...
R2. It must have the ability to Assign/Assert ePPNs.
R3. It must have the ability to Assign/Assert ePTIDs or provide a SAML2 persistent NameID if ePPNs are re-assignable.
...
Service providers need a single consistent primary identifier to key off all information about a person. If this key changes, or the same key is subsequently assigned to a different user, then the original person’s settings, history, and related data are lost to them. Requirements R2 and R3, taken together, guarantee that
...
a suitable identifier will be available to the SP.
R4. It must accept SP requests for authentication contexts via the standard SAML2 Authentication Request Protocol.
...
If there are charges associated with a researcher's use of the IdP of Last Resort, some percentage of them will simply refuse to use it, thus thwarting the SPs goal of making their service available to all its potential users. Further, many projects funded by national agencies such as the National Science Foundation cannot operate in a mode where users must pay a fee to access the project's resources.
R15. The IdPoLR service shall employ techniques to minimize system failures and ensure that any failures are not likely to result in inaccurate Assertions being sent to SPs.
...