...
- By unconditionally releasing the complete R&S attribute bundle; OR
- By filtering attributes from the R&S attribute bundle based on the
<md:RequestedAttribute>elements in Service Provider metadata, regardless of whether the optionalisRequiredXML attribute is (or is not) present.
An An Identity Provider is NOT REQUIRED to release the non-private user identifier attribute to a given R&S Service Provider unless one or more of eduPersonUniqueId, eduPersonPrincipalName, or eduPersonTargetedID is requested in Service Provider metadata, without regard for the isRequired XML attribute. Similarly, an Identity Provider is NOT REQUIRED to release the person name attribute to an R&S attribute to a given R&S Service Provider unless one or more of displayName, givenName, or sn (surname) that attribute is requested in Service Provider metadata, without regard for the isRequired XML attribute. Finally, an Identity Provider is NOT REQUIRED to release the email address attribute unless the mail attribute is requested in Service Provider metadata, without regard for the isRequired XML attribute.Any other attribute Any other attributes listed in Service Provider metadata is out of scope with respect to this specification.
...