The following is a list of the core and conditional attributes available to Service Providers in the federation. Service Providers consume user attributes sent by Identity Providers to make authorisation decisions and to manage users' experiences with a service. 


To receive user attributes, a Service Provider must have an AAF subscription or an affiliation to an organisation who is a subscriber. Service Providers should select only those attributes necessary to provide a service effectively. Identity Providers collect and generate attributes for their users. On user access to a Service Provider, the Service Provider may request some or all user attributes from a user's Identity Provider.  The Identity Provider will release user attributes to the Service Provider only with a user's consent. 

An organisation which offers a Service Provider may also host an Identity Provider which permits its members to use AAF services. The list of core attributes may evolve in response to the needs of AAF Subscribers. 

The AAF's reference definitions of core and optional attributes are accessible here

These attributes form the standard vocabulary for the federation and the higher education and research sector. Subscribers may find it useful to explore these attributes to gain a better understanding of their purpose. Identity Providers are only required to support those attributes in the core list.

AAF Core Attributes

Example Value
A unique identifier enabling federation spanning services such as Grid and Repositories. 

Use of auEduPersonSharedToken is now restricted and release to service providers is controlled (see addendum).
Jack Liam DoughertyPreferred name of a person to be used when displaying entries.
Specifies the person’s relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.
URI (either URN or URL) that indicates a set of rights to specific resources.
Specifies the person’s affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc.
eduPersonTargetedID!! cmWc3mKualJlxjAwfFdu2mVgRxw=
A persistent, non-reassigned, privacy-preserving identifier for a user shared between an identity provider and service provider. An identity provider uses the appropriate value of this attribute when communicating with a particular service provider or group of service providers, and does not reveal that value to any other service provider except in limited circumstances.



URI that describes the method(s) used to verify the person's identity.
Set of URIs that assert compliance with specific standards for identity assurance.
o (or organizationName)
The University of Queensland
Standard name of the top-level organization (institution) with which this person is associated.

Email address, single value. User’s preferred outward facing email address with regard to the organisation.
sn (surname)
Dougherty The person's surname
givenNameJackPerson's given or first name. a person ́s home organization using the domain name of the organization.
Type of Organization the user belongs too.
A scoped identifier for a person.

AAF Conditional Attribute

A set of Attributes selected by the Federation that all Identity Providers are required to support where they have implemented systems to support the Conditional Attributes.

AttributeExample ValueDescription
eduPersonOrcid iDs are persistent digital identifiers for individual  researchers. Their primary purpose is to unambiguously and definitively  link them with their scholarly work products. ORCID iDs are assigned,  managed and maintained by the ORCID organization.


Other Attributes

Some identity providers support additional attributes which may be found in the AAF Optional Attributes. In general a service provider should NOT rely on an optional attribute being available from an IdP unless they have consulted with the IdP previously.

If you would like the federation to consider promoting an optional attribute to CORE status please contact AAF Support to discuss your requirements.

Selecting a Primary User Identifier

The AAF provides the following advice on the selection of a primary identifier for use by an application:


AAF Attribute Vocabularies

AAF Production Attribute Validator

Why Is AuEduPersonSharedToken No Longer Available?

AAF Test Attribute Validator

eduPerson Schema

Selecting a Primary Identifier for Applications

SCHAC - SCHema for ACademia