...
R&S is used in the eduGAIN interfederation to make services available to users of the higher education institution around the world. The R&S makes it possible to automatically release mostly harmless attributes to Service Providers within the higher educational sector. The expected IdP behaviour is to release the Service Provider set of R&S Category Attributes (eptid, eppn, email, displayName, surname, given name and scoped affiliation plus the SWAMID addons eduPersonUniqueID and eduPersonAssurancee). The requested subset of attributes for a specific service is defined in metadata. There is furthermore an identity provider entity support category that should be registered for all IdP that supports the R&S Category that can be used for filter purpose in a discovery service.
...
Attribute(s) | SAML2 Attribute Identifier | Comment |
---|---|---|
eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | Only released if eduPersonPrincipalName is reassignable in the Identity Provider. |
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | |
eduPersonUniqueID | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | eduPersonUniqueID is a long term unique identifier that will not be reused by the Identity Provider. It may be the same value as eduPersonPrincipalName if that attriubte is non-reassignable. Services shall only expect this attribute to be available from Identity Providers within SWAMID. |
urn:oid:0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
displayName and/or givenName and sn | urn:oid:2.16.840.1.113730.3.1.241 | A user's name can be released in different ways and it's recommended expected that the Service Provider can handle this. |
eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | Services shall only expect this attribute to be available from Identity Providers within SWAMID. |
eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 |
...