...
eduPerson is an attribute schema that includes bindings to a Lightweight Directory Access Protocol (LDAP) schema and to SAML. It is designed to include and standardize widely-used person and organizational attributes in higher education and research that are not duplicated in other widely used objects such inetOrgPerson.
What is the aim of defining eduPerson attributes?
The chief aim is to align practice across organizations around a common set of attributes for information specific to higher education and to the IAM (Identity and Access Management) best practices promulgated by the Internet2 Middleware Initative Initiative and its various projects.
...
eduPerson extends and profiles existing schema standards to avoid reinvention while acknowledging that many older schemas lack specificity in certain respectsadding attributes specific to and useful for higher education and research.
How can use of eduPerson attributes protect users' privacy?
(a) Services can rely on generic attributes that do not identify a specific person, such as eduPersonAffiliation or eduPersonEntitlement. (b) Services that need to maintain internal record (to manage preferences say) can use eduPersonTargetedID, providing a unique ID but not readily correlated to PII or to activity in other services (more in response to the question on eduPersonTargetedID).
Are eduPerson attributes intended or actually used (consumed) as LDAP attributes, or as attributes in SAML assertions?
...
Attributes designed for searching, such as givenName, sn, or mail, are often not handled correctly if multiple values are supplied in a federated context. So in general, no, one can't assume that (and it may be necessary to release an alternative single-valued attribute to some services), but it is a good practice to report such bugs when they are identified. In terms of correctness, any multi-valued attributes is expected to be handled in that fashion in any context.
Why does eduPerson include the eduPersonOrcid attribute
...
but not eduPersonResearcherId? Won't this lead to new attributes for every kind of identifier?
Yes, it will, very deliberately. Combining multiple types of data into a single attribute precludes use cases in which only a subset of that data may be relevant, unless the data is encoded in a way that allows the different types of data to be recovered. That in turn adds extra work to a consumer of the data.
...