SWITCH edu-ID Identifiers

SWITCH edu-ID offers a variety of identifiers that can be used for different purposes. The table below should help you to keep an overview and to choose the right identifiers for the various applications.

Identifiers to Identify a Person

The following identifiers can be used by services (relying parties) to identify a person. It is in general not recommended to identify a person by her e-mail address.

Identifier and Specification Description Example Values and Recommendation
pairwise-id This is a long-lived identifier suitable for use as a unique external key specific to a particular person for a service.

91Q1FA35HPDA1Q0ZUAXOTXUOW0ONI9V7@eduid.ch
TQU0L545671232JF60WUEMP940A4PF5G@university.ch

Use this identifier

  • for increased data protection (the identifiers of a person in different services cannot be correlated)
  • to query user attributes out-of-band.
subject-id This is a long-lived, opaque identifier suitable for use as a globally-unique external key. 

206519674592@eduid.ch
185953445717@university.ch

Use this identifier if user correlation across services is required and if all IdP that are relevant for the service support it. This ensures long-term interoperability in the national edu-ID federation and the eduGAIN interfederation.

For all organisations with edu-ID adoption, subject-id contains the same value as swissEduPersonUniqueID.

swissEduPersonUniqueID This is a long-lived, opaque identifier suitable for use as a globally-unique external key.

206519674592@eduid.ch
185953445717@university.ch

Use this identifier if user correlation across services is required.

This identifier is only used in the SWITCHaai federation and is issued only by Swiss institutions. Swiss institutions generally will use the value of the swissEduPersonUniqueID attribute also for the eduPersonUniqueID, eduPersonPrincipalName and the subject-id identifiers.

 schacPersonalUniqueCode

European Student Identifier (ESI)

This is a medium-term-lived, opaque identifier suitable for use as a globally-unique external key.

urn:schac:personalUniqueCode:int:esi:unige.ch:xyz123abc

Use this identifier to identify a student before, during, and after a stay at a partner university.

Other identifiers for special purposes:

  • eduPersonUniqueID: If a services also has users from other federations via eduGAIN, this identifier can be used instead of the swissEduPersonUniqueID. However, this identifier is not supported by all foreign Identity Providers.
    For all organisations with edu-ID adoption, this identifier contains the same value as swissEduPersonUniqueID.
  • eduPersonPrincipalName: If a services also has users from other federations via eduGAIN, this identifier can be used instead of the swissEduPersonUniqueID. This identifier is well supported by all foreign Identity Providers.
    For all organisations with edu-ID adoption, this identifier contains the same value as swissEduPersonUniqueID.
  • uid: Use this identifier only for services of one single institution because it is not globally unique.

A good overview with more in-depth information on identifier attributes can also be found here.

Identifiers to Link a Person to other Identities

These identifiers are used to link an edu-ID account with accounts from other independent IDMs. Use these identifiers when the service has to establish a connection to accounts in the external IdM.

Deprecated Identifiers

The following identifiers are deprecated and should no longer be used:

  • eduPersonTargetedID: Instead use the pairwise-id or use the persistent NameID format. The main reasons why it is deprecated is that it is case-sensitive, which brings it's own problems and that its XML-based structure is poorly supported by less frequently used SAML implementations.