...
The R&S attribute bundle consists of the following three meta-attributes:
- persistent, non-reassigned, non-targeted user identifier
mailperson namedisplayNamegivenNamesn(surname)- email address
where user identifier is an intentionally trackable (where a persistent, non-reassigned, non-targeted) identifier is defined to to be any one of the following:
eduPersonPrincipalName(if non-reassigned)eduPersonUniqueIdeduPersonPrincipalName+eduPersonTargetedID
and where person name is defined to be at least one of the following:
displayNamegivenName+sn(surname)
and where email address is defined to be the mail attribute.
An Identity Provider MUST release R&S attributes to any conforming R&S Service Provider upon request, in one of two ways:
...
An Identity Provider is NOT REQUIRED to release a persistent, non-reassigned, non-targeted identifier the user identifier meta-attribute to a given R&S Service Provider unless one or more of eduPersonPrincipalName, eduPersonUniqueId, or eduPersonTargetedID is listed requested in Service Provider metadata using <md:RequestedAttribute> , regardless of the presence or lack of isRequired, without regard for the isRequired XML attribute. Similarly, an an Identity Provider is NOT REQUIRED to release any other R&S attribute (mail, displayName, givenName, or sn) unless that attribute is listed in Service Provider metadata using <md:RequestedAttribute> , regardless of the presence or lack of isRequiredthe person name meta-attribute to a given R&S Service Provider unless one or more of displayName, givenName, or sn (surname) is requested in Service Provider metadata, without regard for the isRequired XML attribute. Finally, an Identity Provider is NOT REQUIRED to release the email address meta-attribute unless the mail attribute is requested in Service Provider metadata, without regard for the isRequired XML attribute.
Any other attribute listed in Service Provider metadata is out of scope with respect to this specification.
...