Introduction
The auEduPersonSharedToken attribute is a unique identifier that permits identifying a user across federation spanning services such as Grid and Repositories. A set formula generates a unique single-value per user when necessary. The persistentNameID attribute is a more appropriate, privacy-preserving attribute. The AAF article Selecting a Primary Identifier for Applications contains more detail on selecting a suitable application primary identifier.
Details
The AAF has found that several service providers are using, or have made a request to use, auEduPersonSharedToken attribute for services other than its intended purpose. By design, this is problematic because auEduPersonSharedToken does not preserve a user's privacy between services.
The AAF is restricting access to the auEduPersonSharedToken and will review requests for its use. The AAF wishes to encourage services to use the more suitable persistentNameID attribute, which is the preferred per-service unique identifier.
If a service requires the auEduPersonSharedToken attribute, please contact support@aaf.edu.au, and a review of your use case will occur.
Links
AAF Attribute Definitions
https://validator.aaf.edu.au/documentation
auEduPersonSharedToken
https://validator.aaf.edu.au/documentation/attributes/oid:1.3.6.1.4.1.27856.1.2.5
eduPersonTargetedID
https://validator.aaf.edu.au/documentation/attributes/oid:1.3.6.1.4.1.5923.1.1.1.10
persistentNameID