Additional attributes are attributes that are not included in the CUD attribute set, these are available on application. You must have a good reason for using additional attributes, access to which will be considered in consultation with the data owner.
Requests for access to additional SITS attributes (those within the "cud:uas_sits:" namespace) should normally be submitted by IT Support Staff. The Identity and Access Management team will then seek further authorisation from the local Information Custodian, and/or Student Systems in the case of attributes deemed especially sensitive.
Please use the following email template to request access to additional attributes:
Subject: Request for additional CUD attributes
Please supply access to additional CUD attributes as follows:
Name: <your name>
SSO username/service principal name: <username or principal>
Additional attributes requested:
Reason for access:
When completing the email
- the ITSS section should be answered Y/N, depending on whether you appear in the ITSS register
- you must provide a Reason for access whether or not you are ITSS
- the SSO username/service principal name is the name of the login which requires access to the additional attributes. In the CUD UI this will be an SSO username. For other interfaces this will be the kerberos service principal name which has already been granted access to CUD (usually via SQL Push or REST interface), and its name is normally in the form cud/<host fqdn>@OX.AC.UK
- Additional attributes requested is the list of names of the additional attributes requested, taken from the complete list of attributes.
Please note that for requests to release additional SITS attributes (those within the cud:uas_sits: namespace), we will need to seek approval from the local Information Custodian (IC).