This page gives some examples of how attributes which are asserted by social identity providers (via both OAuth and OpenID) could be mapped to MACE-Dir/SAML attributes.
In most cases, it still needs to be verified whether the value for |
MACE-Dir SAML Attribute |
OAuth Attribute |
Example Value |
Notes |
---|---|---|---|
|
|
Lucas |
|
|
|
Rockwell |
|
|
|
Lucas Rockwell |
See |
|
|
Lucas Rockwell |
Duplicate of |
|
|
lr@lucasrockwell.com |
|
|
|
lucasrockwell |
Can be blank, and a user can change this once for the lifetime of their account. |
|
|
lucasrockwell@facebook.com |
|
|
|
*http://facebook.com!12...71* |
|
MACE-Dir SAML Attribute |
OpenID Attribute |
Example Value |
Notes |
---|---|---|---|
|
|
Lucas |
|
|
|
Rockwell |
|
|
|
|
Google does not provide |
|
|
|
Google does not provide |
|
|
lucasrockwell@gmail.com |
|
|
|
|
Google does not provide |
|
|
lucasrockwell@gmail.com |
Using http://axschema.org/contact/email for |
|
Private Personal Identifier (PPID) |
** |
An opaque, per-SP identifier, just like ePTID |
MACE-Dir SAML Attribute |
OpenID Attribute |
Example Value |
Notes |
---|---|---|---|
|
|
Lucas |
|
|
|
Rockwell |
|
|
|
|
LinkedIn does not provide |
|
|
|
LinkedIn does not provide |
|
|
|
LinkedIn does not provide |
|
|
Y...r |
|
|
|
Y...r@linkedin.com |
Local part is the same value as |
|
|
*http://linkedin.com!Y...r* |
Unique value is the same value as |
MACE-Dir SAML Attribute |
OpenID Attribute |
Example Value |
Notes |
---|---|---|---|
|
|
|
Twitter does not provide |
|
|
|
Twitter does not provide |
|
|
Lucas Rockwell |
|
|
|
Lucas Rockwell |
|
|
|
|
Twitter does not provide |
|
|
lucasrockwell |
|
|
|
lucasrockwell@twitter.com |
|
|
|
*http://twitter.com!1...5* |
|
MACE-Dir SAML Attribute |
OpenID Attribute |
Example Value |
Notes |
---|---|---|---|
|
|
Lucas |
|
|
|
Rockwell |
|
|
|
|
Windows Live does not provide |
|
|
|
Windows Live does not provide |
|
|
lr@lucasrockwell.com |
This is not necessarily an address @hotmail.com. |
|
|
fd...89 |
|
|
|
fd...89@windowslive.com |
Local part is the same value as |
|
|
*http://windowslive.com!fd...89* |
Unique value is the same value as |
The matrix below lists various attributes and which providers supply those attributes. Note: This table is not complete.
Provider |
First Name |
Last Name |
Transient Email* |
Persistent Email |
Human-readable Unique ID |
Machine-readable Unique ID |
SP-specific ID |
---|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
Google OAuth |
|
|
|
|
|
(Appears user can only look it up if Google+ is enabled for the account.) |
|
Google OpenID |
|
|
|
|
|
|
|
|
|
|
|
(Only if enabled via the Public Profile Settings page.) |
|
|
|
|
|
|
|
|
|
|
|
Windows Live |
|
|
|
|
|
|
|
* Unless the email address ends in the domain of the provider, then the likelihood that the the user can change at their whim is pretty high. This is great if you are using email as email, i.e., you want to actually know the user's email address. On the other hand, this can have very significant impacts on your service if you are trying to use email as the basis for eduPersonPrincipalName. |