Attribute Bundles
Essential Attribute Bundle
IdPs are encouraged to release the essential attribute bundle to the broadest class of SPs possible:
- Identifier
eduPersonPrincipalName
- Mail attribute
mail
- Person name attributes
displayName
givenName
sn
(surname)
An Important Consequence of Releasing the Essential Attribute Bundle
If your deployment of eduPersonPrincipalName
is non-reassigned, and your IdP releases the essential attribute bundle to all SPs, then your IdP supports the Research & Scholarship Category by definition.
Research & Scholarship Attribute Bundle
IdPs are encouraged to release the Research & Scholarship attribute bundle to all R&S SPs:
- Identifiers
eduPersonPrincipalName
eduPersonTargetedID
- Mail attribute
mail
- Person name attributes
displayName
givenName
sn
(surname)
- Authorization attribute
eduPersonScopedAffiliation
Supporting the Research & Scholarship Category
An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S service providers without administrative involvement, either automatically or subject to user consent.
Minimal Subset of the R&S Attribute Bundle
The following attributes constitute a minimal subset of the R&S attribute bundle:
eduPersonPrincipalName
mail
displayName
OR (givenName
ANDsn
)
For the purposes of access control, a non-reassigned persistent identifier is REQUIRED. If your deployment of eduPersonPrincipalName
is non-reassigned, it will suffice. Otherwise you MUST release eduPersonTargetedID
(which is non-reassigned by definition) in addition to eduPersonPrincipalName
. In any case, release of both identifiers is RECOMMENDED.