...
- eduPersonPrincipleName - A "scoped" identifier that consists of two parts, a local identifier within the originating institution and an identifier for the institution, for example, John.Smith@ucmerced.edu. EduPersonPrincipleName eduPersonPrincipleName provides global uniqueness throughout InCommon, but different institutions will assert different values for a person who has affiliations with those multiple institutions, and it is not defined to be persistent over time; it can be reassigned to another person.
- eduPersonTargetedID - Also a "scoped" identifier, so it is globally unique throughout InCommon. It is also defined to be persistent over time, so it cannot be reassigned to another person. It enhances privacy, as the value of eduPersonTargetedID is different for different target services. Unfortunately, it is difficult for an application to determine a person's eduPersonTargedID before the person's first session with the application, so it is not usable for applications that require their users to be provisioned before the first session. There has been recent work (see http://staff.washington.edu/fox/notes/tgtid.shtml), though, that could make eduPersonTargetedID useful when provisioning is required by providing an IdP control over its values.
- UCnetID - UCnetID is a ten-digit number that is unique throughout UC, and all UC locations will assert the same value for people who have multiple affiliations within UC. It is defined to be persistent over time and cannot be reassigned to another person. In order to assure the same value across all of UC, a person's Social Security Number and date of birth are used to create a new UCnetID, so it is currently valid only for UC employees.
...