LLMpediaThe first transparent, open encyclopedia generated by LLMs

eduPerson

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: DFN-AAI Hop 5
Expansion Funnel Raw 148 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted148
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
eduPerson
NameeduPerson
Established2001

eduPerson is a metadata schema designed to represent identity and affiliation information for members of academic and research communities. It provides standardized attributes for interoperable identity management across institutions, federations, and services such as access control, single sign-on, and directory synchronization. The schema is widely used in higher education, research organizations, identity federations, and service providers to enable consistent handling of person-centric attributes.

Overview

The schema supplies a compact set of attributes that represent identity, affiliation, entitlements, affiliations, and role-related data for individuals associated with institutions such as Harvard University, University of Oxford, Massachusetts Institute of Technology, Stanford University, University of Cambridge, California Institute of Technology, Yale University, Princeton University, University of California, Berkeley, Columbia University, University of Pennsylvania, University of Chicago, Imperial College London, University of Toronto, ETH Zurich, University of Michigan, Cornell University, Peking University, Tsinghua University, University of Tokyo, National University of Singapore, Australian National University, University of Sydney, McGill University, University of Edinburgh, UCLA, Duke University, London School of Economics, New York University, King's College London, University of British Columbia, University of Washington, Karolinska Institutet, Seoul National University, University of Melbourne, Technical University of Munich, University of São Paulo, École Polytechnique Fédérale de Lausanne, University of Hong Kong, University of Copenhagen, RWTH Aachen University, University of Amsterdam, University of Helsinki, National Taiwan University, Indian Institute of Science, KAIST, Purdue University, University of Texas at Austin, Arizona State University, Michigan State University, Brown University, Vanderbilt University and University of Illinois Urbana-Champaign. Service providers such as Shibboleth, Jisc, Internet2, EDUCAUSE, InCommon, GÉANT, SURFnet, CANARIE, eduGAIN, Terena and APNIC adopt the schema to harmonize attribute exchange. Typical consumer applications include federated single sign-on, resource authorization, library services, learning management systems, and research data repositories such as Mendeley, Figshare, Zenodo, Dryad and Dataverse.

History and Development

The schema emerged in the early 2000s from collaboration among identity and access management practitioners at institutions and federations including Internet2, EDUCAUSE, Jisc, SURFnet and TERENA. Initial work was influenced by directory standards developed at Sun Microsystems, Microsoft, Novell and schema discussions within LDAP communities and the IETF. Subsequent evolution was coordinated with federations and projects such as InCommon, GÉANT, eduGAIN, Shibboleth Consortium, SAML, OASIS, OAuth, OpenID Connect and national research and education networks like CANARIE and AARNet. Over successive revisions, the attribute set was refined to balance minimal interoperability with sufficient expressiveness for actors such as registrars, human resources, library systems, and research administration platforms like Symplectic, Pure (Elsevier), Elsevier Scopus and Clarivate.

Schema and Attributes

The schema defines a set of attributes with controlled syntax and semantics for representation in directory services, SAML assertions, and JSON-based tokens. Core attributes cover identifiers, affiliations, and role indicators consumable by services including Shibboleth, SimpleSAMLphp, Keycloak, CAS, Microsoft Azure AD, Okta, Ping Identity and Globus. Representative attributes include scoped identifiers, affiliation types mapping to categories used by Higher Education Statistics Agency and human resources systems at institutions such as Workday and PeopleSoft. The schema interoperates with standards like SAML 2.0, LDAP v3, SCIM, OAuth 2.0 and OpenID Connect to enable attribute release policies and consent flows enforced by federations such as InCommon and eduGAIN. Implementations often combine eduPerson attributes with schema elements from RFC 2254, X.500, X.509 certificate metadata, and entitlement vocabularies aligned with projects like eduGAIN Service Registry and REFEDS.

Implementation and Use Cases

Institutions deploy the schema within identity providers, directories, and middleware to support use cases across campus IT, research collaborations, and third-party services. Example deployments are seen in federated authentication for learning management systems such as Canvas (product), Blackboard Learn, Moodle, and Sakai, library access via discovery services like Ex Libris, EBSCO, ProQuest and federated cloud access for providers such as Amazon Web Services, Google Cloud Platform, Microsoft Azure, Dropbox, Box (company) and research e-infrastructure like XSEDE, PRACE and ELIXIR. The schema is used by identity federations to support cross-institutional access to resources like electronic journals from publishers such as Elsevier, Springer Nature, Wiley, Taylor & Francis and IEEE. Research collaborations and projects including CERN, European XFEL, LSST, Human Genome Project, Allen Institute for Brain Science and Square Kilometre Array utilize attribute exchange patterns to manage role-based access for staff, students, visiting scholars, and contractors.

Privacy and Security Considerations

Attribute release and consent frameworks are critical when exchanging person attributes; federations and institutions reference privacy frameworks from organizations like EDUCAUSE, InCommon, GÉANT, REFEDS and national data protection authorities such as Information Commissioner's Office (United Kingdom), CNIL (France), Federal Trade Commission, European Data Protection Board and regulators enforcing General Data Protection Regulation. Security controls integrate with authentication standards from FIDO Alliance, WebAuthn, SAML 2.0, OAuth 2.0 and OpenID Connect and cryptographic protections embodied in X.509 certificates and TLS. Risk mitigation practices include attribute minimization, consent dialogs managed by identity providers like Shibboleth and commercial vendors such as Okta and Ping Identity, logging controls used in Splunk and ELK Stack, and governance recommendations from NIST and ISO/IEC standards.

Governance and Maintenance

Governance of the schema is community-driven, coordinated by operators and contributors from federations, higher education organizations, and standards bodies such as Internet2, EDUCAUSE, GÉANT, InCommon, Jisc and REFEDS. Maintenance occurs through mailing lists, working groups, and interoperability events including Internet2 Technology Exchange, THATCamp, EDUCAUSE Annual Conference, GÉANT TNC, REFEDS workshops and national federation meetings. Tooling and test suites are provided by projects and vendors including Shibboleth Consortium, SimpleSAMLphp, Keycloak, Globus, eduGAIN and commercial identity platforms to ensure consistent interpretation and evolution of attributes across deployments.

Category:Identity management