Child pages
  • Identifiers Used in Federations

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Federation

"Core" IdentifiersPositionReference
Aconet, eduID.at  

eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:1.3.6.1.4.1.5923.1.1.1.10)

eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6)

mail (urn:oid:0.9.2342.19200300.100.1.3)

 
all IDPs should be able to generate the list of attributes specifiedhttps://wiki.univie.ac.at/display/federation/Attributes

Australia, AAF

auEduPersonSharedToken

displayName

eduPersonTargetedID

mail

Required that all IdPs are able to releasehttp://aaf.edu.au/technical/aaf-core-attributes/

Belgium, Belnet R&E Federation

No specific recommendations found  
Canada - Canadian Access FederationNo specific recommendations found  
Croatia - AAI@EduHr

hrEduPersonUniqueID (mandatory)

uid (mandatory)

cn (mandatory)

sn (mandatory)

givenName (mandatory)

mail (mandatory)

hrEduPersonUniqueNumber (mandatory)

hrEduPersonOIB (mandatory)

hrEduPersonPersistentID  (mandatory)

hrEduPersonCardNum (optional)

 

Mandatory / optional as listedhttp://shema.aaiedu.hr/shema/
Czech Republic - eduID.cz   
eduPersonPrincipalName (required to populate)

cn (required to populate)

eduPersonTargetedID (required to populate)

givenName

sn

mail

As listedhttp://eduid.cz/cs/tech/attributes
Finland - Haka   
France - Fédération Éducation-Recherche   

Germany - DFN-AAI

   
Greece - GRNET AAI   

Ireland - Edugate

   

Italy - IDEM

   

Japan - GakuNin

   

Norway - FEIDE

   

Spain - SIR

   
Sweden - SWAMID

eduPersonPersistentID - (eptid)

eduPersonPrincipalName (eppn)

givenName, sn, displayName (or cn in some cases)

norEduPersonNIN

 https://portal.nordu.net/display/SWAMID/Attribute+Profile
Switzerland - SWITCHaai

swissEduPersonUniqueID (urn:oid:2.16.756.1.2.5.1.1.1)

eduPersonTargetedID (a.k.a. SAML2 persistent NameID)

 email, givenName, sn

 The following ones only for interfederation enabled IdPs:

 eduPersonUniqueId

 eduPersonPrincipalName

cn, displayName

Core attributes are mandatory to implement, but not guaranteed to be available for all SPs.https://www.switch.ch/aai/attributes/
The Netherlands - SurfConext

The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below).

The two supported NameID types, for respectively persistent and transient NameID specifiers, are:

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Surname

Given name

Common name

Display name

Email address

Supported as appropriate via central hub.https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext
USA - InCommon

eduPersonPrincipalName

eduPersonTargetedID

sn

givenName

displayName

mail

List of attributes commonly used.http://www.incommon.org/federation/attributesummary.html.
UK - UK Access Management Federation

eduPersonTargetedID

eduPersonPrincipalName

Recommended that IdPs are able to release.http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf.