User Tools

Site Tools


Person Affiliations Explained

Release 1.0
Date 02/19/2003


The eduPersonAffiliation and eduPersonPrimaryAffiliation person attributes provide data about how people are affiliated with Virginia Tech, but each is meant for a different audience. This paper will clarify what each attribute is meant to be used for, what their possible values are, and give some examples of when they might be used.

Primary Affiliation

The eduPersonPrimaryAffiliation attribute is an attribute used to communicate, to other institutions, the most basic affiliation a person has with Virginia Tech. This attribute is used in conjunction with systems like Shibboleth1) to allow other universities to make authorization decisions about this person. This attribute should NEVER be used by internal Virginia Tech systems for purposes of authorization, it is strictly meant as an external, to VT, facing attribute.


alum This value is set for any person who is an alumnus of Virginia Tech.
student This value is set for any person who is currently taking a class at Virginia Tech. If a student is not currently taking a class, for whatever reason (e.g. during the summer), they are not marked as a student in their primary affiliation
faculty Any active, meaning not retired, faculty of Virginia Tech
staff Any active, meaning not retired, staff of Virginia Tech
affiliate A person who is temporarily associated with Virginia Tech such as extension personnel or ROTC officers.

Example uses

As mentioned above this attribute is not to be used by internal VT applications but is instead used when communicating with other universities. Here are a few examples of how it may be used.

  1. Virginia Tech has setup up an agreement to allow its students to use restricted resources at the University of Virginia's library. When an authenticated VT user attempts to access the restricted information UVA checks that person’s primary affiliation. If the user is a student UVA allows access, if not the user is denied access.
  2. In order to keep the most accurate and timely information for the number of faculty and staff currently working at Virginia Tech (for ranking purposes), VT allows certain college review bodies to view its directory and get the number of faculty and staff currently active at VT.

Standard Affiliations

The eduPersonAffiliation attribute gives all the affiliations a person associated with Virginia Tech has with the university. This attribute is meant to be used by internal applications, and will often be used in authorization logic. It’s vitally important to realize that this attribute can, and almost always will, have more then one value, which is a change from the current affiliation tracking systems. Also, unlike the current affiliation tracking systems, the Enterprise Directory tracks affiliations of individuals not traditionally affiliated with VT. Therefore to differentiate between these other individuals and traditional VT affiliates a namespace identifier has been pre-pended to the affiliation names. Current the two namespaces identifiers are “vt” which identify people traditionally affiliated with VT and “vcom” which identifies individuals affiliated with the Edward Via College of Osteopathic Medicine (VCOM).


See Affiliation Definitions maintained by IMS.

Example uses

The affiliations above can be used, in conjunction with other person information stored in the Enterprise Directory, to construct very powerful authorization and personalization logic in an application. Here are some examples of this:

  1. MyVT checks the person a person’s affiliations when they log in. The person has the following affiliations: vt-active-member, vt-student, vt-student-enrolled, vt-alum. From this information MyVT can determine that the student is authorized to use MyVT, since any active-member, or alum is allowed access. It can also construct a personalized view of the portal by adding elements designed for students and alumni into the standard layout for people.
  2. The Dean of Students office wants to only allow new freshmen to view a certain section of their website. Their website inspects an authenticated person’s affiliations and undergraduateLevel. If the person has an affiliation of vt-student-enrolled and an undergraduateLevel of freshman they are allowed to view the website.
  3. A department wishes to only allow only department employees to view a special section of their website. They setup the website such that you must have an affiliation of vt-employee and a department equal to their department name.
middleware/ed/affiliations.txt · Last modified: 2015/06/01 12:02 (external edit)