SAML/PersonIdentifier

PersonIdentifier eli Unique Identifier on SAML-yhteyskäytännössä henkilön yksilöivä muoto joka ottaa huomioon eri maiden päällekkäiset tunnusavaruudet. Tunnus muodostuu kolmesta osasta^[1].

<ISO 3166-1>/<ISO 3166-1>/<EID>

Jossa:

kauttaviiva on kenttien erotin
ensimmäinen kenttä on kansallinen maatunnus
toinen kenttä on vastaanottavan maan tai yhteisön maatunnus
kolmas kenttä on yksilöitävä henkilö

Maatunnuksista EU varattu Euroopan instituutoille. Suomalaisessa tapauksessa EID on FINEID, eli SATU. EID:ssä ei saa olla whitespace-merkkiä. ^[1]

Esimerkki:

EE/FI/37207300043

virolaisella kortilla, suomalaisessa palvelussa todennettu henkilö.

FI/FI/10000350X

suomalaisella kortilla, suomalaisessa palvelussa todennettu henkilö?

Katso myös

SAML

Lähteet

↑ ^1,0 ^1,1 Tiedosto:EIDAS SAML Attribute Profile.pdf 2.2.3 Unique Identifier (mandatory) The unique identifier consists of: 1. The first part is the Nationality Code of the identifier This is one of the ISO 3166-1 alpha-2 codes, followed by a slash (“/“)) 2. The second part is the Nationality Code of the destination country or international organization. This is one of the ISO 3166-1 alpha-2 codes, followed by a slash (“/“) 3. The third part a combination of readable characters This uniquely identifies the identity asserted in the country of origin but does not necessarily reveal any discernible correspondence with the subject's actual identifier (for example, username, fiscal number etc) Example: ES/AT/02635542Y (Spanish eIDNumber for an Austrian SP) 2.5 Unique Identifier Usage It is the responsibility of the operating or commissioning Member State to determine how a Unique Identifier is created. As a baseline requirement the Unique Identifier should not include elements that directly identify the Principal. This follows the requirement for a persistent name identifier in SAML- CORE-2.0, which states that persistent identifiers “MUST be constructed using pseudo- random values that have no discernible correspondence with the subject's actual identifier (for example, username).” Hashing of Unique Identifiers is permitted although this is not mandated for eIDAS. The Unique Identifier MUST NOT contain any whitespace. It is recommended that the Unique Identifier is at least 32 characters in length. Viitattu: 2021-02-12

[eidas-saml-attribute-profile-1.1-1] 1,0 ^1,1 Tiedosto:EIDAS SAML Attribute Profile.pdf 2.2.3 Unique Identifier (mandatory) The unique identifier consists of: 1. The first part is the Nationality Code of the identifier This is one of the ISO 3166-1 alpha-2 codes, followed by a slash (“/“)) 2. The second part is the Nationality Code of the destination country or international organization. This is one of the ISO 3166-1 alpha-2 codes, followed by a slash (“/“) 3. The third part a combination of readable characters This uniquely identifies the identity asserted in the country of origin but does not necessarily reveal any discernible correspondence with the subject's actual identifier (for example, username, fiscal number etc) Example: ES/AT/02635542Y (Spanish eIDNumber for an Austrian SP) 2.5 Unique Identifier Usage It is the responsibility of the operating or commissioning Member State to determine how a Unique Identifier is created. As a baseline requirement the Unique Identifier should not include elements that directly identify the Principal. This follows the requirement for a persistent name identifier in SAML- CORE-2.0, which states that persistent identifiers “MUST be constructed using pseudo- random values that have no discernible correspondence with the subject's actual identifier (for example, username).” Hashing of Unique Identifiers is permitted although this is not mandated for eIDAS. The Unique Identifier MUST NOT contain any whitespace. It is recommended that the Unique Identifier is at least 32 characters in length. Viitattu: 2021-02-12

[1]

SAML/PersonIdentifier

Katso myös

Lähteet

Navigointivalikko

Henkilökohtaiset työkalut

Nimiavaruudet

Kirjoitusjärjestelmät

Näkymät

Muut

Haku

Valikko

Työkalut