The following table shows the core identifier attributes documented by federations for IdPs and SPs.
Note that those identified as core tend to be those that are specifically called out in federation documentation. This does not mean that IdPs and SPs within the federation do not make use of other identifiers.
Federation | "Core" Identifiers | Position | Reference |
|---|---|---|---|
| Aconet, eduID.at | eduPersonTargetedID (a.k.a. SAML2 persistent NameID, eduPersonPrincipalName ( mail ( | all IDPs should be able to generate the list of attributes specified | https://wiki.univie.ac.at/display/federation/Attributes |
Australia, AAF | Required that all IdPs are able to release | http://aaf.edu.au/technical/aaf-core-attributes/ | |
Belgium, Belnet R&E Federation | No specific recommendations found | ||
| Canada - Canadian Access Federation | No specific recommendations found | ||
| Croatia - AAI@EduHr | hrEduPersonUniqueID (mandatory) uid (mandatory) cn (mandatory) sn (mandatory) givenName (mandatory) mail (mandatory) hrEduPersonUniqueNumber (mandatory) hrEduPersonOIB (mandatory) hrEduPersonPersistentID (mandatory) hrEduPersonCardNum (optional)
| Mandatory / optional as listed | http://shema.aaiedu.hr/shema/ |
| Czech Republic - eduID.cz | eduPersonPrincipalName (required to populate) cn (required to populate) eduPersonTargetedID (required to populate) givenName sn | As listed | http://eduid.cz/cs/tech/attributes |
| Finland - Haka | |||
| France - Fédération Éducation-Recherche | |||
Germany - DFN-AAI | |||
| Greece - GRNET AAI | |||
Ireland - Edugate | |||
Italy - IDEM | |||
Japan - GakuNin | |||
Norway - FEIDE | |||
Spain - SIR | |||
| Sweden - SWAMID | eduPersonPersistentID - (eptid) eduPersonPrincipalName (eppn) givenName, sn, displayName (or cn in some cases) norEduPersonNIN | https://portal.nordu.net/display/SWAMID/Attribute+Profile | |
| Switzerland - SWITCHaai | swissEduPersonUniqueID (urn:oid:2.16.756.1.2.5.1.1.1) eduPersonTargetedID (a.k.a. SAML2 persistent NameID) email, givenName, sn The following ones only for interfederation enabled IdPs: eduPersonUniqueId | Core attributes are mandatory to implement, but not guaranteed to be available for all SPs. | https://www.switch.ch/aai/attributes/ |
| The Netherlands - SurfConext | The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below). The two supported NameID types, for respectively persistent and transient NameID specifiers, are:
| Supported as appropriate via central hub. | https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext |
| USA - InCommon | List of attributes commonly used. | http://www.incommon.org/federation/attributesummary.html. | |
| UK - UK Access Management Federation | eduPersonTargetedID eduPersonPrincipalName | Recommended that IdPs are able to release. | http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf. |