Child pages
  • Identifiers Used in Federations

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: more compact fomatting, update ACOnet links and text

...

Federation

"Core" IdentifiersPositionReference
ACOnet, eduID.at
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:1.3.6.1.4.1.5923.1.1.1.10), though: "the use of the eduPersonTargetedID attribute should be phased out and replaced in SAML 2.0 usage".
  •  eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6)
  • mail (urn:oid:0.9.2342.19200300.100.1.3)
  • displayName (urn:oid:2.16.840.1.113730.3.1.241)
  • givenName (urn:oid:2.5.4.42)
  • sn/surname (urn:oid:2.5.4.4)
  • where applicable: Matrikelnummer (national student immatriculation number, as SCHAC personalUniqueCode attribute)
, though use
  • . Use should be limited to student administration systems
all IDPs should be able to generate the list of attributes specified (in the referenced documentation)

Make attributes available
https://wiki.univie.ac.at/display/federation/Attributes

Australia, AAF

Required that all IdPs are able to releasehttp://aaf.edu.au/technical/aaf-core-attributes/

Belgium, Belnet R&E Federation

No specific recommendations found  
Canada - Canadian Access FederationNo specific recommendations found  
Croatia - AAI@EduHr
  • hrEduPersonUniqueID (mandatory)
  • uid (mandatory)
  • cn (mandatory)
  • sn (mandatory)
  • givenName (mandatory)
  • mail (mandatory)
  • hrEduPersonUniqueNumber (mandatory)
  • hrEduPersonOIB (mandatory)
  • hrEduPersonPersistentID  (mandatory)
  • hrEduPersonCardNum (optional)
Mandatory / optional as listedhttp://shema.aaiedu.hr/shema/
Czech Republic - eduID.cz
  • eduPersonPrincipalName (required to populate)
  • cn (required to populate)
  • eduPersonTargetedID (required to populate)
  • givenName
  • sn
  • mail
As listedhttp://eduid.cz/cs/tech/attributes
Finland - Haka   
France - Fédération Éducation-Recherche   

Germany - DFN-AAI

   
Greece - GRNET AAI   

Ireland - Edugate

   

Italy - IDEM

   

Japan - GakuNin

   

Norway - FEIDE

   

Spain - SIR

   
Sweden - SWAMID
  • eduPersonPersistentID - (eptid)
  • eduPersonPrincipalName (eppn)
  • givenName, sn, displayName (or cn in some cases)
  • norEduPersonNIN
 https://portal.nordu.net/display/SWAMID/Attribute+Profile
Switzerland - SWITCHaai
  • swissEduPersonUniqueID (urn:oid:2.16.756.1.2.5.1.1.1)
  • eduPersonTargetedID (a.k.a. SAML2 persistent NameID)
  • email, givenName, sn

The following ones only for interfederation enabled IdPs:

Core attributes are mandatory to implement, but not guaranteed to be available for all SPs.https://www.switch.ch/aai/attributes/
The Netherlands - SurfConext

The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below). The two supported NameID types, for respectively persistent and transient NameID specifiers, are:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Supported as appropriate via central hub.https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext
USA - InCommonList of attributes commonly used.http://www.incommon.org/federation/attributesummary.html.
UK - UK Access Management Federation
  • eduPersonTargetedID
  • eduPersonPrincipalName
Recommended that IdPs are able to release.http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf.