Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The R&S attribute bundle consists of the following three meta-attributes:

  • persistent, non-reassigned, non-targeted user identifier
  • mailperson name
  • displayName
  • givenName
  • sn (surname)
  • email address

where user identifier is an intentionally trackable (where a persistent, non-reassigned, non-targeted) identifier is defined to  to be any one of the following:

  1. eduPersonPrincipalName (if non-reassigned)
  2. eduPersonUniqueId
  3. eduPersonPrincipalNameeduPersonTargetedID

and where person name is defined to be at least one of the following:

  1. displayName
  2. givenName + sn (surname)

and where email address is defined to be the mail attribute.

An Identity Provider MUST release R&S attributes to any conforming R&S Service Provider upon request, in one of two ways:

...

An Identity Provider is NOT REQUIRED to release a persistent, non-reassigned, non-targeted identifier the user identifier meta-attribute to a given R&S Service Provider unless one or more of eduPersonPrincipalName, eduPersonUniqueId, or eduPersonTargetedID is listed requested in Service Provider metadata using <md:RequestedAttribute> , regardless of the presence or lack of isRequired, without regard for the isRequired XML attribute. Similarly, an aIdentity Provider is NOT REQUIRED to release any other R&S attribute (mail, displayName, givenName, or sn) unless that attribute is listed in Service Provider metadata using <md:RequestedAttribute> , regardless of the presence or lack of isRequiredthe person name meta-attribute to a given R&S Service Provider unless one or more of displayNamegivenName, or sn (surname) is requested in Service Provider metadata, without regard for the isRequired XML attribute. Finally, an Identity Provider is NOT REQUIRED to release the email address meta-attribute unless the mail attribute is requested in Service Provider metadata, without regard for the isRequired XML attribute.

Any other attribute listed in Service Provider metadata is out of scope with respect to this specification.

...