28
Name Identity Format
<Subject>
<NameID
Format="Name Identity Format
(URN)">
--
name identifier (string) --
</NameID>
</Subject>
SAML
provides a number of different URNs for indicating how to interpret the content of <NameID>:
Format:
email address
X.509 subject name
Windows domain name
Kerberos principal name
Persistent identifier
Transient identifier
Unspecified
URN:
urn:oasis:names:tc:1.1:nameid-format:emailAddress
urn:oasis:names:tc:1.1:nameid-format:X509SubjectName
urn:oasis:names:tc:1.1:nameid-format:WindowsDomainQualifiedName
urn:oasis:names:tc:1.1:nameid-format:Kerberos
urn:oasis:names:tc:1.1:nameid-format:persistent
urn:oasis:names:tc:1.1:nameid-format:transient
urn:oasis:names:tc:1.1:nameid-format:unspecified
Example Content:
j.doe@acompany.com
DigSig name
MITRE\costello
name[/instance]@REALM
See Note
See Note
The interpretation of the
content of <NameID> is
left to individual
implementations (this is
the default)
Note: persistent and transient indicate that the subject
is being
identified using a random generator, to protect his/her
privacy.
