EPPN and eduPersonTargetedID

Tom Scavo trscavo at gmail.com
Tue Sep 2 16:40:14 EDT 2014

(again off-topic...you can shift this over to the InC participant's
list if you want)

On Tue, Sep 2, 2014 at 3:12 PM, Ken Weiss <ken.weiss at ucop.edu> wrote:
> It would be nice if every institution
> that's part of the InCommon federation agreed on an identifying attribute

Like it or not, that attribute is ePPN, which I believe is supported
by almost all IdPs. The eduPersonTargetedID attribute is supported by
less than half of the IdPs (based on incomplete data cited earlier).
The eduPersonUniqueId attribute is new and virtually non-existent.

> and assured that the value for that attribute would be stable for the
> duration of an individual's association with the institution and never
> re-assigned to a different individual.

That's a tall order but note that stability and non-reassignability
are independent characteristics.

> I thought that was EPPN, but clearly, I thought wrong.

It is what it is, I'm afraid. ePPN is universally supported so it
makes sense to build an app around that assumption. Of the two
characteristics you mentioned, non-reassignability is critical (for
some apps) so in that case you have to workaround it.


More information about the users mailing list