Versions Compared

Old Version 10

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 11

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

Use of the eduPersonUniqueID attribute should be phased out and replaced with the subject-id attribute from the OASIS SAML 2.0 SubjectID Attributes Profile.

Issues

  • The eduPersonUniqueID attribute suffers from a case folding issue (due to allowing use of both upper and lower case characters) that may lead to identifier collisions at Service Providers not treating identifiers case-insensitively. Consider this an informal Security Advisory against any use of this attribute.
  • Also note that the new version newer versions of saml2int – which is a formal part of the eduID.at policy via the Technical Profile – goes  – go much farther and states that:

...