With an understanding of common application uses of the directory information collections of attributes have created. These connections are called bundles. The bundles make selecting which data to use from the directory simpler by replacing the task of choosing among several hundred attributes with the choice of a handful of bundles. For most applications, particularly web applications, the webAuthGeneral allows access to a set of attributes that provides basic authentication and identification data. While the most command application usage is with WebAuth, Stanford University's web-based authentication system, bundles are not specific to WebAuth and can be used by any application accessing the directory. It is strongly recommended that unless an application has special requirements that a bundles be used.
Bundle access to directory data is, in most cases, not subject to privacy restrictions defined in the directory. As with access to all privacy restricted data in the directory, the access must be approved by the owners of the data (see Directory Usage Policy). To request access to directory data using an attribute bundle visit the Requesting Access. When requesting access multiple bundles can be requested. For example, in addition to basic name information some applications can make use of other forms of a person's name and it makes sense to have access to both the webAuthGeneral and suName bundles.
The following attribute bundles have been defined in the Stanford Directory.
- A set of attributes that allows applications to control access using Stanford Workgroup infrastructure and grants access to basic name and affiliation data.
- A set of attributes that allows applications to control access using Stanford Workgroup infrastructure and grants access to basic name, affiliation, and identification data.
- stanfordWho (people_sugal_full)
- The same set of attributes displayed by Stanford Who subject to the same privacy controls as the StanfordWho applications. This means that any attribute with the visibility set to private will not be available. Only those attributes set to "stanford" or "public" will be available. This is exposed as the suGAL* attributes in the suGALperson Object Class.
- A set of attributes that allows access to a large set of name data for a person entry in the directory.
- A set of attributes that allows access to a large set of name and affiliation data for a person entry in the directory.
- This bundle is a collection of the telephone number, email address, and postal addresses for entries in the cn=people branch of the directory.
- The attributes in the posixAccount objectclass and the suPrivilegeGroup attribute. Generally access is filtered by either an individual Workgroup or a Workgroup stem.
- The attributes in the posixGroup objectclass and the suPrivilegeGroup attribute. Generally access is filtered by either an individual Workgroup or a Workgroup stem.
Public Access to Directory Data
In addition to the data defined by a bundle all bundles have access to the following set of attributes that is marked as World Visisble.
World visibility read on:
- cn, facsimileTelephoneNumber, generationQualifier, givenName, homePhone, homePostalAddress, labeledURI, mail, mobile, objectclass, o, ou, pager, personalTitle, postalAddress, sn, street, suDisplayAffiliation, suDisplayNameFirst, suDisplayNameMiddle, suDisplayNameLast, suDisplayNamePrefix, suDisplayNameSuffix, suEmailPager, suFacultyAppointment, suFacultyAppointmentShort, suGwAffilAddress1, suGwAffilAddress2, suGwAffilAddress3, suGwAffilAddress4, suGwAffilAddress5, suGwAffilCode1, suGwAffilCode2, suGwAffilCode3, suGwAffilCode4, suGwAffilCode5, suGwAffilFax1, suGwAffilFax2, suGwAffilFax3, suGwAffilFax4, suGwAffilFax5, suGwAffiliation1, suGwAffiliation2, suGwAffiliation3, suGwAffiliation4, suGwAffiliation5, suGwAffilMailCode1, suGwAffilMailCode2, suGwAffilMailCode3, suGwAffilMailCode4, suGwAffilMailCode5, suGwAffilPhone1, suGwAffilPhone2, suGwAffilPhone3, suGwAffilPhone4, suGwAffilPhone5, suLocalAddress, suLocalPhone, suMailAddress, suMailCode, suOtherName, suPermanentPhone, suPermanentAddress, suProfile, suSearchID, suSunetID, suUniqueIdentifier, telephoneNumber, title