...
The identifier MUST be constructed as a locally unique value followed by “@” and a scope (security domain). The scope typically corresponds to the organization’s domain name, but is not limited to it, and MUST be declared in the Identity Provider’s metadata (Scope the <shibmd:Scope> element). The combination of identifier and scope uniquely identifies the subject within the federation.
...
The identifier MUST be constructed as a locally unique identifier followed by “@” and a scope (security domain). The scope typically corresponds to the organization’s domain name, but is not limited to it, and MUST be declared in the Identity Provider’s metadata (Scope the <shibmd:Scope> element).
| Name | https://openfed.se/attributes/pairwise-id |
|---|---|
| Friendly Name | pairwise-id |
| Data Type | xs:string |
| Multi-valued | NO |
| Scoped | YES |
| Reference | urn:oasis:names:tc:SAML:attribute:pairwise-id |
| Example | 9d666d80-c634-4f12-838b-c667de76762b@example.org |
...