The auEduPersonSharedToken attribute is a unique identifier that allows federation-spanning services to recognise when the same user has logged into different components of a service. To date, very few such services exist. However, this may change as the federation grows and introduces more advanced integration options. In addition, other attributes now exist — such as eduPersonORCID and samlSubjectID — which offer alternative mechanisms for identifying users across services.

A key requirement of the auEduPersonSharedToken is portability, enabling users to transfer their shared token value when moving between organisations. Unfortunately, most users are unaware that this is possible, and many organisations do not currently provide a process to support it.

It’s important to note that auEduPersonSharedToken is an AAF-specific attribute and is not recognised by other federations, which limits its utility for enabling federation-spanning services globally. In contrast, samlSubjectID is better positioned to fulfil this role on an international scale.

The AAF is currently considering deprecating the auEduPersonSharedToken in favour of eduPersonORCID and samlSubjectID as potential replacements. This change would require a review of the AAF Federation Rules to remove all references to the attribute.

In terms of the 2025 compliance, for RapidIdP customers, the AAF does have a mechanism in place for transferring the auEduPersonSharedToken, as required under section 8.13 of the AAF Federation Rules.