Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 All other attributes listed in Service Provider metadata are out of scope with respect to this specification.

8. Examples

...

Example 1. The R&S Service Provider requests refedsNonPrivateUserID, refedsPersonName, and refedsEmailAddress in metadata.

An Identity Provider that supports R&S releases the full R&S bundle (refedsNonPrivateUserIDrefedsPersonName, and refedsEmailAddress).

Example 2. The R&S Service Provider requests eduPersonUniqueIddisplayName, and mail in metadata.

An Identity Provider that supports R&S releases the full R&S bundle (refedsNonPrivateUserIDrefedsPersonName, and refedsEmailAddress). Compare with Example 1.

Example 3The R&S Service Provider requests refedsNonPrivateUserID and refedsEmailAddress in metadata.

An Identity Provider that supports R&S releases at least refedsNonPrivateUserID and refedsEmailAddress. Some Identity Providers will release refedsPersonName as well. Presumably the latter do not filter on requested attributes in metadata.

Example 4. The R&S Service Provider requests refedsUserID in metadata.

An Identity Provider that supports R&S releases at least the refedsNonPrivateUserID attribute. Other Identity Providers may release any persistent, non-reassigned user identifier, including refedsPrivateUserID (i.e., eduPersonTargetedID) but this is out of scope with respect to this specification.

 

Example 5. The R&S Service Provider requests refedsEmailAddress in metadata.

 

An Identity Provider that supports R&S releases the refedsEmailAddress attribute.

Note
titleDo not rely on email address as an identifier!
Registrars should discourage R&S Service Providers from relying on an email address as a user identifier.


...

5. Attribute Request

Service Providers SHOULD request a subset of R&S Category Attributes that represent only those attributes that the Service Provider requires to operate its service.

...