...
- By unconditionally releasing the complete R&S attribute bundle; OR
- By filtering attributes from the R&S attribute bundle based on the
<md:RequestedAttribute>
elements in Service Provider metadata, regardless of whether the optionalisRequired
XML attribute is (or is not) present.
An An Identity Provider is NOT REQUIRED to release the non-private user identifier attribute to a given R&S Service Provider unless one or more of eduPersonUniqueId
, eduPersonPrincipalName
, or eduPersonTargetedID
is requested in Service Provider metadata, without regard for the isRequired
XML attribute. Similarly, an Identity Provider is NOT REQUIRED to release the person name attribute to an R&S attribute to a given R&S Service Provider unless one or more of displayName
, givenName
, or sn
(surname) that attribute is requested in Service Provider metadata, without regard for the isRequired
XML attribute. Finally, an Identity Provider is NOT REQUIRED to release the email address attribute unless the mail
attribute is requested in Service Provider metadata, without regard for the isRequired
XML attribute.Any other attribute Any other attributes listed in Service Provider metadata is out of scope with respect to this specification.
...