Persistent Assertion/Subject/NameID from LDAP Attribute

Cantor, Scott cantor.2 at
Thu Aug 9 17:12:30 EDT 2012

> On another Google tangent, they recommend
> "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" for use with their
> Apps.  Of course that's for a user name, not necessarily an email.

That's correct. Specifically it means nothing, unspecified is not an implication of anything.

> Since I see that the SAML 1.1 email format is listed in the SAML 2.0 core
> document.  Should I conclude that it is to be used with SAML 2.0?  I.e. they
> just didn't think they needed to re-invent the wheel?

Yes. We did not create new format identifiers for things that were not changing semantics (and to be clear, none of those 1.1 formats actually have any semantics, they're just very loosely specified syntactical beasts). The new 2.0 formats tended to have actual semantic implications, which is a reflection of my approach to these issues (as most of SAML 2.0 is in some sense).

-- Scott

More information about the users mailing list