The UTORauth system is a hub that takes information from a collection of “Systems of Record”: the Repository of Student Information (ROSI), Human Resources Information System (HRIS), and others. These systems primarily use only an official name. A user's common name frequently differs from their official name. We’re enhancing UTORauth so that the common names will be more visible. The official name will still be available.

The SIS/ROSI and HRIS systems are being updated to support common and official names. And they are providing both the official and common names to UTORauth. Not all Systems of Record will have this facility. We offer a means for users set the common name via UTORid management web interface though, where possible, users should update via the appropriate Systems of Record.

Common Name Attributes in UTORauth and UTORable

We currently provide three attributes that present a user's name: givenName, sn (surname), and cn (full common name).  The cn attribute is the concatenation of givenName and sn, joined by a space.

We'll be using additional attributes: officialFirstName and displayName. Users will be able to choose a display name. Going forward, the display name will be preferred over officialFirstName when UTORable sets givenName and cn. For example:

 

Robert Smith	Catherine Williams
displayName: Bob officialFirstName: Robert givenName: Bob sn: Smith cn: Bob Smith	no displayName officialFirstName: Catherine givenName: Catherine sn: Williams cn: Catherine Williams

 

 

 

 

 

 

Most of our Shibboleth Service Providers (SPs) use only distinguishing attributes. These are attributes that are distinct for each user, such as UTORid, eduPersonPrincipalName (ePPN), UTID or mail. Some SPs use common names, though only distinguishing attributes should be used as primary keys for users.

Service Providers and Common Names

Some SPs use common names, which are available upon request. Do not use common names as distinguishing attributes, as there are people who share givenName, surname, and cn. Do not use common names as primary keys in any datastores. Use common names only to supplement or enhance the user interface.

If your system uses common names, be prepared for them to change. Even without the new officialFirstName/cn feature, names are subject to change due to corrections or changes in the user's official name (for example, as the result of a change in marital status).

Service Providers and Official Names

Some services need to make use of official names. There may be legal requirements for services that produce legal documents, or provide data to systems that produce legal documents. For example, a site that manages awards or financial transactions may need official names. Such sites should use the officialFirstName. Please send us a request for the IdP to present officialFirstName in its SAML Assertions.

Contact

For further details, email the Shib Admin team.