urn:mace | urn:mace:dir:attribute-def:eduPersonPrincipalName |
urn:oid | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
Multiplicity | single-valued |
Data type | UTF8 String of the form user@scope |
Description | Unique identifier for a user. |
Examples | piet.jønsen@example.e not.a@vålîd.émail.addreß |
Notes | - This attribute is a scoped identifier for a person. It should be represented as user@scope, where user is a name-based identifier for a person. The scope part of the attribute must be part of an administrative domain of the identity system where the identifier was created and assigned. An IdP can have multiple values for the scopescopes, e.g. piet@student.hartingcollege.nl or piet@hartingcollege.nl. These Piet's are different persons in this case.
- It is common that schacHomeOrganization is the same as the used scope, if no other scopes are defined.
- Although this value resembles an email address, it MUST NOT be used as an email address. In many cases mail cannot be delivered to this "address".
- Even though this value uniquely identifies a user, it is not guaranteed that it is persistent over sessions (even though it usually is).
- It is preferred to not use this to uniquely identify users. Use the NameId instead.
- SURFconext will store the allowed domain part for your institution in our configuration so we can check that no illegal values are being sent.
|