Versions Compared

Old Version 5

changes.mady.by.user Tom Scavo

Saved on

compared with

New Version 6

changes.mady.by.user Tom Scavo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FriendlyName: refedsUserID
Name: http://refeds.org/attribute/refedsUserID

A User Identifier is defined to be either a Private User Identifier or a Non-Private User Identifier.

An Identity Provider (or Attribute Authority) is said to release a User Identifier when it releases at least one of the following attributes on the wire:

  1. eduPersonTargetedID

  2. eduPersonUniqueId

  3. eduPersonPrincipalName (if non-reassigned)

  4. eduPersonTargetedID

A Service Provider is said to request a User Identifier when it does so directly, as shown in the following example.

...

A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonUniqueId attribute in metadata or a query. A Alternatively, a Service Provider may also request a Non-Private User Identifier directly, as shown in the following example.

...

Code Block
languagexml
<md:RequestedAttribute FriendlyName="refedsNonPrivateUserID"
   Name="http://refeds.org/attribute/refedsNonPrivateUserID"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

Private User Identifier

FriendlyName: refedsPrivateUserID
Name: http://refeds.org/attribute/refedsPrivateUserID

A Private User Identifier is a persistent, non-reassigned, targeted identifier. By definition, a Private User Identifier is synonymous with the eduPersonTargetedID attribute.

An Identity Provider (or Attribute Authority) is said to release a Private User Identifier when it releases the eduPersonTargetedID attribute on the wire. A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonTargetedID attribute in metadata or a query. A Service Provider may also request a Private User Identifier directly, as shown in the following example.

Example

Here is an example of an abstract Private User Identifier requested in Service Provider metadata:

Code Block
languagexml
<md:RequestedAttribute FriendlyName="refedsPrivateUserID"
   Name="http://refeds.org/attribute/refedsPrivateUserID"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

Person Name

FriendlyName: refedsPersonName
Name: http://refeds.org/attribute/refedsPersonName

...

A Service Provider is said to request a Person Name when it requests the displayName attribute in metadata or a query. A Alternatively, a Service Provider may also request a Person Name directly, as shown in the following example.

Example

Here is an example of an abstract Person Name requested in Service Provider metadata:

...

An Identity Provider (or Attribute Authority) is said to release an Email Address when it releases the mail attribute on the wire. A Service Provider is said to request an Email Address when it requests the mail attribute in metadata or a query. A Alternatively, a Service Provider may also request an Email Address directly, as shown in the following example.

Example

Here is an example of an abstract Email Address requested in Service Provider metadata:

...