A Shibboleth handle (ShibHandle) is a proprietary NameIdentifierFormat introduced by Shibboleth 1.x:
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="https://idp.example.org/shibboleth"> 3f7b3dcf-1674-4ecd-92c8-1544f346baf8 </saml:NameIdentifier> </saml:Subject>
Being an opaque identifier, a ShibHandle addresses privacy concerns lacking in SAMLÂ 1.1.
There are two implementations of the Shibboleth handle: SharedMemoryShibHandle and CryptoShibHandle. The SharedMemoryShibHandle implementation maintains state at the IdentityProvider, whereas the CryptoShibHandle does not.