Personal tools
University Computing Service

Raven

Raven/Shibboleth Attribute Release Summary

Filed under:

This is a summary of the rules currently implemented by the University's Shibboleth Identity Provider (IdP) as provided by Raven when releasing attributes to Shibboleth Service Providers (SPs). These rules are subject to the Raven/Shibboleth Attribute Release Policy. This summary was last updated on 16th March 2010.

  • eduPerson Principal Name (eduPersonPrincipalName) with the value <crsid>@cam.ac.uk to any SP that requests it on behalf of anyone with a Raven account.
  • An apropriate Anonymous Identifier (eduPersonTargetedID), to any SP that requests it providing Raven holds sufficient metadata to authenticate the SPs request, on behalf of anyone with a Raven account.
  • Status (eduPersonScopedAffiliation) to any SP that requests it:
    • with the value member@cam.ac.uk on behalf of anyone who appears in lookup.
    • with the value member@eresources.lib.cam.ac.uk on behalf of anyone entitled to access the general University Library electronic resource collection.
  • Entitlement (eduPersonEntitlement):
    • to any SP that requests it:
      • a value of urn:mace:dir:entitlement:common-lib-terms on behalf of anyone entitled to access the general University Library electronic resource collection.
    • to the EduServ Shibboleth to Athens gateway (obsolete - no longer used by the University):
      • a value of cam#default0 on behalf of anyone entitled to access the general University Library electronic resource collection.
      • a value of cam#staff on behalf of anyone entitled to access University Library electronic resource that are restricted to staff.
      • a value of cam#aaemo on behalf of anyone entitled to access University Library electronic resource that are 'medically restricted'.
    • to EDINA Film&Sound online:
      • a value of urn:mace:ac.uk:sdss.ac.uk:entitlement:emol.sdss.ac.uk:restricted on behalf of anyone entitled to access University Library electronic resource that are 'medically restricted'.
    • to OCLC FirstSearch:
      • a value of urn:mace:oclc.org:100159623 on behalf of anyone entitled to access the general University Library electronic resource collection.
  • CRSid (uid) to SPs operated by the University.
  • Surname (sn), Registered name (cn), Display name (displayName), Role(s) (title), Institution name(s) (ou), Institution ID(s) (instID), Primary institution ID (jdInst), Email address (mail), Alternative email address(es) (mailAlternative), University status(es) (misAffiliation), lookup group title(s) (groupTitle), lookup group ID(s) (groupID), with values derived from lookup (subject to each user's choice of suppression) for anyone who appears in lookup to SPs operated by the University.

University Library electronic resources

  • People entitled to access the general University Library electronic resource collection consist of anyone who is not a member of lookup group 100925, and who has a misStatus in lookup of 'staff' or 'student' or who is a member of lookup group 100981 (staff) or 100982 (students).
  • University Library electronic resources that are restricted to staff can be accessed by anyone who is not members of lookup group 100925, and who has a misStatus in lookup of 'staff' or who is in lookup group 100981.
  • University Library electronic resources that are 'medically restricted' can be accessed by anyone who is not members of lookup group 100925 and who is a member of lookup group 100927.

Anyone who is having problems with access to University Library electronic resources should contact lib-raven@lists.cam.ac.uk