The following table shows the core identifier attributes documented by federations for IdPs and SPs.
Note that those identified as core tend to be those that are specifically called out in federation documentation. This does not mean that IdPs and SPs within the federation do not make use of other identifiers.
Federation | "Core" Identifiers | Position | Reference |
|---|---|---|---|
| ACOnet, eduID.at | eduPersonTargetedID (a.k.a. SAML2 persistent NameID, urn:oid:1.3.6.1.4.1.5923.1.1.1.10), though "the use of the eduPersonTargetedID attribute should be phased out and replaced in SAML 2.0 usage".eduPersonPrincipalName ( urn:oid:1.3.6.1.4.1.5923.1.1.1.6)mail ( urn:oid:0.9.2342.19200300.100.1.3)where applicable: Matrikelnummer (national student immatriculation number, as SCHAC personalUniqueCode attribute), though use should be limited to student administration systems | all IDPs should be able to generate the list of attributes specified (in the referenced documentation) | Make attributes available |
Australia, AAF | Required that all IdPs are able to release | http://aaf.edu.au/technical/aaf-core-attributes/ | |
Belgium, Belnet R&E Federation | No specific recommendations found | ||
| Canada - Canadian Access Federation | No specific recommendations found | ||
| Croatia - AAI@EduHr | hrEduPersonUniqueID (mandatory) | Mandatory / optional as listed | http://shema.aaiedu.hr/shema/ |
| Czech Republic - eduID.cz | eduPersonPrincipalName (required to populate) cn (required to populate) eduPersonTargetedID (required to populate) givenName sn | As listed | http://eduid.cz/cs/tech/attributes |
| Finland - Haka | |||
| France - Fédération Éducation-Recherche | |||
Germany - DFN-AAI | |||
| Greece - GRNET AAI | |||
Ireland - Edugate | |||
Italy - IDEM | |||
Japan - GakuNin | |||
Norway - FEIDE | |||
Spain - SIR | |||
| Sweden - SWAMID | eduPersonPersistentID - (eptid) | https://portal.nordu.net/display/SWAMID/Attribute+Profile | |
| Switzerland - SWITCHaai | swissEduPersonUniqueID (urn:oid:2.16.756.1.2.5.1.1.1) The following ones only for interfederation enabled IdPs: | Core attributes are mandatory to implement, but not guaranteed to be available for all SPs. | https://www.switch.ch/aai/attributes/ |
| The Netherlands - SurfConext | The user's identity is transmitted in the form of the NameID element of the SAML statement. Every Identity Provider must supply a NameID, but for privacy reasons SURFconext will generate a new one regardless. For convenience, this identifier is duplicated in the SAML attribute eduPersonTargetedID (see below). The two supported NameID types, for respectively persistent and transient NameID specifiers, are:
| Supported as appropriate via central hub. | https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext |
| USA - InCommon | eduPersonPrincipalName | List of attributes commonly used. | http://www.incommon.org/federation/attributesummary.html. |
| UK - UK Access Management Federation | eduPersonTargetedID | Recommended that IdPs are able to release. | http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf. |