Introduction

The auEduPersonSharedToken attribute is a unique identifier that permits identifying a user across federation spanning services such as Grid and Repositories. A set formula generates a unique single-value per user when necessary. The persistentNameID attribute is a more appropriate, privacy-preserving attribute. The AAF article Selecting a Primary Identifier for Applications contains more detail on selecting a suitable application primary identifier.


Details

The AAF has found that several service providers are using, or have made a request to use, auEduPersonSharedToken attribute for services other than its intended purpose. By design, this is problematic because auEduPersonSharedToken does not preserve a user's privacy between services.


The AAF is restricting access to the auEduPersonSharedToken and will review requests for its use. The AAF wishes to encourage services to use the more suitable persistentNameID attribute, which is the preferred per-service unique identifier.


If a service requires the auEduPersonSharedToken attribute, please contact [email protected], and a review of your use case will occur.

 

Links

AAF Attribute Definitions

https://validator.aaf.edu.au/documentation

auEduPersonSharedToken

https://validator.aaf.edu.au/documentation/attributes/oid:1.3.6.1.4.1.27856.1.2.5

eduPersonTargetedID

https://validator.aaf.edu.au/documentation/attributes/oid:1.3.6.1.4.1.5923.1.1.1.10

persistentNameID

https://validator.aaf.edu.au/documentation/attributes/urn:oasis:names:tc:SAML:2.0:nameid-format:persistent