OpenSAML user discussion

[Tom Scavo <>]

On 5/12/05, Budi Boentaran 
<>
 wrote:
> 
> What is the purpose/usage of NameIdentifier / NameQualifier in the Subject?

This is one case at least where the SAML names are transparent. 
NameIdentifier is a unique name (unique in the space of names known to
the producing entity) for the Subject.  NameQualifier is an optional
value used to qualify the Subject name, presumably to insure
uniqueness in the space of names known to the consuming entity.

If you haven't done so already, you should read [SAMLCore] about the
NameIdentifier element.  There you will find this example:

<NameIdentifier 
  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> 
  

</NameIdentifier>

This example does not have a NameQualifier attribute, which suggests
its lack of relative importance.  Usually the value of the
NameQualifier attribute is the unique identifier (providerId) of the
producing entity.  This qualifier travels around with the
NameIdentifier wherever it goes.

The Format attribute shown in the example is very important.  It
conveys to the consuming entity the underlying semantics of the
NameIdentifier value.  A limited number of Formats are available in
SAML 1.1.  More have been added in SAML 2.0.

Hopefully this is enough to get you started.

Tom