BaseID Name Identifiers

Peter Schober peter.schober at
Thu May 14 08:58:30 UTC 2020

* Ignacio Amoeiro Bosch <ignacio.amoeiro at> [2020-05-14 09:10]:
> Does Shibboleth supoprt BaseID Name Identifiers?

Looking at SAML 2.0 core, section 2.2.1:

  "The <BaseID> element is an extension point that allows applications
  to add new kinds of identifiers. Its BaseIDAbstractType complex type
  is abstract and is thus usable only as the base of a derived type."

that doesn't sound to me like you could use that "as is" as there's no
fixed contend model defined. ("usable only as the base of a derived type").
As such I can't imagine any software including "support" for that out
of the box in a meaningful way.

> Or is equivalent to NameID?

No, though NameIDs (and the NameIDType) are based on the abstract
BaseID type, quoting from section 2.2.2:

  "The NameIDType complex type is used when an element serves to
  represent an entity by a string-valued name. It is a more restricted
  form of identifier than the <BaseID> element and is the type
  underlying boththe <NameID> and <Issuer> elements."

I.e., NameIDs have string values and are fully defined by SAML core.
BaseIDs have an abstract and complex type, with no standardised
content anyone could implement support for, AFAIU.


More information about the users mailing list