...
This page provides a description and examples of the key attributes that are needed to support and enforce appropriate access to CCC -wide services SSO federated applications and cloud services. These are the attributes which need to be supported by college/district Identity Providers, and released to various services including the CCC IdP SSO Proxy.
| Info |
|---|
| The eduPerson schema ( http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html ) has a more detailed description of many of these attributes and their intended meaning and purpose. |
...
However, for CCC applications and Cloud Services, which can provide services to many different institutions, having a user identifier that is "globally unique" is very advantageous. And such an
The identifier that has been defined , an identifier is called eduPersonPrincipalName, or EPPN for short. It was is defined first as part of the eduPerson schema, linked to above. EPPN has the syntax of an email address, and might even "work" as an email address, but its purpose is to be a globally unique federated identifier, rather than an email address. It is generally the most important attribute to be shared with federated services.
EPPN Construction
The standard practice in the Higher Education community is that EPPN is constructed by taking some local campus identifier (often SAMAccountName or uid, but sometimes some other local identifier like an employee or student id number), and adding to it a suffix of the form: @college.edu. That suffix is referred to as the "scope". So the EPPN for Jane Smith, who has a sAMAccountName of jsmith, at Best Community College, which has a campus domain of bestcc.edu, will typically be jsmith@bestcc.edu. But depending on how the college manages the sAMAccountName attribute for its users, if Jane Smith has a student id of 12345678, the college might choose to make her EPPN be 12345678@bestcc.edu instead.
...