Child pages
  • R&S Clarification Proposal

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Service Providers are strongly encouraged to support all of the specified alternatives for the shared user identifier and person name attributes described in Section 5 to maximize interoperability. Failure to do so will result in problems even when working exclusively with Identity Providers that claim support for the category.


In the case of the eduPersonTargetedID attribute, this recommendation includes the ability to support SAML 2.0's "persistent" Name Identifier format, which is the recommended modern expression of the eduPersonTargetedID attribute in SAML 2.0.

Pursuant to the requirements in Section 7, Service Providers can rely on the non-reassignment of eduPersonPrincipalName values being provided that the asserting Identity Provider exhibits the R&S entity attribute in its metadata AND no accompanying eduPersonTargetedID attribute is recieved.

Alternatively, Service Providers can obtain a non-reassigned shared user identifier by combining (e.g., concatenating) the eduPersonPrincipalName and eduPersonTargetedID values. If a given combination of the two values ever changes, Service Providers can assume that the eduPersonPrincipalName has been reassigned and now represents a different subject.

A Service Provider that conforms to R&S would exhibit the following entity attribute in SAML metadata: