#---------------------------------------------------------------------- # # schac v: 20060327-1.1.2 # # SCHema for ACademia # Attribute definitions for individual data # # The latest version of this document is avaliable at # http://www.rediris.es/ldap/schema/schac.schema # #---------------------------------------------------------------------- # # Changelog # # 20060724 - Arnes deployment fixes # 20060327 - SCHAC URN assigned: urn:mace:terena.org:schac # 20060310 - TERENA OID assigned: 1.3.6.1.4.1.25178 # 20060210 - Second release # 20051122 - Initial release # # objectIdentifier TERENA 1.3.6.1.4.1.25178 objectIdentifier schac TERENA:1 objectIdentifier schacObjectClass schac:1 objectIdentifier schacAttributeType schac:2 #---------------------------------------------------------------------- # Attributes #---------------------------------------------------------------------- # # schacMotherTongue # # Descrip: Is the language a person learns first. Correspondingly, # the person is called a native speaker of the language. # Usually a child learns the basics of their first language # from their family. # # Format: See RFC 3066 Tags for the Identification of Languages # # Example: schacMotherTongue: fr # Example: schacMotherTongue: es-ES # attributetype ( schacAttributeType:1 NAME 'schacMotherTongue' DESC 'RFC 3066 code for prefered language of communication' EQUALITY caseExactMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacGender # # Descrip: The state of being male or female. The gender attribute # specifies the legal gender of the subject it is associated with. # "Either of the two groups that people, animals and plants are # divided into according to their function of producing young" # (Oxford Advanced Learner's Dictionary) # # Format: 0 Not known # 1 Male # 2 Female # 9 Not specified # # Example: schacGender: 2 # attributetype ( schacAttributeType:2 NAME 'schacGender' DESC 'Representation of human sex (see ISO 5218)' EQUALITY integerMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # # schacDateOfBirth # # Descrip: The date of birth for the subject it is associated with # # Format: Numeric value YYYYMMDD, using 4 digits for year, 2 digits # for month and 2 digits for day as described in RFC 3339 # 'Date and Time on the Internet: Timestamps' as reference # using the 'full-date' format from paragraph 5.6 but without # the dashes. # # Example: schacDateOfBirth: 19660412 # attributetype ( schacAttributeType:3 NAME 'schacDateOfBirth' DESC 'Date of birth (format YYYYMMDD, only numeric chars)' EQUALITY numericStringMatch ORDERING numericStringOrderingMatch SUBSTR numericStringSubstringsMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) # # schacPlaceOfBirth # # Descrip: Specifies the place of birth for the subject it is associated with. # # Format: Free string # # Example: schacPlaceOfBirth: Algeciras, Spain # attributetype ( schacAttributeType:4 NAME 'schacPlaceOfBirth' DESC 'Birth place of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacCountryOfCitizenship # # Descrip: Specifies the (claimed) countries of citizenship for the # subject it is associated with. # # Format: Two-letter country acronym in accordance with ISO 3166. # # Example: schacCountryOfCitizenship: es # attributetype ( schacAttributeType:5 NAME 'schacCountryOfCitizenship' DESC 'Country of citizenship of a person. Format two-letter acronym according to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacSn1 # # Descrip: First surname of a person ("the surname" in international terms) # # schacSn1 would contain whatever values the described person # thinks they should contain. Splitting shall be done by humans. # That means that, when filling a SCHAC-based description that # allows the use of schacSn1 and schacSn2, the administrators # must ask for 1st surname and 2nd surname (if applicable) as # well as they do for givenName, surname, etc. # # Format: Free string # # Example: In Spain, if sn = Lopez de la Moraleda y de Las Altas Alcurnias # and that person uses Lopez de la Moraleda as the first component # of the surname we can write: # # schacSn1: Lopez de la Moraleda # # In Poland, if sn = Gorecka-Wolniewicz and we decide to use the # national convention for the sn attribute, we can write: # # schacSn1: Wolniewicz # attributetype ( schacAttributeType:6 NAME 'schacSn1' DESC 'First surname of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacSn2 # # Descrip: Second surname of a person (how this is assigned is a local matter). # # schacSn2 would contain whatever values the described person # thinks they should contain. Splitting shall be done by humans. # That means that, when filling a SCHAC-based description that # allows the use of schacSn1 and schacSn2, the administrators # must ask for 1st surname and 2nd surname (if applicable) as well # as they do for givenName, surname, etc. # # Format: Free string # # Example: In Spain, if sn = Lopez de la Moraleda y de Las Altas Alcurnias # and that person uses Lopez de la Moraleda as the second component # of the surname we can write: # # schacSn2: de Las Altas Alcurnias # # In Poland, if sn = Gorecka-Wolniewicz and we