The format value
MUST be a URI reference. The
following URI references are defined
by this specification, where only the fragment
identifier portion is shown, assuming
a base URI of the SAML assertion
namespace name.
#emailAddress
Indicates that the content of the NameIdentifier element is in the
form of an
email
address, specifically
"addr-spec" as defined
in section 3.4.1 of RFC 2822
[RFC 2822]. An addr-spec has the
form local-part@domain.
Note that an addr-spec
has no phrase
(such as a common name) before it, has no comment (text
surrounded in
parentheses) after it, and is not surrounded by "<" and
">".
#X509SubjectName
Indicates that the content of the NameIdentifier element is in the form specified for
the
contents
of <ds:X509SubjectName> element in [DSIG]. Implementors should
note that
[DSIG] specifies encoding rules
for X.509 subject names
that differ from the
rules given in RFC2253
[RFC2253].
#WindowsDomainQualifiedName
Indicates that the content of the NameIdentifier element is a Windows domain qualified
name. A
Windows domain qualified user name is
a string of the form
"DomainName\UserName".
The domain name and "\" separator
may be omitted.
The following schema
fragment defines the <NameIdentifier> element and its
NameIdentifierType:
<element name="NameIdentifier"
type="saml:NameIdentifierType">
<complexType
name="NameIdentiferType">
<simpleContent>
<xsd:extension base="xsd:string">
<attribute name="NameQualifier" type="string"
use="optional">
<attribute name="Format"
type="anyURI" use="optional">
</simpleContent>
</complexType>
The interpretation of the NameQualifier, and NameIdentifier's content in the case of a Format
not specified in this document, are left to individual
implementations.
Regardless of format, issues of anonymity,
pseudonymity, and the persistence of the identifier with
respect to the asserting and relying parties, are
also
implementation-specific.