...
- Services selling products or offering discounts to staff or students based on their affiliation.
What Attributes should be released as part of R&S?
The "attribute bundle" for R&S is defined in section 6 of the specification. The specification sets out a set of attributes that Identity Providers are encourage to release as follows:
- personal identifiers: email address, person name, eduPersonPrincipalName.
- pseudonymous identifier: eduPersonTargetedID.
- affiliation: eduPersonScopedAffiliation.
Service Providers should only request attributes that the service actually uses, so for example if email address is not required by the service it should not be requested. The specification does not explicitly prevent Providers from requesting attributes outside the R&S attribute bundle but the expectation is that they should not. R&S works at its optimum for both Identity Providers and Service Providers when the bundle is treated as the maximum set of attributes requested. Service Providers requiring more unique / bespoke attribute bundles should talk to the REFEDS community.
What exactly is meant by a "production SAML deployment?"
...