decide to use the # national convention for the sn attribute, we can write: # # schacSn2: Gorecka # attributetype ( schacAttributeType:7 NAME 'schacSn2' DESC 'Second surname of a person' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacPersonalTitle # # Descrip: The Personal Title attribute type specifies a personal title # or salutation for a person. Examples of personal titles are # "Ms", "Dr", "Prof", "Rev", "Sr". # # Format: Free string # # Example: schacPersonalTitle: Prof # attributetype ( schacAttributeType:8 NAME 'schacPersonalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacHomeOrganization # # Descrip: Specifies a person´s home organization using the domain name # of the organization # # Format: Domain name acording to RFC 1035. # # Example: schacHomeOrganization: tut.fi # attributetype ( schacAttributeType:9 NAME 'schacHomeOrganization' DESC 'Domain name of the home organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) # # schacHomeOrganizationType # # Descrip: Type of a Home Organization # # Format: urn:mace:terena.org:schac:homeOrgType:: # # - The must be a valid two-letter ISO 3166 # country code identifier. # - from a nationally controlled vocabulary # # Example: schacHomeOrganizationType: urn:mace:terena.org:schac:homeOrgType:ch:vho # schacHomeOrganizationType: urn:mace:terena.org:schac:homeOrgType:es:opi # attributetype ( schacAttributeType:10 NAME 'schacHomeOrganizationType' DESC 'Type of the home organization' EQUALITY caseIgnoreMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacCountryOfResidence # # Descrip: Specifies the (claimed) country of residence for the subject # is associated with. # # Format: Two-letter country acronym in accordance with ISO 3166 country # code identifier. # # Example: schacCountryOfResidence: es # attributetype ( schacAttributeType:11 NAME 'schacCountryOfResidence' DESC 'Country of citizenship of a person. Format two-letter acronym according to ISO 3166' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacUserPresenceID # # Descrip: To store a set of user identifiers in presence and instant # messaging systems and protocols # # Format: urn:mace:terena.org:schac:presence: # # - is a Namespace Specific String as defined in RFC 2141 # # Example: schacUserPresenceID: urn:mace:terena.org:schac:presence:xmpp:pepe@im.univx.es # schacUserPresenceID: urn:mace:terena.org:schac:presence:sip:jose.perez@myweb.es # schacUserPresenceID: urn:mace:terena.org:schac:presence:sip:+34-95-505-6600@univx.es;transport=TCP;user=phone # schacUserPresenceID: urn:mace:terena.org:schac:presence:h323:pepe@myweb.fi:808;pars # schacUserPresenceID: urn:mace:terena.org:schac:presence:skype:pepe.perez # attributetype ( schacAttributeType:12 NAME 'schacUserPresenceID' DESC 'Used to store a set of values related to the network presence' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacPersonalPosition # # Descrip: Specifies a personal position inside an institution # # Format: urn:mace:terena.org:schac:position: # # - is a Namespace Specific String as defined in RFC 2141 # but case insensitive. # # Example: schacPersonalPosition: urn:mace:terena.org:schac:position:umk.pl:programmer # attributetype ( schacAttributeType:13 NAME 'schacPersonalPosition' DESC 'Position inside an institution' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacPersonalUniqueCode # # Descrip: Specifies a "unique code" for the subject it is # associated with. Its value does not necessarily # correspond to any identifier outside the scope of # the directories using this schema. # # This might be Student number, Employee number,... # # Format: urn:mace:terena.org:schac:uniqueCode:: # # - is a Namespace Specific String as defined in RFC 2141 # but case insensitive. # - The must be a valid two-letter ISO 3166 # country code identifier. # # Example: schacPersonalUniqueCode: urn:mace:terena.org:schac:uniqueCode:fi:tut.fi:student:165934 # schacPersonalUniqueCode: urn:mace:terena.org:schac:uniqueCode:es:uma:estudiante:a3b123c12 # schacPersonalUniqueCode: urn:mace:terena.org:schac:uniqueCode:se:LIN:87654321 # attributetype ( schacAttributeType:14 NAME 'schacPersonalUniqueCode' DESC 'unique code for the subject' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacPersonalUniqueID # # Descrip: Specifies a "legal unique identifier" for the subject it # is associated with. # This might be DNI in Spain, FIC in Finland, NIN in Sweden,. # # Format: urn:mace:terena.org:schac:uniqueID::: # # - The must be a valid two-letter ISO 3166 # country code identifier. # - . Acceptable values must be declared per each # country code. # - # # Example: schacPersonalUniqueID: urn:mace:terena.org:schac:uniqueID:es:NIF:31241312L # schacPersonalUniqueID: urn:mace:terena.org:schac:uniqueID:fi:FIC:260667-123F # schacPersonalUniqueID: urn:mace:terena.org:schac:uniqueID:se:NIN:12345678 # attributetype ( schacAttributeType:15 NAME 'schacPersonalUniqueID' DESC 'Unique identifier for the subject' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # schacUUID # # Descrip: Specifies a "universally unique identifier" for an entity # representing a person. # # Format: # # - . A UUID