Versions Compared

Old Version 9

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 10

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

The name format for a persistent ID in SAML 1 and 2.0 is "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent". There is no standard SAML 1.1 <NameIdentifier> format that corresponds to this concept, so it's suggested to stick with encoding the information into a SAML attribute.

Release the Attribute

Finally, define an attribute filter policy that releases the persistent ID to the intended relying parties. Since persistent IDs are opaque, and thus not personally identifiable, they are safe to release to anyone. Therefore the following attribute filter policy is suggested but others may be used at the deployer's discretion.

...