Stay safe. Stay home. www.sacoronavirus.co.za.

Attribute: eduPersonTargetedID

A persistent, service-specific pseudonym that opaquely but uniquely identifies the subject.

Note: Direct use of this attribute is deprecated and it should not be consumed by new services — please make use of the SAML2 Subject NameID instead (which contains exactly the same value subject to the same rules).

Attribute Definition

Friendly Name eduPersonTargetedID
OID urn:oid:1.3.6.1.4.1.5923.1.1.1.10
Description

A persistent, service-specific pseudonym that opaquely but uniquely identifies the subject.

Note: Direct use of this attribute is deprecated and it should not be consumed by new services — please make use of the SAML2 Subject NameID instead (which contains exactly the same value subject to the same rules).

Format

Single valued, guaranteed unique for a specific service provider. Not transferable between different service providers. The name identifier value will not be longer than 256 characters in length, but the exact presentation (and thus length) of this attribute is defined by the service provider.

eduPersonTargetedId is generated by the Federation Operator.

References
Example 24d66f51ac1c0b140e617af335b9abb4b8d88a5b
Additional Notes

eduPersonTargetedID is an abstracted version of the SAML V2.0 Name Identifier format of “urn:oasis:names:tc:SAML:2.0:nameid-format:persistent”. In SAML, this is an XML construct consisting of a string value inside a <saml:NameID> element along with a number of XML attributes, of most significance NameQualifier and SPNameQualifier, which identify the source and intended audience of the value. Per the SAML format definition, the identifier portion must not exceed 256 characters, and the source and audience URI values must not exceed 1024 characters.

In SAFIRE’s case, the attribute consists of a <saml:NameID> element with the audience URI (SPNameQualifier) set to the entityID of the service provider. The name identifier value typically consists of a 40 character SHA1 hash generated from private information, but we reserve the right to change the algorithm and/or increase the length of this in future.

South African Identity Federation