SWITCH edu-ID Identifiers
SWITCH edu-ID offers a variety of identifiers that can be used for different purposes. The table below should help you to keep an overview and to choose the right identifiers for the various applications.
Identifiers to Identify a Person
The following identifiers can be used by services (relying parties) to identify a person. It is in general not recommended to identify a person by her e-mail address.
Identifier and Specification | Description | Example Values and Recommendation |
---|---|---|
pairwise-id | This is a long-lived identifier suitable for use as a unique external key specific to a particular person for a service. |
91Q1FA35HPDA1Q0ZUAXOTXUOW0ONI9V7@eduid.ch Use this identifier
|
subject-id | This is a long-lived, opaque identifier suitable for use as a globally-unique external key. |
206519674592@eduid.ch Use this identifier if user correlation across services is required and if all IdP that are relevant for the service support it. This ensures long-term interoperability in the national edu-ID federation and the eduGAIN interfederation. For all organisations with edu-ID adoption, subject-id contains the same value as swissEduPersonUniqueID. |
swissEduPersonUniqueID | This is a long-lived, opaque identifier suitable for use as a globally-unique external key. |
206519674592@eduid.ch Use this identifier if user correlation across services is required. This identifier is only used in the SWITCHaai federation and is issued only by Swiss institutions. Swiss institutions generally will use the value of the swissEduPersonUniqueID attribute also for the eduPersonUniqueID, eduPersonPrincipalName and the subject-id identifiers. |
schacPersonalUniqueCode |
European Student Identifier (ESI) This is a medium-term-lived, opaque identifier suitable for use as a globally-unique external key. |
urn:schac:personalUniqueCode:int:esi:unige.ch:xyz123abc Use this identifier to identify a student before, during, and after a stay at a partner university. |
Other identifiers for special purposes:
- eduPersonUniqueID: If a services also has users from other federations via eduGAIN, this identifier can be used instead of the swissEduPersonUniqueID. However, this identifier is not supported by all foreign Identity Providers.
For all organisations with edu-ID adoption, this identifier contains the same value as swissEduPersonUniqueID. - eduPersonPrincipalName: If a services also has users from other federations via eduGAIN, this identifier can be used instead of the swissEduPersonUniqueID. This identifier is well supported by all foreign Identity Providers.
For all organisations with edu-ID adoption, this identifier contains the same value as swissEduPersonUniqueID. - uid: Use this identifier only for services of one single institution because it is not globally unique.
A good overview with more in-depth information on identifier attributes can also be found here.
Identifiers to Link a Person to other Identities
These identifiers are used to link an edu-ID account with accounts from other independent IDMs. Use these identifiers when the service has to establish a connection to accounts in the external IdM.
- SWITCH edu-ID internal Identifier: swissEduID
- ORCID: eduPersonOrcid
Deprecated Identifiers
The following identifiers are deprecated and should no longer be used:
- eduPersonTargetedID: Instead use the pairwise-id or use the persistent NameID format. The main reasons why it is deprecated is that it is case-sensitive, which brings it's own problems and that its XML-based structure is poorly supported by less frequently used SAML implementations.