Persistent Assertion/Subject/NameID from LDAP Attribute

Henry B. Hotz hotz at
Thu Aug 9 16:56:29 EDT 2012

That's a good page, thanks.  (Not the one Google sends you to if you think the opposite of "transient" is a good search term.)

On another Google tangent, they recommend "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" for use with their Apps.  Of course that's for a user name, not necessarily an email.

Since I see that the SAML 1.1 email format is listed in the SAML 2.0 core document.  Should I conclude that it is to be used with SAML 2.0?  I.e. they just didn't think they needed to re-invent the wheel?

On Aug 9, 2012, at 8:17 AM, Chad La Joie wrote:

> Right, as documented here:
> On Thu, Aug 9, 2012 at 11:01 AM, Cantor, Scott <cantor.2 at> wrote:
>> In part. There's also a precedence setting in the relying party file that
>> tells it what formats to "prefer" for a given SP or set of SPs, and that
>> plus the filter policy results in a set of candidate NameID possibilities
>> that gets randomly picked from.
> -- 
> Chad La Joie
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the users mailing list