Welcome to Net@EDU

Major Initiatives Resources Professional Development Community About EDUCAUSE

You are receiving this message because your browser is not JavaScript-enabled. We recommend you enable JavaScript in your browser, which is required to exploit the full functionality of the EDUCAUSE Web site, to ensure the best possible experience on our site.

eduPerson Object Class

The EDUCAUSE/Internet2 eduPerson task force has the mission of defining an LDAP object class that includes widely-used person attributes in higher education. The group will draw on the work of educational standards bodies in selecting definitions of these directory attributes.

Comments to i2mi-info@internet2.edu

The problem: There are no established patterns for building general-purpose institutional directories. Each institution has to start from scratch, and no two higher education directories look alike.

The eduPerson object class would provide a common list of attributes and definitions. The task force plans to draw on the existing standards work in higher education, select items that are of broad utility, and define a common LDAP representation for each of them.

Documentation:

eduPerson/eduOrg Object Identifier (OID) Registrations
- MACE administers OIDs for Internet2. This page lists OIDs currently assigned to eduPerson and eduOrg. General information about the registry, and the complete list of MACE-administered OIDs, is available here.
eduPerson (200712)
- Platform-Specific eduPerson LDIFs*
The Internet2 MACE-Dir Working Group has released this new (200712) version of the eduPerson specification. This version does not add any new attributes. The changes are limited to the addition of "library-walk-in" to "permissible values" and the addition of explanatory notes on "library-walk-in" in section 2.2.1, "eduPersonAffiliation" and in section 2.2.6, "eduPersonPrimaryAffiliation."

Development of this specification was supported with funding from Internet2, EDUCAUSE, and the NSF Middleware Initiative (Cooperative Agreement No. ANI-0330626). For more details please see the NMI Enterprise and Desktop Integration Technologies (EDIT) site.
eduPerson (200604)
- Platform-Specific eduPerson LDIFs*
The Internet2 MACE-Dir Working Group has released this new (200604) version of the eduPerson specification. This version does not add any new attributes. The changes are limited to clarifications and further specifications on three attributes, eduPersonPrincipalName, eduPersonScopedAffiliation and eduPersonTargetedID. eduPersonPrincipalName and eduPersonScopedAffiliation have a syntax with the general form "user"@"scope". In this draft, the syntax rules are clarified to specify that the first occurrence of "@" from the left delimits the two sub-components, user and scope. eduPersonTargetedID offers a way for pairings of identity providers and service providers to share unique, persistent identifiers about people in a way that avoids the privacy loss that would come from the use of a single, globally unique and persistent identifier for a given person. The new language in the specification offers guidance on sound practices for constructing values for this attribute that aligns with emerging standards for federated identity management.

Development of this specification was supported with funding from Internet2, EDUCAUSE, and the NSF Middleware Initiative (Cooperative Agreement No. ANI-0330626). For more details please see the NMI Enterprise and Desktop Integration Technologies (EDIT) site.
eduPerson (200312)
- Platform-Specific eduPerson LDIFs*
This is the previous production-ready specification for the eduPerson object class, the latest version being eduPerson (200505) (see above).
eduPerson (200210)
- Platform-Specific eduOrg LDIFs*
This is the previous production-ready specification for the eduPerson object class. The eduPerson attributes are listed first, followed by the attributes defined in earlier object classes, in alphabetical order by attribute name.
eduOrg (200210)
- Platform-Specific eduOrg LDIFs*
eduOrg (200210) associates attributes to institutions, such as management and security policies, and can be used to discern the organizational structure of a college, for example.
eduPerson 1.0
- Platform-Specific eduOrg LDIFs*
This was the first formally released version of the object class.

*LDIF (Lightweight Directory Interchange Format) is an ASCII file format that LDAP servers can import and export. The above LDIF files, when imported into an LDAP server will define the object class and its attributes so that the directory administrator can use them with new directory entries.

"A Recipe for Configuring and Operating LDAP Directories," Michael Gettes, Internet2
Letter to Implementers, 12 Feb 2001


[7 KB PDF]

FAQ for eduPerson 1.0, 12 Feb 2001


[38 KB PDF]

Background Materials:

eduPerson Task Force Charter
[25 KB DOC]
K. Hazelton Presentation to the Net@EDU PKI Working Group, Tempe AZ, 8 Feb 2000
[37 KB PPT]

Page Last Updated: Monday, May 05, 2008

Need Help? | Site Map | Feedback | Privacy Policy

Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances).