Persistence: Does not require a specific lifetime, but the association should be maintained longer than a single user interaction and long enough to be useful as a key for a particular service that is consuming it.
Privacy: This attribute is designed to preserve the user's privacy and inhibit the ability of multiple unrelated services from correlating user activity by comparing values. It is therefore required to be opaque.
Uniqueness: A value of this attribute is intended only for consumption by a specific audience of applications (often a single one). Values of this attribute therefore must be unique within the namespace of the identity provider and the namespace of the service provider(s) for whom the value is created. The value is "qualified" by these two namespaces and need not be unique outside them. Logically, the attribute value is made up of the triple of an identifier, the identity provider, and the service provider(s).
Reassignment: A distinguishing feature of this attribute is that it prohibits reassignment. Since the values are opaque, there is no meaning attached to any particular value beyond its identification of the user. Therefore particular values created by an identity provider must not be reassigned such that the same value given to a particular
The format comprises the entity name of the identity provider, the entity name of the service provider, and the opaque string value. These strings are separated by “!” symbols.
The attribute enables an organisation to provide a persistent, opaque, user identifier to a service provider. For each user, the identity provider presents a different value to each service provider to which the attribute is released.