Versions Compared

Old Version 11

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 12

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The contents of the eduPersonTargetedID attribute is a SAML 2.0 persistent NameID. This is sometimes called a "service-specific pseudonym" in that it's an opaque identifier that differs for each service a subject is accessing. I.e., Service A and Service B cannot profile (or match) subjects based on the identifier alone, as each service will know the subject by a different NameID value.

Note that saml2int (the SAML deployment profile Interoperable SAML2.0 Deployment Profile used in the global Research & Education community, also normatively referenced in normative part of the eduID.at Technical Profile) recommends to transmit persistent NameIDs in the Subjectof the SAML Assertion, not as an (eduPersonTargetedID) Attribute. Our own documentation on PersistentIDs covers both cases, sending the NameID in the Assertion's Subject as well as sending it as an eduPersonTargetedID Attribute.

...