...
Federation | "Core" Identifiers | Position | Reference |
---|---|---|---|
AconetACOnet, eduID.at | eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:1.3.6.1.4.1.5923.1.1.1.10 ), though "the use of the eduPersonTargetedID attribute should be phased out and replaced in SAML 2.0 usage".eduPersonPrincipalName ( urn:oid:1.3.6.1.4.1.5923.1.1.1.6 )mail ( urn:oid:0.9.2342.19200300.100.1.3 )Matrikelnummer where applicable: Matrikelnummer (national student immatriculation number, as SCHAC personalUniqueCode attribute), though use should be limited to student administration systems | all IDPs should be able to generate the list of attributes specified (in the referenced documentation) | Make attributes available |
Australia, AAF | Required that all IdPs are able to release | http://aaf.edu.au/technical/aaf-core-attributes/ | |
Belgium, Belnet R&E Federation | No specific recommendations found | ||
Canada - Canadian Access Federation | No specific recommendations found | ||
Croatia - AAI@EduHr | hrEduPersonUniqueID (mandatory) | Mandatory / optional as listed | http://shema.aaiedu.hr/shema/ |
Czech Republic - eduID.cz | eduPersonPrincipalName (required to populate) cn (required to populate) eduPersonTargetedID (required to populate) givenName sn | As listed | http://eduid.cz/cs/tech/attributes |
Finland - Haka | |||
France - Fédération Éducation-Recherche | |||
Germany - DFN-AAI | |||
Greece - GRNET AAI | |||
Ireland - Edugate | |||
Italy - IDEM | |||
Japan - GakuNin | |||
Norway - FEIDE | |||
Spain - SIR | |||
Sweden - SWAMID | eduPersonPersistentID - (eptid) | https://portal.nordu.net/display/SWAMID/Attribute+Profile | |
Switzerland - SWITCHaai | swissEduPersonUniqueID (urn:oid:2.16.756.1.2.5.1.1.1) The following ones only for interfederation enabled IdPs: | Core attributes are mandatory to implement, but not guaranteed to be available for all SPs. | https://www.switch.ch/aai/attributes/ |
The Netherlands - SurfConext | The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below). The two supported NameID types, for respectively persistent and transient NameID specifiers, are:
| Supported as appropriate via central hub. | https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext |
USA - InCommon | eduPersonPrincipalName | List of attributes commonly used. | http://www.incommon.org/federation/attributesummary.html. |
UK - UK Access Management Federation | eduPersonTargetedID | Recommended that IdPs are able to release. | http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf. |