Jump to: 


eduPersonTargetedID (eptid) is a user identifier attribute defined in the eduPerson LDAP object class. It is a persistent, non-reassigned, opaque identifier.  eduPersonTargetedID is designed to prevent two relying parties receiving user information from an Identity Provider from correlating user information, thus revealing the user identity when it is not intended. 

LDAP Syntax

Directory String

# of Valuesmulti-valued

eduPersonTargetedID is deprecated. It will be marked as obsolete in a future release of the eduPerson Object Class specification.

See: Why is eduPersonTargetedID deprecated?

Use in the InCommon Federation

eduPersonTargetedID is deprecated. Deployers who currently rely on eduPersonTargetedID should devise plans to transition to use the SAML 2 Pairwise Subject Identifier instead.  

eduPersonTargetedID may be required to satisfy the REFEDS Research & Scholarship (R&S) entity category's requirement for shared user identifier if the IdP's implementation of eppn permits reassignment. 

SAML Response Example

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"         
                ID="..." Version="2.0" IssueInstant="2020-07-17T01:01:48Z" 
                Destination="..." InResponseTo="...">
  <saml:Assertion ...>
      <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
                      Name="urn:oid:" FriendlyName="eduPersonTargetedID" 
         <saml:AttributeValue xsi:type="xsd:string">?todo?provide-example-eptid</saml:AttributeValue>

See Also