Shibboleth Developers

["RL 'Bob' Morgan" <>]

On Mon, 1 Nov 2004, Alistair Young wrote:

> I looked at eduPersonTargetedID but the spec states that it can't be 
> shared across SP. i.e. you have to generate a unique one per SP. So it 
> has to be an opaque handle. In effect, a user has a different ID for 
> each SP - how to resolve those back to their real ID for assessment?

See much recent discussion on the Internet2 mace-dir list on this topic.
Result is that we will likely be revising the ePTID language to clarify 
its intent.  But in any case the choice of what makes an SP for purposes 
of sharing a targeted ID is up to the IdP.  That is, if it's useful for 
the IdP to give the same targetedID to several different apps so that they 
can correlate, it is entirely free to do so.  The point of "targeted" is 
that SPs have to assume, unless they know otherwise, that a particular tID 
is just for them and won't be meaningful to any other SP.

 - RL "Bob"