...
An Identity Provider that does not release all of the required elements of the R&S attribute bundle (shared user identifier, person name, email address), for any reason, SHALL NOT exhibit the R&S entity attribute in its metadata. Exceptions that limit the release of attributes to specific R&S Service Providers may be permitted in the event of a security incident or other isolated circumstances.
A persistent, non-reassigned, non-targeted identifier is REQUIRED. If the Identity Provider’s deployment of eduPersonPrincipalName is non-reassigned, and the organization believes in good faith that it will remain so, it will suffice. Otherwise the Identity Provider MUST release eduPersonTargetedID (which is non-reassigned by definition) in addition to eduPersonPrincipalName. In any case, release of both shared user identifiers is RECOMMENDED. Likewise the .
At least one of displayName or givenName + sn is REQUIRED. The release of all three person name attributes (displayName, givenName, sn) is RECOMMENDED.
Identity Providers are strongly encouraged to release the entire attribute bundle (both required and optional attributes) defined in Section 5 to R&S category Service Providers, both to maximize interoperability and the scope of supported services. The only optional data element is affiliation, which while different in nature to the rest of the bundle, is important to many R&S services and is a particular differentiator for academic organizations.
...