Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
en:aai:attributes_best_practice [2021/07/14 15:15] – translated Silke Meyer | en:aai:attributes_best_practice [2021/09/30 19:28] – Wolfgang Pempe |
---|
====== Recommended Best Practices for the use of attributes in DFN-AAI ====== | ====== Recommended Best Practices for the use of attributes in DFN-AAI ====== |
(back to [[de:attributes|Übersicht]]) | (back to the [[de:attributes|Overview]] (de)) |
| |
You can find configuration samples for attribute resolver, attribute filter, and relying party configuration [[de:shibidp:config-attributes-aaiplus|on this page]]. | You can find configuration samples for attribute resolver, attribute filter, and relying party configuration [[de:shibidp:config-attributes-aaiplus|on this page]]. |
^ 1.1 Omni-directional, non-targeted ^^ | ^ 1.1 Omni-directional, non-targeted ^^ |
| ''urn:oasis:names:tc:SAML:attribute:subject-id'' [[de:common_attributes#a16|docs]] (de)| recommended | | | ''urn:oasis:names:tc:SAML:attribute:subject-id'' [[de:common_attributes#a16|docs]] (de)| recommended | |
| ''eduPersonUniqueId'' [[de:common_attributes#a12|docs]] (de) | deprecated - the value in front of the scope must be identical to the value of the subject-id | | | ''eduPersonUniqueId'' [[de:common_attributes#a12|docs]] (de) | deprecated - the value in front of the scope should - if ever possible - be identical to the value of the subject-id | |
| <del>''eduPersonPrincipalName''</del> | do not use! | | | <del>''eduPersonPrincipalName''</del> | do not use! | |
| <del>''mail''</del> | do not use as identifier! | | | <del>''mail''</del> | do not use as identifier! | |
^ 1.2 Pairwise / targeted ^^ | ^ 1.2 Pairwise / targeted ^^ |
| ''urn:oasis:names:tc:SAML:attribute:pairwise-id'' [[de:common_attributes#a17|docs]] (de) | recommended - stored Id! (plus scope)| | | ''urn:oasis:names:tc:SAML:attribute:pairwise-id'' [[de:common_attributes#a17|docs]] (de) | recommended - stored Id! (plus scope)| |
| ''eduPersonTargetedID'' [[de:common_attributes#a11|docs]](de) | deprecated - value must be identical to the pairwise-id (the part in front of the scope) | | | ''eduPersonTargetedID'' [[de:common_attributes#a11|docs]](de) | deprecated - value should - if ever possible - be identical to the pairwise-id (the part in front of the scope) | |
| ''persistent Id'' (SAML2 Name ID) | deprecated - value must be identical to the pairwise-id (the part in front of the scope) | | | ''persistent Id'' (SAML2 Name ID) | deprecated - value should - if ever possible - be identical to the pairwise-id (the part in front of the scope) | |
^ 1.3 Others ^^ | ^ 1.3 Others ^^ |
| ''transient Id'' ( SAML2 Name ID) | recommended (required for Logout) | | | ''transient Id'' ( SAML2 Name ID) | recommended (required for Logout) | |