urn:mace | urn:mace:dir:attribute-def:mail |
urn:oid | urn:oid:0.9.2342.19200300.100.1.3 |
Multiplicity | multi-valued |
Data type | RFC-5322 address (max 256 chars) |
Description | e-mail address; syntax in accordance with RFC 5322 |
Examples | m.l.vermeegen@university.example.org "very.unusual.@.unusual.com"@example.com mlv@[IPv6:2001:db8::1234:4321]; the |
Notes | - Multiple email addresses are allowed. However, there's no clear strategy for SPs on how to interpret multiple addresses (use both? pick one? ask user to pick one?); the SP should devise a strategy that makes sense within the context of the application. As an IdP, in the interest of interoperability, it's advisable to avoid sending multiple addresses where possible.
- An email address is not necessarily the email address of this person at the institution.
- Do not use this attribute to uniquely identify a user. Use the NameId instead.
- A user's email address may change over time, or an IdP may allow a user to change this value themselves. This makes that attribute unsuitable for authentication and authorization purposes.
|