Page History
...
Warning |
---|
Use of the |
...
- All forms of
eduPersonTargetedID
attribute as well as all forms of the SAML 2.0 persistent NameID itself suffer from a case folding issue (when using base64 encoding) that may lead to identifier collisions at Service Providers not treating identifiers as case-sensitive. Consider this an informal Security Advisory against any use of this attribute (or persistent NameIDs in general). - saml2int – the Interoperable SAML 2.0 Deployment Profile, a normative part of eduID.at via the Technical Profile – states in Version 0.2 that persistent NameIDs should be transmitted in the
Subject
of the SAML Assertion, not as an eduPersonTargetedID Attribute (value). So use of eduPersonTargetedID within eduID.at actually constitutes a formal policy violation. - Also note that the new version of saml2int goes much farther and states that:
...
Overview
Content Tools
Tasks