is essentially a 16-byte number and in its # canonical form a UUID may look like this: # 597ae2f6-16a6-1027-98f4-d28b5365dc14 # UUID generation requires no central registration process # # Example: schacUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14 # #---------------------------------------------------------------------- # http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-uuid-06.txt # # We need to replace value of uuid-IANA-ASSIGNED-OID with the real one #---------------------------------------------------------------------- # attributetype ( schacAttributeType:16 NAME 'schacUUID' DESC 'UUID for the entity' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.44) # # schacExpiryDate # # Descrip: The date from which the set of data is to be considered # invalid (specifically, in what refers to rights and # entitlements) # # Format: schacExpiryDate values MUST be expressed Greenwich Mean # Time (Zulu) and MUST include seconds (i.e., times are # YYYYMMDDhhmmssZ), even where the number of seconds is zero. # GeneralizedTime values MUST NOT include fractional seconds. # # Example: schacExpiryDate: 20051231125959Z # attributetype ( schacAttributeType:17 NAME 'schacExpiryDate' DESC 'Date from which the set of data is to be considered invalid (format YYYYMMDDhhmmssZ)' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) # # schacUserPrivateAttribute # # Descrip: Used to model privacy requirements, as expressed by the user # and/or the organizational policies. The values are intended # to be attribute type names and applies to the attribute and i # any subtypes of it for a given entity. # # In what respects to data exchange, it applies to the # expression of privacy requirements. # # This attribute can also have specific operational semantics # that will be defined in a separate document. # # Format: An attribute type identifier. # Operational semantics may imply specific values as wildcards. # # Example: Attributes mail and telephoneNumber are considered private # # schacUserPrivateAttribute: mail # schacUserPrivateAttribute: telephoneNumber # attributetype ( schacAttributeType:18 NAME 'schacUserPrivateAttribute' DESC 'Set of denied access attributes' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # schacUserStatus # # Descrip: Used to store a set of status of a person as user of services # # Format: urn:mace:terena.org:schac:status: # # - is a Namespace Specific String as defined in RFC 2141 # but case insensitive. # # Example: To store different user activity states at University of # Málaga (uma.es): # # schacUserStaus: urn:mace:terena.org:schac:status:uma.es:affiliation:expired # schacUserStaus: urn:mace:terena.org:schac:status:uma.es:sendMail:expired # schacUserStaus: urn:mace:terena.org:schac:status:uma.es:getMail:active # # A parameter in the URN can be used to represent the temporal # validity of the satus: # # schacUserStatus: urn:mace:terena.org:schac:status:ujl.si:webmail:active?ttl=20060531 # attributetype ( schacAttributeType:19 NAME 'schacUserStatus' DESC 'Used to store a set of status of a person as user of services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) #---------------------------------------------------------------------- # ObjectClasses #---------------------------------------------------------------------- objectClass ( schacObjectClass:1 NAME 'schacPersonalCharacteristics' DESC 'Personal characteristics describe the individual person represented by the entry' AUXILIARY MAY ( schacMotherTongue $ schacGender $ schacDateOfBirth $ schacPlaceOfBirth $ schacCountryOfCitizenship $ schacSn1 $ schacSn2 $ schacPersonalTitle ) ) objectClass ( schacObjectClass:2 NAME 'schacContactLocation' DESC 'Primary means of locating and contacting potential collaborators and other persons-of-interest at peer institutions' AUXILIARY MAY ( schacHomeOrganization $ schacHomeOrganizationType $ schacCountryOfResidence $ schacUserPresenceID ) ) objectClass ( schacObjectClass:3 NAME 'schacEmployeeInfo' DESC 'Employee information includes attributes that have relevance to the employee role, such as position, office hours, and job title' AUXILIARY MAY ( schacPersonalPosition ) ) objectClass ( schacObjectClass:4 NAME 'schacLinkageIdentifiers' DESC 'Used to link a directory entry with records in external data stores or other directory entries' AUXILIARY MAY ( schacPersonalUniqueCode $ schacPersonalUniqueID $ schacUUID ) ) objectClass ( schacObjectClass:5 NAME 'schacEntryMetadata' DESC 'Used to contain information about the entry itself, often its status, birth, and death' AUXILIARY MAY ( schacExpiryDate ) ) objectClass ( schacObjectClass:6 NAME 'schacEntryConfidentiality' DESC 'Used to indicate whether an entry is visible publicly, visible only to affiliates of the institution, or not visible at all' AUXILIARY MAY ( schacUserPrivateAttribute ) ) objectClass ( schacObjectClass:7 NAME 'schacUserEntitlements' DESC 'Authorization for services' AUXILIARY MAY ( schacUserStatus ) ) #---------------------------------------------------------------------- # End of SCHAC schema #----------------------------------------------------------------------