SCHAC implementation and related issues

EuroCAMP 18-19.10.2006

Mikael Linden

CSC, the Finnish IT Center for Science

Outline

What is a schema The schema onion eduPerson schema Schac schema and attributes Examples of national schemas and attributes

Schema

Schema = the syntax and semantics for attributes exchanged• for example, between the IdPs and SPs in a federation

Semantics and vocabularies: the tricky part…• what does ’student’ mean?• what does ’ university’ mean?• ...in the institutional level?• … in the national level?• … in the international/European level?

For cross-national attribute exchange, there’s little use of having common attribute syntax and vocabulary, if the semantics of the vocabulary are different

• for example, ’student’ means a degree student in Finland, and any kind of student in some other country

institutional schemas

The schema onion

national schemas

Schac

eduPerson

Common schemas(Person, OrgPerson,

InetOrgPerson)

eduPerson

widely used in higher education around the world by Educause www.educause.edu/eduperson latest version 200604 10 attributes for higher education, such as

• For authorization:

eduPersonAffiliation (+primary/scoped affiliation)

eduPersonEntitlement urn:mace:dir:entitlement:common-lib-terms for library contents

• For unique identification of the end user:

eduPersonPrincipalNameeduPersonTargetedID

Loose definition of ePAffiliation vocabulary EduPersonAffiliation value

The Finnish Interpretation (funetEduPerson 2.0)

UK Interpretation (UK fed, technical recomm. draft)

Student Degree student, exchange student, visiting student

Undergraduate or postgraduate student

Faculty “academic workers”= Research and education workers at laboratories

Teaching staff

Staff ”non-academic workers”=administrational workers

All staff

Employee Person actually employed by the institution (not e.g. a contractor)

Other than staff or faculty (e.g. contractor)

Member All above + students taking qualifying/further education courses

All above

Affiliate Others, such as open university students

Relationship short of full member

Alum Graduated Graduated

Schac, Schema for academia

by Terena TF-EMC2 first schema definition released 5/2006 http://www.terena.nl/activities/tf-emc2/schac.html defines 18 attributes adopted partly in

• Haka federation/Finland (funetEduPerson)• FEIDE federation/Norway (norEduPerson)• DK-AAI pilot federation/Denmark• Uma.es• …

Schac attributes (1/5)

schacDateOfBirth• for example: 19660412

schacPlaceOfBirth• for example: Algeciras, Spain

schacSn1, schacSn2• for example, Lopez de la Moraleda

schacPersonalTitle• for example, Prof

schacUserPrecenseID• URIs, for example sip:pepe@myweb.com

schacExpiryDate• for example: 20051231125959Z

schacUserPrivateAttribute• for example, mail, telephoneNumber

Schac attributes (2/5)

schacMotherTongue – ISO 639• for example, fr, es-ES

schacGender – ISO 5218• 1=male, 2=female, 0=not known, 9 = not specified

schacCountryOfCitizenship – ISO 3166• for example, es

schacHomeOrganization – domain names• for example, tut.fi

schacCountryOfRecidence – ISO 3166• for example, es

schacPersonalPosition schacUserStatus

Schac attributes (3/5):schacHomeOrganizationType Purpose: authorization of cross-national services

• For example, ”for higher education students in any EU country”

Proposed international/EU vocabularyPREFIX=urn:mace:terena.org:schac:homeOrganizationType• PREFIX:eu:higherEducationInstitution // HE defined by Bologna• PREFIX:eu:educationInstitution // other educational institutions• PREFIX:eu:NREN // NREN defined by TERENA• PREFIX:eu:universityHospital• PREFIX:eu:NRENAffiliate // organisations part of the

NREN constituency

National extensions, for example in Finland• PREFIX:fi:university, PREFIX:fi:polytechnic, PREFIX:fi:researchInstitution,

PREFIX:fi:other

Terena gathers links to national ”homepages”• http://www.terena.nl/registry/terena.org/schac/homeorgtype/

Schac attributes (4/5):schacPersonalUniqueID National identification number/social security number assigned by national governments, each country (except Germany)

has at least one considered as sensitive in many countries (strong identifier) each NREN maintains the national namespace,

for example the Finnish Identification Number• urn:mace:terena.org:schac:personalUniqueID:fi:FIC:010161-123K

Terena gathers links to national ”homepages”:http://www.terena.nl/registry/terena.org/schac/personalUniqueID/

Schac attributes (5/5):schacPersonalUniqueCode Local (=not government-assigned) identification codes

• Student number, Library patron number, etc• Notice: employeeNumber is already defined by InetOrgPerson

One international namespace proposed for a student number• to make student numbers understood between countries• urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:‹tld›:‹code› • for example,

urn:mace:terena.org:schac:personalUniqueCode:eu:studentID:tut.fi:159345

for other local identifiers, each NREN maintains the national namespace

Terena gathers links to national ”homepages”:http://www.terena.nl/registry/terena.org/schac/personalUniqueCode/

National and institutional schemas

National and institutional schemas supplement international schemas with national and local specialties

For example, funetEduPerson (Finland), norEduPerson (Norway), swissEduPerson…

Examples of national attributes

funetEduPersonStudentCategory, the controlled vocabulary

• bachelor• master• Licentiate degree students• doctor• other-degree• visiting-student a student of another Finnish univ• exchange-student a student of a foreign univ• qualifying-studies aiming at further qualifications• further-education further education courses• open-university open university• other

Examples of national attributes

funetEduPersonTargetDegree vocabulary: national codes maintained by the statistical center of

Finland• for example, doctor of theology

urn:mace:funet.fi:attribute-def:funetEduPersonTargetDegree:university:311

funetEduPersonECTS ECTS credit units a student has

funetEduPersonEPPNTimeStamp The date when the eduPersonPrincipalName values was issued to

this individual The Finnish way to tackle reassignment of EPPN syntax YYYYMMDD