...
All other attributes listed in Service Provider metadata are out of scope with respect to this specification.
8. Examples
...
Example 1. The R&S Service Provider requests refedsNonPrivateUserID, refedsPersonName, and refedsEmailAddress in metadata.
An Identity Provider that supports R&S releases the full R&S bundle (refedsNonPrivateUserID, refedsPersonName, and refedsEmailAddress).
Example 2. The R&S Service Provider requests eduPersonUniqueId, displayName, and mail in metadata.
An Identity Provider that supports R&S releases the full R&S bundle (refedsNonPrivateUserID, refedsPersonName, and refedsEmailAddress). Compare with Example 1.
Example 3. The R&S Service Provider requests refedsNonPrivateUserID and refedsEmailAddress in metadata.
An Identity Provider that supports R&S releases at least refedsNonPrivateUserID and refedsEmailAddress. Some Identity Providers will release refedsPersonName as well. Presumably the latter do not filter on requested attributes in metadata.
Example 4. The R&S Service Provider requests refedsUserID in metadata.
An Identity Provider that supports R&S releases at least the refedsNonPrivateUserID attribute. Other Identity Providers may release any persistent, non-reassigned user identifier, including refedsPrivateUserID (i.e., eduPersonTargetedID) but this is out of scope with respect to this specification.
Example 5. The R&S Service Provider requests refedsEmailAddress in metadata.
An Identity Provider that supports R&S releases the refedsEmailAddress attribute.
| Note | ||
|---|---|---|
| ||
| Registrars should discourage R&S Service Providers from relying on an email address as a user identifier. |
...
5. Attribute Request
Service Providers SHOULD request a subset of R&S Category Attributes that represent only those attributes that the Service Provider requires to operate its service.
...