...
FriendlyName: refedsUserID
Name: http://refeds.org/attribute/refedsUserID
A An User Identifier is defined to be either a Private User Identifier or a Non-Private User Identifier is a persistent, non-reassigned identifier.
An Identity Provider (or Attribute Authority) is said to release a User Identifier when it releases at least one of the following attributes on the wire:
eduPersonTargetedID
eduPersonUniqueId
eduPersonPrincipalName
(if non-reassigned)eduPersonTargetedID
A Service Provider is said to request a User Identifier when it does so directly, as shown in the following example.
...
eduPersonUniqueId
eduPersonPrincipalName
(if non-reassigned)eduPersonPrincipalName
+eduPersonTargetedID
A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonUniqueId
attribute in metadata or a query. A Alternatively, a Service Provider may also request a Non-Private User Identifier directly, as shown in the following example.
...
Code Block | ||
---|---|---|
| ||
<md:RequestedAttribute FriendlyName="refedsNonPrivateUserID"
Name="http://refeds.org/attribute/refedsNonPrivateUserID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> |
Private User Identifier
FriendlyName: refedsPrivateUserID
Name: http://refeds.org/attribute/refedsPrivateUserID
A Private User Identifier is a persistent, non-reassigned, targeted identifier. By definition, a Private User Identifier is synonymous with the eduPersonTargetedID
attribute.
An Identity Provider (or Attribute Authority) is said to release a Private User Identifier when it releases the eduPersonTargetedID
attribute on the wire. A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonTargetedID
attribute in metadata or a query. A Service Provider may also request a Private User Identifier directly, as shown in the following example.
Example
Here is an example of an abstract Private User Identifier requested in Service Provider metadata:
Code Block | ||
---|---|---|
| ||
<md:RequestedAttribute FriendlyName="refedsPrivateUserID"
Name="http://refeds.org/attribute/refedsPrivateUserID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> |
...
A Service Provider is said to request a Person Name when it requests the displayName
attribute in metadata or a query. A Alternatively, a Service Provider may also request a Person Name directly, as shown in the following example.
Example
Here is an example of an abstract Person Name requested in Service Provider metadata:
...
An Identity Provider (or Attribute Authority) is said to release an Email Address when it releases the mail
attribute on the wire. A Service Provider is said to request an Email Address when it requests the mail
attribute in metadata or a query. A Alternatively, a Service Provider may also request an Email Address directly, as shown in the following example.
Example
Here is an example of an abstract Email Address requested in Service Provider metadata:
...