services using the eduPersonPrincipalName as an email address.
- Converted the document from a PDF to webpages.
- Removed references chapter as we now link directly in the document.
- Removed usage notes and example applications for eduPerson and eduOrg attributes.
- Added link to definitions, usage notes, and example applications for eduPerson and eduOrg attributes.