Internet2 Middleware |
Architecture Committee |
Directory Working Group |
(MACE-Dir) |
| Document: | |
| Internet2-mace-dir-eduOrg-200210 | October/2002 |
| Copyright © 2002 by UCAID | |
| and/or the respective authors | |
| Comments to: | |
| nmi-support@nsf-middleware.org |
EduOrg Object Class Specification (200210)
EduOrg (200210), an object class for representing institutions of higher education, includes two basic sets of attributes. The attributes defined specifically for the purposes of higher education are listed first. All these attribute names are prefaced with eduOrg. The eduOrg auxiliary object class contains all of them as “MAY” attributes. Cn (commonName) is also included in the list of eduOrg attributes for convenience:
( 1.3.6.1.4.1.5923.1.2.2
NAME 'eduOrg'
AUXILIARY
MAY (eduOrgHomePageURI $ eduOrgIdentityAuthNPolicyURI $
eduOrgLegalName $ eduOrgSuperiorURI $ eduOrgWhitePagesURI $
cn)
The second set is a selection of relevant attributes from the organization object class defined in X.521 (2001). These attributes are listed alphabetically in the second section of this document. The purpose of listing them is primarily as a convenience to enterprise directory designers, although in some cases, notes will clarify some aspect of meaning or usage beyond what can be found in the original standards document. LDIF to add this object class and its attributes is available off the eduPerson page at: http://www.educause.edu/eduperson/.
This version of eduOrg is appropriate for adoption in production enterprise directory service environments. All comments should be directed to nmi-support@nsf-middleware.org.
An organization entry should take the X.521 (2001) organization object class as its structural object class. EduOrg attributes would be brought in as appropriate from the auxiliary eduOrg object class. The attribute set for organization is defined as follows:
o (Organization Name, required}
Optional attributes include:
description
localeAttributeSet
postalAttributeSet
telecommunicationsAttributeSet
businessCategory
seeAlso
searchGuide
userPassword
Since at an institutional level there will likely be only one or at most a few organization objects in the directory, the general recommendation is not to bother indexing any of the eduOrg attributes. We advise that this information should be located and retrieved from your directory by performing an LDAP search for all objects with objectclass=eduOrg, possibly in combination with other search criteria. That search should further specify those eduOrg (or other) attributes whose values you wish returned.
1. eduOrgHomePageURI (defined in eduOrg);
OID: 1.3.6.1.4.1.5923.1.2.1.2; # of values: multi
( 1.3.6.1.4.1.5923.1.2.1.2
NAME ' eduOrgHomePageURI'
DESC 'eduOrg per Internet2 and EDUCAUSE'
EQUALITY caseExactIA5Match
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
Definition
The URL for the organization's top level home page.
Permissible values (if controlled)
Most useful in a search by name of institutions in a directory of directories. Among other things, a way to remove the guesswork around the institution's second-level domain name: www.????.edu.
directory of directories, white pages
eduOrgHomePageURI: http://www.nd.edu
2. eduOrgIdentityAuthNPolicyURI (defined in eduOrg);
OID: 1.3.6.1.4.1.5923.1.2.1.3; # of values: multi
( 1.3.6.1.4.1.5923.1.2.1.3
NAME ' eduOrgIdentityAuthNPolicyURI'
DESC 'eduOrg per Internet2 and EDUCAUSE'
EQUALITY caseExactIA5Match
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
Definition
A URI pointing to the location of the organization's policy regarding identification and authentication (the issuance and use of digital credentials). Most often a URL, but with appropriate resolution mechanisms in place, could be a URN.
Permissible values (if controlled)
Primarily useful as a pointer to information relevant to judgement of risks in participating in inter-institutional resource sharing arrangements.
Shibboleth
eduOrgIdentficationAuthNPolicyURI: http://www.uchicago.edu/security/IA-Policy.html
3. eduOrgLegalName (defined in eduOrg);
OID: 1.3.6.1.4.1.5923.1.2.1.4; # of values: multi
( 1.3.6.1.4.1.5923.1.2.1.4
NAME ' eduOrgLegalName'
DESC 'eduOrg per Internet2 and EDUCAUSE'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
Definition
The organization's legal corporate name.
Permissible values (if controlled)
The organization's legal corporate name. Directory implementers should check with the institution's legal counsel to determine the proper value for this attribute.
directory of directories, white pages
eduOrgLegalName: Georgia Institute of Technology
4. eduOrgSuperiorURI (defined in eduOrg);
OID: 1.3.6.1.4.1.5923.1.2.1.5; # of values: multi
( 1.3.6.1.4.1.5923.1.2.1.5
NAME ' eduOrgSuperiorURI'
DESC 'eduOrg per Internet2 and EDUCAUSE'
EQUALITY caseExactIA5Match
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
Definition
LDAP URL for the organization object one level superior to this entry.
Permissible values (if controlled)
For a state university campus, for example, this is likely to be the entry for the state system administration organization in the system-level enterprise directory.
white pages
eduOrgSuperiorURI: ldap://dirsvc.uwsa.edu/o=University%20of%20Wisconsin%20System,dc=uwsa,dc=edu
5. eduOrgWhitePagesURI (defined in eduOrg);
OID: 1.3.6.1.4.1.5923.1.2.1.6; # of values: multi
( 1.3.6.1.4.1.5923.1.2.1.6
NAME ' eduOrgWhitePagesURI'
DESC 'eduOrg per Internet2 and EDUCAUSE'
EQUALITY caseExactIA5Match
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
Definition
The URL of the open white pages directory service for the university, predominantly LDAP these days.
