...
| Strong match | Weak match | Remark | ||
| OIDC | ||||
| OICD OIDC Scope | OICD OIDC name | eduPerson name | ||
| profile | sub | eduPersonPrincipalName eduPersonTargetedID/NameID eduPersonUniqueId | See 'Identifier' Claims mapping tab | |
| name | cn displayName | Multi value issues? | ||
| given_name | givenName | |||
| family_name | sn (surname) | |||
| middle_name | ||||
| nickname | eduPersonNickname | EduPersonNickname not really used (?) | ||
| preferred_username | displayName | |||
| profile | labeledURI | description | labeledURI not really used (?) | |
| picture | jpegPhoto | jpegPhoto not really used (?) | ||
| website | ||||
| gender | ||||
| birthdate | optionally: schacYearOfBirth, schacDateOfBirth, but are these used? | |||
| zoneinfo | l (localityName) | l (localityName) not really used (?) | ||
| locale | preferredLanguage | |||
| address | ||||
| updated_at | Use SAML session info here? LDAP modify timestamp? | |||
| email_verified | Can we assume an institution email with the domainname of the institution is verified? | |||
| address | ||||
| address | postalAddress | street | ||
| postalCode | ||||
| postOfficeBox | ||||
| phone | ||||
| phone_number | mobile, telephoneNumber | homePhone | ||
| phone_number_verified | Can assume an institution phone nr provided by the IdP is verified? How would you know this is the IdP? |
...