REFEDS Attribute Registry
Contents
User Identifier
FriendlyName: refedsUserID
Name: http://refeds.org/attribute/refedsUserID
An User Identifier is a persistent, non-reassigned identifier.
An Identity Provider (or Attribute Authority) is said to release a User Identifier when it releases at least one of the following attributes on the wire:
eduPersonTargetedID
eduPersonUniqueId
eduPersonPrincipalName
(if non-reassigned)
A Service Provider is said to request a User Identifier when it does so directly, as shown in the following example.
Example
Here is an example of an abstract User Identifier requested in Service Provider metadata:
<md:RequestedAttribute FriendlyName="refedsUserID" Name="http://refeds.org/attribute/refedsUserID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
Non-Private User Identifier
FriendlyName: refedsNonPrivateUserID
Name: http://refeds.org/attribute/refedsNonPrivateUserID
A Non-Private User Identifier is a persistent, non-reassigned, non-targeted identifier.
An Identity Provider (or Attribute Authority) is said to release a Non-Private User Identifier when it releases at least one of the following attributes (or attribute combinations) on the wire:
eduPersonUniqueId
eduPersonPrincipalName
(if non-reassigned)
A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonUniqueId
attribute in metadata or a query. Alternatively, a Service Provider may request a Non-Private User Identifier directly, as shown in the following example.
Example
Here is an example of an abstract Non-Private User Identifier requested in Service Provider metadata:
<md:RequestedAttribute FriendlyName="refedsNonPrivateUserID" Name="http://refeds.org/attribute/refedsNonPrivateUserID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
Person Name
FriendlyName: refedsPersonName
Name: http://refeds.org/attribute/refedsPersonName
A Person Name is a human-readable name for the person (or subject) involved in a federated transaction.
An Identity Provider (or Attribute Authority) is said to release a Person Name when it releases at least one of the following attributes (or attribute combinations) on the wire:
displayName
givenName
+sn
(surname)
A Service Provider is said to request a Person Name when it requests the displayName
attribute in metadata or a query. Alternatively, a Service Provider may request a Person Name directly, as shown in the following example.
Example
Here is an example of an abstract Person Name requested in Service Provider metadata:
<md:RequestedAttribute FriendlyName="refedsPersonName" Name="http://refeds.org/attribute/refedsPersonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
Email Address
FriendlyName: refedsEmailAddress
Name: http://refeds.org/attribute/refedsEmailAddress
An Email Address is an electronic mail address for the person (or subject) involved in a federated transaction. By definition, an Email Address is synonymous with the mail
attribute.
An Identity Provider (or Attribute Authority) is said to release an Email Address when it releases the mail
attribute on the wire. A Service Provider is said to request an Email Address when it requests the mail
attribute in metadata or a query. Alternatively, a Service Provider may request an Email Address directly, as shown in the following example.
Example
Here is an example of an abstract Email Address requested in Service Provider metadata:
<md:RequestedAttribute FriendlyName="refedsEmailAddress" Name="http://refeds.org/attribute/refedsEmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>