Research & Scholarship Attribute Bundle
IdPs Identity providers are encouraged to release the R&S attribute bundle to all R&S SPsservice providers:
- Identifiers
eduPersonPrincipalName
eduPersonTargetedID
- Mail attribute
mail
- Person name attributes
displayName
givenName
sn
(surname)
- Authorization attribute
eduPersonScopedAffiliation
Note | ||
---|---|---|
| ||
An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S SPs service providers without administrative involvement, either automatically or subject to user consent. |
...
For the purposes of access control, a non-reassigned persistent identifier MUST be released is REQUIRED. If your deployment of eduPersonPrincipalName
is non-reassigned, it will suffice. Otherwise you MUST release eduPersonTargetedID
(which is non-reassigned by definition) in addition to eduPersonPrincipalName
. In any case, release of both identifiers is RECOMMENDED.
If a service provider lists any of the person name attributes in metadata, the identity provider MUST release some form of person name, either displayName
or givenName
+ sn
. Beyond that, an identity provider is NOT REQUIRED to release any attribute not listed in metadata.