Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NameCommunity User Identifier
Description

User’s Community Identifier is an opaque and non-revocable identifier (i.e. it cannot change over time) that follows the syntax of eduPersonUniqueId  attribute of eduPerson.

It consists of “uniqueID” part and fixed scope “myaccessid.org”, separated by at sign. The uniqueID part contains up to 64 hexadecimal digits (a-f, 0-9)

SAML Attribute(s)

- urn:oasis:names:tc:SAML:attribute:subject-id

- 1.3.6.1.4.1.5923.1.1.1.13 (eduPersonUniqueId)
- urn:oasis:names:tc:SAML:attribute:subject-id- Legacy - to be deprecated

OIDC claim(s)sub (public)
OIDC claim locationThe claim is available in:

ID token
Userinfo endpoint
Introspection endpoint
OIDC scopeopenid
OriginMyAccessID assigns this attribute to a user when they register on the Service
ChangesNo
MultiplicitySingle-valued
AvailabilityMandatory
Example28c5353b8bb34984a8bd4169ba94c606@MyAccessID.org
Notes

eduPerson defines the comparison rule caseIgnoreMatch for eduPersonUniqueID. 

Relying services are encouraged to validate the scope of this attribute against the values permitted for MyAccessID. MyAccessID makes exclusive use of scope MyAccessID.org“. 

The MyAccessID identifier and username “test@MyAccessID.org” are test accounts reserved for testing and monitoring the proper functioning of the MyAccessID Login. The Relying parties should not authorise it to access any valuable resources.

...