...
| Name | Community User Identifier |
|---|---|
| Description | User’s Community Identifier is an opaque and non-revocable identifier (i.e. it cannot change over time) that follows the syntax of eduPersonUniqueId attribute of eduPerson. It consists of “uniqueID” part and fixed scope “myaccessid.org”, separated by at sign. The uniqueID part contains up to 64 hexadecimal digits (a-f, 0-9) |
| SAML Attribute(s) | - urn:oasis:names:tc:SAML:attribute:subject-id - 1.3.6.1.4.1.5923.1.1.1.13 (eduPersonUniqueId) |
| OIDC claim(s) | sub (public) |
| OIDC claim location | The claim is available in: ☑ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
| OIDC scope | openid |
| Origin | MyAccessID assigns this attribute to a user when they register on the Service |
| Changes | No |
| Multiplicity | Single-valued |
| Availability | Mandatory |
| Example | 28c5353b8bb34984a8bd4169ba94c606@MyAccessID.org |
| Notes | eduPerson defines the comparison rule caseIgnoreMatch for eduPersonUniqueID. Relying services are encouraged to validate the scope of this attribute against the values permitted for MyAccessID. MyAccessID makes exclusive use of scope MyAccessID.org“. The MyAccessID identifier and username “test@MyAccessID.org” are test accounts reserved for testing and monitoring the proper functioning of the MyAccessID Login. The Relying parties should not authorise it to access any valuable resources. |
...