Attribute Bundles
Essential Attribute Bundle
IdPs are encouraged to release the essential attribute bundle to the broadest class of SPs possible, subject to policy.
eduPersonPrincipalName
mail
displayName
givenName
sn
(surname)
Note: If your deployment of eduPersonPrincipalName
is non-reassigned, and your IdP releases the essential attribute bundle to all SPs, then your IdP supports Research & Scholarship by definition.
Research & Scholarship Attribute Bundle
IdPs are encouraged to release the R&S attribute bundle to all R&S SPs, subject to policy.
eduPersonPrincipalName
eduPersonTargetedID
mail
displayName
givenName
sn
(surname)eduPersonScopedAffiliation
An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S SPs without administrative involvement, either automatically or subject to user consent.
Minimal Subset of the R&S Attribute Bundle
The following attributes constitute a minimal subset of the R&S attribute bundle:
eduPersonPrincipalName
mail
displayName
OR (givenName
ANDsn
)
For the purposes of access control, a non-reassigned persistent identifier is required. If your deployment of eduPersonPrincipalName
is non-reassigned, it will suffice. Otherwise you MUST release eduPersonTargetedID
(which is non-reassigned by definition) in addition to eduPersonPrincipalName
. In any case, release of both identifiers is RECOMMENDED.