...
It is expected that there will be little discussion or controversy over releasing these attributes to R&S SPs for faculty, researchers, and staff. These people already routinely share this information with their collaborators. Releasing attributes for students, however, is probably covered by the U.S. FERPA law, and possibly by state law. There is a considered opinion, though, that it is perfectly legal to release FERPA directory information using Shibboleth/SAML. If a campus includes the R&S attributes in its list of Directory Information, then there should be no issue about releasing these attributes for students who have not opted out under FERPA. In addition, some registrars have concluded that the definition of the R&S category allows their campus to release directory information for every student (including those who have opted out under FERPA).
Today, most IdPs use Campuses are encouraged to implement a default attribute release policy that releases just an opaque identifier. Campuses can choose to extend this default policy to release some or all of the R&S attributes to SPs in the R&S category. Implementing this policy change Category; implementing this is a one-time change to the IdP configuration. Mechanisms When this is not possible, mechanisms for implementing such limiting controls are described below in "Technical Considerations." In the interest of facilitating collaboration and sharing of resources for as broad a community as possible, however, it is recommended that such controls be applied with as small a scope as possible.
...