Subject RE: (fwd) New version of eduPerson now entering last call
From "Jones, Mark B" <Mark.B.Jones@xxxxxxxxxxx>
Date Fri, 7 Jun 2013 09:08:45 -0500

eduPersonUniqueID is not in my opinion intended to hold national ID numbers.  This may need to start a discussion about a national ID attribute.


From: Hildegunn Vada [mailto:hildegunn.vada@xxxxxxxxxx]
Sent: Friday, June 07, 2013 5:50 AM
To: refeds@xxxxxxxxxx
Subject: Re: [refeds] (fwd) New version of eduPerson now entering last call




In Norway (Feide) we have used the norEduPersonNIN attribute for many years now, and it looks a lot like the proposed eduPersonUniqueID. But we have encountered some problems:

  • we have no way of knowing the origin of the number
  • it is single valued


What we would like is an attribute like eduPersonUniqueID that is

  • prefixed - so we can know the origin of the number
  • multivalued - so that we can keep track of the person's history


An example: Say that a Spanish lecturer is coming to Norway to work. According to Norwegian legislation, she would first get a DUF-number. After a while, she will get a D-number. And if she stays long enough, she will eventually get a national identity number. Today - norEduPersonNIN has to be changed every time she gets a new number, and since it is single valued, a lot of services have to create a new user account every time she gets a new number.


If we could store all those values in a single attribute, it would be possible for the services to recognize the user over time. 


Another example - a Swedish student is going to study at a Norwegian university: If we could prefix the number, we could use the student's national ID number from Sweden, knowing it was a Swedish number and being sure it was a unique number. Today the student will get an internal ID number at the university, but there are no ways to guarantee (inter)national uniqueness. 


We have looked at the SCHAC attribute "schacPersonalUniqueID", and we find it very promising, but we would rather use an attribute from eduPerson, since all the home organizations already are using eduPerson. 


Have you discussed the possibility of making "eduPersonUniqueID" prefixed and multivalued?



Best regards,


Hildegunn Vada

 Feide Support <support@xxxxxxxx>
 Feide is a project hosted at UNINETT AS -





Attachment: smime.p7s
Description: S/MIME cryptographic signature