...
| Table of Contents | ||||
|---|---|---|---|---|
|
Introduction
This specification defines standardised names and semantics for attributes that may be communicated within a SAML federation. The attribute set is intended as a reference data set of attributes that may be released to Relying Parties.
...
Where applicable, references to external attribute definitions are included, such as corresponding Object Identifiers (OIDs).
SAML Attribute Representation
When attributes defined in this specification are used, the following requirements apply:
- The
<saml:Attribute>element represents an attribute in SAML 2.0. - The
NameFormatattribute MUST have the valueurn:oasis:names:tc:SAML:2.0:attrnameformat:uri. - The
Nameattribute MUST contain a URI as defined in this specification. Attribute names are expressed as URIs in the form of URLs. - The
FriendlyNameattribute is OPTIONAL. - The data type of the
<AttributeValue>element isxs:stringusing UTF-8 encoding, unless otherwise specified in the attribute definition table. The type MAY be explicitly declared usingxsi:type="xs:string". - Attributes marked as non-multi-valued MUST NOT contain more than one
<AttributeValue>element. - Attributes marked as multi-valued MAY contain multiple
<AttributeValue>elements. - String matching SHOULD be performed using the
caseIgnoreMatchrule as defined in X.520.
Example
The following example illustrates how attributes defined in this specification may be represented in a SAML 2.0 assertion issued by an Identity Provider.
...
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string"> vole-x2h5-qmgi@minorganisation.se </saml2:AttributeValue>
</saml2:Attribute>
Attribute Definitions
subject-id
The attribute is a technical identifier assigned by the subject’s home organization to uniquely identify the subject across Relying Parties within the federation.
...
| Name | https://openfed.se/attributes/subject-id |
|---|---|
| Friendly Name | subject-id |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | YES |
| Reference | urn:oasis:names:tc:SAML:attribute:subject-id |
| Example | 12345678-abcd-1234-ef00-1234567890ab@example.org |
pairwise-id
The attribute is a technical identifier assigned by the subject’s home organization to uniquely identify the subject on a per–Relying Party basis.
...
| Name | https://openfed.se/attributes/pairwise-id |
|---|---|
| Friendly Name | pairwise-id |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | YES |
| Reference | urn:oasis:names:tc:SAML:attribute:pairwise-id |
| Example | 9d666d80-c634-4f12-838b-c667de76762b@example.org |
givenName
The given name (first name) of the subject.
| Name | https://openfed.se/attributes/givenName |
|---|---|
| Friendly Name | givenName |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | NO |
| Reference | urn:oid:2.5.4.42 |
| Example | Anna Maj |
sn
The surname (family name) of the subject.
| Name | https://openfed.se/attributes/sn |
|---|---|
| Friendly Name | sn |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | NO |
| Reference | urn:oid:2.5.4.4 |
| Example | Björklund |
displayName
A name that is suitable for display to end-users, typically a combination of given name and surname.
| Name | https://openfed.se/attributes/displayName |
|---|---|
| Friendly Name | displayName |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | NO |
| Reference | urn:oid:2.5.4.42 |
| Example | Anna Maj Björklund |
The email address of the subject.
...
*) The mail attribute MUST be treated as a scoped attribute if and only if the applicable attribute release policy explicitly designates it as scoped. Otherwise, it MUST be treated as non-scoped.
telephoneNumber
The telephone number of the subject.
...
| Name | https://openfed.se/attributes/telephoneNumber |
|---|---|
| Friendly Name | telephoneNumber |
| Data Type | xs:string |
| Multi-valued | YES |
| Scoped | NO |
| Reference | urn:oid:2.5.4.20 |
| Example | +4684523567 |
mobile
A mobile (cellular) telephone number of the subject.
...
| Name | https://openfed.se/attributes/mobile |
|---|---|
| Friendly Name | mobile |
| Data Type | xs:string |
| Multi-valued | YES |
| Scoped | NO |
| Reference | urn:oid:0.9.2342.19200300.100.1.41 |
| Example | +46704253567 |
o
The name of the organization to which the subject belongs.
| Name | https://openfed.se/attributes/o |
|---|---|
| Friendly Name | o |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | NO |
| Reference | urn:oid:2.5.4.10 |
| Example | Example Institute AB |
ou
The name of an organizational unit within the organization to which the subject belongs.
...
| Name | https://openfed.se/attributes/ou |
|---|---|
| Friendly Name | ou |
| Data Type | xs:string |
| Multi-valued | YES |
| Scoped | NO |
| Reference | urn:oid:2.5.4.11 |
| Example | Research and Development |
organizationIdentifier
A unique identifier for the organization to which the subject is affiliated.
...