The eduPersonEntitlement (ePE) attribute enables an organisation to assert that a user satisfies an additional set of specific conditions that apply for access to a particular resource. A user may possess different values of the eduPersonEntitlement attribute relevant to different resources.
This provides an escape mechanism allowing an IdP to assert one or more entitlements, typically specified by an SP, on behalf of particular IdP users. An example use case would be asserting that a particular user is entitled to access a particular resource under the terms of the relevant licence.
Values for ePE have the form of Uniform Resource Identifiers (URIs), most frequently using the 'http' or 'urn' schemes. In the case of a value using the 'http' scheme, the UK Federation recommends but does not require that the value resolve to a document giving the definition of the value.