The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.
NameIdentifierFormat
A NameIdentifierFormat is a URI associated with a particular type of NameIdentifier. Specifically, a NameIdentifierFormat is a value of the Format attribute of a <saml:NameIdentifier> element in SAMLOneDotOne or a <saml:NameID> element in SAMLTwoDotZero. SAMLOneDotOne defines a handful of such formats (see section 7.3 of [SAMLCore]):
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
None of the SAMLOneDotOne formats provide anonymity, which may be an issue for deployments that hope to maintain user privacy. The proprietary ShibHandle format specifically addresses this issue. Shibboleth also supports a PrincipalNameIdentifier format, primarily for testing.
SAMLTwoDotZero specifies the above formats together with the following formats (see section 8.3 of [SAML2Core]):
urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos urn:oasis:names:tc:SAML:2.0:nameid-format:entity urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient
In Shib 2.0, the transient format (above) will replace the current ShibHandle format.