Page History

...

The content (attribute value) of the eduPersonTargetedID attribute is defined to be a SAML 2.0 persistent NameID (cf. MACE-Dir SAML Attribute Profiles, section 3.3.1.1, lines 390-393), i.e., an XML structure. Abstractly it's a 3-tuple made up of the IDP's entityID, the SP's entityID and the subject-specific part. It could be called a "service-specific pseudonym" in that it's an opaque identifier that differs for each service a subject is accessing.

Deprecation

The eduPersonTargetedID SAML Attribute has officially been deprecated. No new deployments should be making use of this attribute and any existing deployments should make plans to migrate to the SAML pairwise-id attribute. The new replacement attribute is simpler and therefore preferable in all regards: It's a simple attribute with simple string values (instead of a complex XML data structure), it has a single, consistent way of requirements signalling from the Service Provider and a single, consistent on-the-wire representation. It is also defined in an official OASIS SAML 2.0 Profile, not merely part of a community "standard" (eduPerson), and not specific to edu-anything. So transitioning to the pairwise-id SAML attribute should be started ASAP.

...