Subject’s email address.

Note that use of the mail attribute as a person identifier is strongly discouraged. Service providers looking for a person identifer should consider eduPersonTargetedId or eduPersonPrincipalName.

• RFC2798
• eduPerson
• RFC5322

Using mail as a person identifer can have serious information security implications. The mail attribute:-

• is multi-valued (a user may have more than one email address);
• not guarenteed to be unique (multiple users can share the same email address);
• not persistant (a person’s email address may change without warning);
• may be reassigned (a new person may get the same email address as someone who has left);
• is not validated against the <shibmd:Scope> elements, and may have a right-hand side that is not in-baliwick (i.e. it may contain a user’s personal example@gmail.com address rather than an institutional address).