You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Definition

A persistent, non-reassigned, opaque identifier for a principal.
http://macedir.org/specs/eduperson/#eduPersonTargetedID

The contents of the eduPersonTargetedID attribute is a SAML 2.0 persistent NameID. This is sometimes called a "service-specific pseudonym" in that it's an opaque identifier that differs for each service a subject is accessing. I.e., Service A and Service B cannot profile (or match) subjects based on the identifier alone, as each service will know the subject by a different NameID value.

Note that saml2int (the Interoperable SAML2.0 Deployment Profile used in the global Research & Education community, also normative part of the eduID.at Technical Profile) recommends to transmit persistent NameIDs in the Subjectof the SAML Assertion, not as an (eduPersonTargetedID) Attribute. Our own documentation on PersistentIDs covers both cases, sending the NameID in the Assertion's Subject as well as sending it as an eduPersonTargetedID Attribute.

More technical information:

  • No labels