View Source

Attribute Bundles

Essential Attribute Bundle

IdPs are encouraged to release the essential attribute bundle to the broadest class of SPs possible:

Identifier
- eduPersonPrincipalName
Mail attribute
- mail
Person name attributes
- displayName
- givenName
- sn (surname)

If your deployment of eduPersonPrincipalName is non-reassigned, and your IdP releases the essential attribute bundle to all SPs, then your IdP supports the Research & Scholarship Category by definition.

Research & Scholarship Attribute Bundle

IdPs are encouraged to release the Research & Scholarship attribute bundle to all R&S SPs:

Identifiers
- eduPersonPrincipalName
- eduPersonTargetedID
Mail attribute
- mail
Person name attributes
- displayName
- givenName
- sn (surname)
Authorization attribute
- eduPersonScopedAffiliation

An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S service providers without administrative involvement, either automatically or subject to user consent.

Minimal Subset of the R&S Attribute Bundle

The following attributes constitute a minimal subset of the R&S attribute bundle:

eduPersonPrincipalName
mail
displayName OR (givenName AND sn)

For the purposes of access control, a non-reassigned persistent identifier is REQUIRED. If your deployment of eduPersonPrincipalName is non-reassigned, it will suffice. Otherwise you MUST release eduPersonTargetedID (which is non-reassigned by definition) in addition to eduPersonPrincipalName. In any case, release of both identifiers is RECOMMENDED.