Identity providers are encouraged to release the R&S attribute bundle to all R&S service providers:
It is easy to configure a Shibboleth IdP to release the R&S attribute bundle to all R&S SPs. If, however, you are using SAML software that does not support entity attributes, consider releasing the Essential Attribute Bundle to all SPs instead.
An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S service providers without administrative involvement, either automatically or subject to user consent.
The following attributes constitute a minimal subset of the R&S attribute bundle:
For the purposes of access control, a non-reassigned persistent identifier is REQUIRED. If your deployment of
eduPersonPrincipalName is non-reassigned, it will suffice. Otherwise you MUST release
eduPersonTargetedID (which is non-reassigned by definition) in addition to
eduPersonPrincipalName. In any case, release of both identifiers is RECOMMENDED.
A sufficiently capable IdP deployment can optimize attribute release based on the
<md:RequestedAttribute> elements in SP metadata:
eduPersonPrincipalNameattribute in metadata, and the IdP's deployment of
eduPersonPrincipalNamecan be reassigned, then the IdP MUST release both
eduPersonTargetedIDto the SP regardless of whether
eduPersonTargetedIDis listed in metadata.
Beyond the two special cases noted above, an identity provider is NOT REQUIRED to release any attribute not listed in metadata.