Permissible values (if controlled)
directory of directories, white pages
eduOrgWhitePagesURI: ldap://wpage1.uwrf.edu
6. cn (commonName, defined in X.520 (2001));
OID: 2.5.4.3; # of values: multi
Definition
Common name.
Permissible values (if controlled)
X.520 (2001) “commonName.” Name or names by which this organization is commonly known.
all
cn: Georgia Tech
The following attributes are defined as part of the “organization” object class defined in X.521 (2001). The attributes themselves are defined in X.520 (2001). Additional notes on these attributes can be found in the eduPerson (200210) documentation.
7. description (defined in organization);
OID: 2.5.4.13; # of values: multi
Definition
Open-ended; whatever the person or the directory manager puts here. According to RFC 2256, “This attribute contains a human-readable description of the object.”
Permissible values (if controlled)
Can be anything.
directory of directories, white pages
description: Your Harvard on the Ripple River
8. facsimileTelephoneNumber (defined in organization);
OID: 2.5.4.23; # of values: multi
Definition
A fax number for the directory entry. Attribute values should follow the agreed format for international telephone numbers: i.e., “+44 71 123 4567.”
Permissible values (if controlled)
A fax number for the directory entry.
directory of directories, white pages
facsimileTelephoneNumber: +44 71 123 4567
9. l (localityName, defined in organization);
OID: 2.5.4.7; # of values: multi
Definition
locality name.
Permissible values (if controlled)
According to RFC 2256, “This attribute contains the name of a locality, such as a city, county or other geographic region.”
X.520 (2001) reads: “The Locality Name attribute type specifies a locality. When used as a component of a directory name, it identifies a geographical area or locality in which the named object is physically located or with which it is associated in some other important way.”
directory of directories, white pages
l: Buffalo
10. o (organizationName, defined in organization);
OID: 2.5.4.10; # of values: multi
Definition
Standard name of the top-level organization (institution).
Permissible values (if controlled)
Standard name of the top-level organization (institution).
directory of directories, white pages
o: St. Cloud State College
11. postalAddress (defined in organization);
OID: 2.5.4.16; # of values: multi
Definition
Main campus address.
Permissible values (if controlled)
Main office address. X.520 (2001) reads: “The Postal Address attribute type specifies the address information required for the physical postal delivery to an object.”
directory of directories, white pages
postalAddress: P.O. Box 333$Whoville, WH 99999
12. postalCode (defined in organization);
OID: 2.5.4.17; # of values: multi
Definition
Follow X.520 (2001): “The postal code attribute type specifies the postal code of the named object. If this attribute value is present, it will be part of the object's postal address.” Zip code in USA, postal code for other countries.
Permissible values (if controlled)
ZIP code in USA, postal code for other countries.
directory of directories, white pages
postalCode: 54321
13. postOfficeBox (defined in organization);
OID: 2.5.4.18; # of values: multi
Definition
Follow X.520 (2001): “The Post Office Box attribute type specifies the Postal Office Box by which the object will receive physical postal delivery. If present, the attribute value is part of the object's postal address.”
Permissible values (if controlled)
directory of directories, white pages
postOfficeBox: 109260
14. seeAlso (defined in organization);
OID: 2.5.4.34; # of values: multi
Definition
Identifies (by DN) another directory server entry that may contain information related to this entry.
Permissible values (if controlled)
The distinguished name of another directory entry
According to X.520 (2001), “The See Also attribute type specifies names of other Directory objects which may be other aspects (in some sense) of the same real world object.”
directory of directories, white pages
seeAlso: cn=Chancellor, o=University of Technology, dc=utech, dc=ac, dc=uk
15. st (defined in organization);
OID: 2.5.4.8; # of values: multi
Definition
Abbreviation for state name.
Format: Standard U.S. postal service two-letter code.
Permissible values (if controlled)
U.S. Postal Service set of two-letter state name abbreviations.
State or province name.
According to RFC 2256, “This attribute contains the full name of a state or province (stateOrProvinceName).”
While RFC 2256 specifies use of the “full name,” it is customary to use the U.S. Postal Service set of two-letter state name abbreviations for states in the U.S.
directory of directories, white pages
st: IL
16. street (defined in organization);
OID: 2.5.4.9; # of values: multi
Definition
Street address of the primary campus offices.
Permissible values (if controlled)
According to RFC 2256, “This attribute contains the physical address of the object to which the entry corresponds, such as an address for package delivery (streetAddress).”
directory of directories, white pages
street: 303 Mulberry St.
17. telephoneNumber (defined in organization);
OID: 2.5.4.20; # of values: multi
Definition
Main campus phone number. Attribute values should follow the agreed format for international telephone numbers: i.e., “+44 71 123 4567.”
Permissible values (if controlled)
First point of contact phone number, “switchboard” number.
directory of directories, white pages
telephoneNumber: +1 212 555 1234
The MACE members and others who contributed many hours to the definition of this object class include Rob Banz, Tom Barton, Brendan Bellina, Michael Gettes, Ken Klingenstein, RL“Bob” Morgan, Todd Piket, David Wasley and Ann West. The editor of the MACE-Dir working group, Keith Hazelton, would like to thank them and the many others who helped bring this effort to completion. This version also had the benefit of comments from several of the NMI Testbed institutions. Three that deserve special mention are Georgia State University, the University of Alabama at Birmingham and the University of Michigan. Special thanks are also due to Internet2 staff members for their invaluable assistance, Ben Chinowsky, Renee Frost, Lisa Hogeboom, Nate Klingenstein, Steve Olshansky and Ellen Vaughan.
The MACE-Dir working group (http://middleware.internet2.edu/dir/) gratefully acknowledges the support of Internet2 and NSF through the National Middleware Infrastructure (NMI) program.