This is a proposal for a new identifier with the following characteristics:
- globally unique
- persistent
- non-reassigned
- transparent
- value syntax: unspecified
Recall that a persistent identifier is not necessarily permanent. Indeed, the IdP or the user may discontinue use of a persistent identifier at any time.
A word about the transparency requirement: it must be possible to display the identifier to a user for the purposes of consent. Note that the eduPersonTargetedID identifier does not satisfy this requirement.
The eduPersonPrincipalName identifier satisfies the above requirements if it happens to be non-reassigned in practice (which we now know is a common practice, at least within the InCommon Federation). However, the value syntax of the proposed identifier is intentionally unspecified to allow for a portable identifier that persists even if the user changes their affiliation.