Child pages
  • REFEDS Attribute Registry
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

REFEDS Attribute Registry

Contents

User Identifier

FriendlyName: refedsUserID
Name: http://refeds.org/attribute/refedsUserID

A User Identifier is defined to be either a Private User Identifier or a Non-Private User Identifier.

An Identity Provider (or Attribute Authority) is said to release a User Identifier when it releases at least one of the following attributes on the wire:

  1. eduPersonUniqueId

  2. eduPersonPrincipalName (if non-reassigned)

  3. eduPersonTargetedID

A Service Provider is said to request a User Identifier when it does so directly, as shown in the following example.

Example

Here is an example of an abstract User Identifier requested in Service Provider metadata:

<md:RequestedAttribute FriendlyName="refedsUserID"
   Name="http://refeds.org/attribute/refedsUserID"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

Non-Private User Identifier

FriendlyName: refedsNonPrivateUserID
Name:
http://refeds.org/attribute/refedsNonPrivateUserID

A Non-Private User Identifier is a persistent, non-reassigned, non-targeted identifier.

An Identity Provider (or Attribute Authority) is said to release a Non-Private User Identifier when it releases at least one of the following attributes (or attribute combinations) on the wire:

  1. eduPersonUniqueId

  2. eduPersonPrincipalName (if non-reassigned)

  3. eduPersonPrincipalName + eduPersonTargetedID

A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonUniqueId attribute in metadata or a query. A Service Provider may also request a Non-Private User Identifier directly, as shown in the following example.

Example

Here is an example of an abstract Non-Private User Identifier requested in Service Provider metadata:

<md:RequestedAttribute FriendlyName="refedsNonPrivateUserID"
   Name="http://refeds.org/attribute/refedsNonPrivateUserID"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

Private User Identifier

FriendlyName: refedsPrivateUserID
Name:
http://refeds.org/attribute/refedsPrivateUserID

A Private User Identifier is a persistent, non-reassigned, targeted identifier. By definition, a Private User Identifier is synonymous with the eduPersonTargetedID attribute.

An Identity Provider (or Attribute Authority) is said to release a Private User Identifier when it releases the eduPersonTargetedID attribute on the wire. A Service Provider is said to request a Non-Private User Identifier when it requests the eduPersonTargetedID attribute in metadata or a query. A Service Provider may also request a Private User Identifier directly, as shown in the following example.

Example

Here is an example of an abstract Private User Identifier requested in Service Provider metadata:

<md:RequestedAttribute FriendlyName="refedsPrivateUserID"
   Name="http://refeds.org/attribute/refedsPrivateUserID"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

Person Name

FriendlyName: refedsPersonName
Name:
http://refeds.org/attribute/refedsPersonName

A Person Name is a human-readable name for the person (or subject) involved in a federated transaction.

An Identity Provider (or Attribute Authority) is said to release a Person Name when it releases at least one of the following attributes (or attribute combinations) on the wire:

  1. displayName

  2. givenName + sn (surname)

A Service Provider is said to request a Person Name when it requests the displayName attribute in metadata or a query. A Service Provider may also request a Person Name directly, as shown in the following example.

Example

Here is an example of an abstract Person Name requested in Service Provider metadata:

<md:RequestedAttribute FriendlyName="refedsPersonName"
   Name="http://refeds.org/attribute/refedsPersonName"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

Email Address

FriendlyName: refedsEmailAddress
Name:
http://refeds.org/attribute/refedsEmailAddress

An Email Address is an electronic mail address for the person (or subject) involved in a federated transaction. By definition, an Email Address is synonymous with the mail attribute.

An Identity Provider (or Attribute Authority) is said to release an Email Address when it releases the mail attribute on the wire. A Service Provider is said to request an Email Address when it requests the mail attribute in metadata or a query. A Service Provider may also request an Email Address directly, as shown in the following example.

Example

Here is an example of an abstract Email Address requested in Service Provider metadata:

<md:RequestedAttribute FriendlyName="refedsEmailAddress"
   Name="http://refeds.org/attribute/refedsEmailAddress"
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
  • No labels