Alignment of RWTH Single Sign-On attributes with IDM.nrw specifications
Adjusting eduPersonAffiliations for user groups in the RWTH Single Sign-On
For certain groups of individuals, the eduPersonAffiliation in RWTH Aachen University’s identity management system will change in the future.
The eduPersonAffiliation is an attribute used in federated identity management (such as DFN-AAI in Germany or SWITCHaai in Switzerland) within the higher education and training sector. It describes the nature of a person’s relationship (affiliation) with an institution.
The change will take place in stages between June 1, 2026, and June 3, 2026 (tentative).
This adjustment is based on the legal requirements set forth in
- The Higher Education Act of the State of North Rhine-Westphalia (Higher Education Act – HG),
- the Art College Act (KunstHG),
- University statutes or regulations
- the Statutory Ordinance for the University Hospitals of Aachen, Bonn, Düsseldorf, Essen, Cologne, and Münster (University Hospital Ordinance – UKVO)
- and other specific regulations, if applicable.
Based on this, IDM.nrw has issued recommendations for the consistent assignment of eduPersonAffiliations by universities in North Rhine-Westphalia. The goal is to standardize the categories of individuals specified in the laws across all universities, thereby facilitating federated identity management in North Rhine-Westphalia..
For more information or the table of user groups, please refer to the relevant documentation from IDM.nrw.
The following table provides an overview of the user groups currently affected as well as future affiliations:
| User group | eduPersonAffiliations before | eduPersonAffiliations after |
|---|---|---|
| apl. Professor*innen | member, faculty | member, employee, faculty |
| Professor*innenvertreter*innen (Externe Lehrkörper) | member, faculty | member, employee, faculty |
| Professor*innenvertreter*innen (Uniklinik Aachen) | member, employee | member, employee, faculty |
| Hochschulrat | - | member |
| SHKs | member, employee | member, employee, staff |
| WHKs mit Bachelor | member, employee | member, employee, staff |
| WHKs mit Master | member, employee | member, employee, staff |
| Professor*innen + Juniorprofessor*innen (Uniklinik Aachen) | member, employee | member, employee, faculty |
| Emeritierte (Uniklinik Aachen) | member, employee | member, employee, faculty |
| Lehrbeauftragte (Uniklinik Aachen) | member, employee | member, employee, faculty |
| Lehrbeauftragte (Externe Lehrkörper) | - | member, employee, faculty |
| Wissenschaftliche Mitarbeiter*innen | member, employee | member, employee, faculty |
| Gastprofessor*innen | member, faculty | affiliate |
| Professor*innen im Ruhestand | member | - |
Please note that when the affiliations “faculty”, “staff”, and “other” (in the current adjustment, the “other” affiliation is not relevant) are assigned, the affiliation “employee” is also assigned.
For the affiliations “faculty”, “staff”, and “student”, the affiliation “member” is also assigned.
To date, the eduPersonAffiliation “staff” has not been assigned at RWTH, and the eduPersonAffiliation “faculty” (for faculty members) has been used only rarely.
For users of your service, this change may result in them gaining or losing access to certain services, depending on the authorization policy of your service that authenticates via RWTH Single Sign-On.
You should only review and, if necessary, adjust your configurations if you specifically allow certain user groups in your ServiceProvider based on their eduPersonAffiliation or grant them different permissions (e.g., for licensing reasons). If needed, you can further differentiate the user group using roles and groups, as you are aware. To do so, please contact the IT-ServiceDesk.
