Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 46 Next »

Element Name

uhReleasedGrouping

Description

This has all the released groupings that a person belongs to.  Each such grouping represents an application or function for which all grouping members have been authorized.


UH Groupings owners may select this attribute as an optional "synchronization destination" in order to make membership information available to CAS-enabled applications. 

You can leverage UH Groupings as a central authorization management resource.  Basically, you create groupings to represent who is authorized to do something in your application, then release those groupings by choosing uhReleasedGrouping as a sync destination.  Now your application, can simply look for your own groupings when this attribute is returned by CAS/LDAP.  It is simple, and you do not need to write or maintain your own authorization code or authorization data.


While membership updates to a UH Grouping are usually reflected in this attribute within 2 minutes, it could take much longer under heavy load.


As an added convenience, ITS provides various uhReleasedGrouping values available for general use (this page is restricted to the UH community).

UH Data Classification

Restricted per Executive Policy 2.214

LDAP Attribute Info

  • Name: uhReleasedGrouping
  • OID: 1.3.6.1.4.1.2160.1.1.1.66
  • Indexing: yes (equality,substring)
  • Required: no
  • Multivalued: yes(1)

Required Format for Storage

string(256), format: {a..z}{A..Z}{0..9}{:-._+=}

Example Stored Data(2)

manoa-campus-arboretum-club-members

obf:ffa3423857510105ea8927332792387392892349324bdf892ada

hawaii.edu:store:uhims:general:mfa-enabled

Systems of Record 

Notes

  1. There is no significance to the order of appearance. No assumptions can be made about the contents of the first row, for example.
  2. The full path of the grouping won't be used.  Only the group id, the last component of the colon-separated path will be used.  The namespace is controlled to avoid collisions even if the full path is not used here.
  3. Information on the UH Groupings service is available: UH Groupings.
  4. Information on the CAS service is available: UH Web Login Service.
  5. This attribute may indicate that a person is a student, which is FERPA-protected information, hence the "Restricted" data classification.
  • No labels