The definition of principal

Mike Flynn shibbolethlynda at
Fri Sep 26 10:54:48 EDT 2014

I am currently having a conversation with SuccessFactors / BizX with regard to their requiring that we use nameID as a unique, immutable ID token for the user.  Typically we use things like targeted-id/eppn/UID etc - Attributes passed to us.  I am trying to understand the following:
Is this appropriate?If appropriate, can I configure my SP (v2.3.1) to pass nameID to the protected resource in some fashion?  Should I expect Successfactors to pass it as an attribute?

     On Thursday, September 25, 2014 12:40 PM, Mike Flynn <shibbolethlynda at> wrote:

 In the OASIS docs, I see this:
The optional <Subject> element specifies the principal that is the subject of all of the (zero or more)statements in the assertion.
In the glossary it is defined as this:
A system entity whose identity can be authenticated. [X.811]

What exactly is meant by system entity?  Does the principal in an assertion have any association with the user specific data being passed as attributes?

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list