...
All other attributes listed in Service Provider metadata are out of scope with respect to this specification.
8. Examples
...
Example 1. The R&S Service Provider requests refedsNonPrivateUserID
, refedsPersonName
, and refedsEmailAddress
in metadata.
An Identity Provider that supports R&S releases the full R&S bundle (refedsNonPrivateUserID
, refedsPersonName
, and refedsEmailAddress
).
Example 2. The R&S Service Provider requests eduPersonUniqueId
, displayName
, and mail
in metadata.
An Identity Provider that supports R&S releases the full R&S bundle (refedsNonPrivateUserID
, refedsPersonName
, and refedsEmailAddress
). Compare with Example 1.
Example 3. The R&S Service Provider requests refedsNonPrivateUserID
and refedsEmailAddress
in metadata.
An Identity Provider that supports R&S releases at least refedsNonPrivateUserID
and refedsEmailAddress
. Some Identity Providers will release refedsPersonName
as well. Presumably the latter do not filter on requested attributes in metadata.
Example 4. The R&S Service Provider requests refedsUserID
in metadata.
An Identity Provider that supports R&S releases at least the refedsNonPrivateUserID
attribute. Other Identity Providers may release any persistent, non-reassigned user identifier, including refedsPrivateUserID
(i.e., eduPersonTargetedID
) but this is out of scope with respect to this specification.
Example 5. The R&S Service Provider requests refedsEmailAddress
in metadata.
An Identity Provider that supports R&S releases the refedsEmailAddress
attribute.
Note | ||
---|---|---|
| ||
Registrars should discourage R&S Service Providers from relying on an email address as a user identifier. |
...
5. Attribute Request
Service Providers SHOULD request a subset of R&S Category Attributes that represent only those attributes that the Service Provider requires to operate its service.
...