skip to main content

Directory Services Attribute

Higher Ed Anonymous Identifier (eduPersonTargetedID)

Attribute details

LDAP eduPersonTargetedID attribute properties, usage and population rules
Definition: A persistent, opaque identifier for the account holder given to a Service Provider. The identifier sent by the Texas A&M Identity Provider is unique for an account holder/Service Provider pair.

This identifier facilitates long-term user sessions, but cannot be used to identify the account holder.

Because each Service Provider receives a different identifier, this attribute preserves the account holder's privacy and inhibits the ability of multiple unrelated services from correlating user activity by comparing eduPersonTargetedID values.
Attribute Name: 'eduPersonTargetedID'
OID: 1.3.6.1.4.1.5923.1.1.1.10
URN: urn:oid:1.3.6.1.4.1.5923.1.1.1.10
Multiple Values: Multi-valued
Format: Directory String
Search Syntax: EQUALITY caseIgnoreMatch
Controlled Vocabulary: not applicable
Source: This attribute is not populated in LDAP. Rather the private identifiers are generated by Shibboleth and included in the returned data stream when pertinent.

Directory-specific details

LDAP eduPersonTargetedID attribute properties that are dependent on directory branch or object class configuration
  Enterprise Directory
People Branch
Directory URL: ldap.tamu.edu
Object Class: eduPerson
Required: no
Indexing: none
Access: none
Usage: Identity or Service Providers or directory-enabled applications with the need to link an external account to an internal account or correlate user activity across multiple sessions.
Example(s): https://idp.idp.tamu.edu/shibboleth!https://sp.teela.tamu.edu/shibboleth!5o59AW4+cp7oOjkzJ0XCVJtN11c=