...
An Identity Provider is NOT REQUIRED to release a persistent, non-reassigned, non-targeted identifier to a given R&S Service Provider unless one or more of eduPersonPrincipalName
, eduPersonUniqueId
, or eduPersonTargetedID
is listed in Service Provider metadata using <md:RequestedAttribute>
, regardless of the presence or lack of isRequired
. Similarly, an Identity Provider is NOT REQUIRED to release any other R&S attribute (mail
, displayName
, givenName
, or sn
) unless that attribute is listed in Service Provider metadata using <md:RequestedAttribute>
, regardless of the presence or lack of isRequired
.
Any other attribute listed in Service Provider metadata is out of scope with respect to this specification.
...