- It will be scoped in a non-standard way. The format will be two characters to designate the UC location, followed by no more than 10 alphanumeric characters assigned by that location. For example, "RI1234567890" could designate Jane Doe at UC Riverside. The following are the two-character location codes:
- BE - UC Berkeley
- DA - UC Davis
- IR - UC Irvine
- LA - UC Los Angeles
- ME - UC Merced
- RI - UC Riverside
- SD - UC San Diego
- SF - UC San Francisco
- SB - UC Santa Barbara
- SC - UC Santa Cruz
- OP - UC Office of the President
- LB - Lawrence Berkeley National Labs
- It will not be reassigned to more than one person by the same campus within the five-year lifetime of the identifier.
- Duplicate identifiers for an individual should be rare from a single campus, but are allowed.
- Duplicates will occur for people who are assigned UCTrustCampusIDShort's by multiple campuses.
- UCTrustCampusIDShort will be deprecated on or before July 1, 2012. If at any time before that date there are no current applications that need UCTrustCampusIDShort to operate, the UCTrust Work Group may choose to deprecate it sooner.
UCTrust: Common Identity Attributes
(8/6/2007)
-
It is essential that UCTrust participants support and use common
definitions for certain basic identity attributes. The formal specification of identity management attributes for use within UCTrust, ucEduPerson, is an augmentation of the eduPerson attributes that are used by InCommon. Additional elements may be added from time to time but
the definition and meaning of existing attributes is not expected to
change.
Participants need not be able to assert all attributes but when they do assert an attribute from that schema the meaning of that attribute must match the definition provided in the specification.
The attributes that all participants should be able to recognize is identified in the table below. Note that, while no attributes are required by UCTrust, they have been selected because they are required by services that are offerred to members of UCTrust.
The table below shows UCTrust's extensions to the InCommon attribute set.
| Attribute |
URN |
Description |
| UCnetID |
urn:oid:2.16.840.1.113916.1.1.4.1 |
UCnetID, as assigned by UC's Universitywide Demographics Database. The UCnetID is an integer that uniquely identifies a single member of the UC community. This integer is transmitted between UCOP and the campuses in the form of a ten-character field with the digits representing the UCnetID left justified within the field. Note that the number of digits in the UCnetID may be increased in the future. |
| UCTrustAssurance |
urn:oid:2.16.840.1.113916.1.1.5 |
UCTrust Assurance. This
multivalued attribute defines the UCTrust assurance associated with a
particular SAML-2 assertion. Values for this attribute are of the
form urn:mace:universityofcalifornia.edu :ucidentity:attributes:assurance:* |
| UC Campus Employee ID | urn:oid:2.16.840.1.113916.1.1.6 | UC Campus Employee ID. This single-valued attribute contains the nine-digit employee ID (including leading zeros), as defined by the University's Payroll/Personnel System (PPS) and issued by this IdP's campus, qualified by the campus's top domain name provided to InCommon. For example, 012345678@ucla.edu would be the value for employee ID 012345678 at UCLA. |
| UCTrust Short Campus ID | urn:oid:2.16.840.1.113916.1.1.7 | To facilitate a migration to long identifiers, UCTrustCampusIDShort, will be available for a limited transition period, no more than five years. It will not exceed 12 characters in length, it will contain only alphanumeric characters, and its persistence will not be greater than five years.
|
These attributes are formally described for LDAP servers as the ucEduPerson object class.
The entire registry of UC Object Identifies (OIDs) and Uniform Resource Names (URNs) is provided in URNs and OIDs for the University of California.
[ Back to ITLC Home Page ]