Is urn: oasis: names: tc: SAML: 2.0: nameid-format: emailAddress valid NameID format?

@smartin - You seem to work at OneLogin and I posted a ticket about this recently :-). I think your guess is correct; someone saw that there is SAML 1.1 and SAML 2.0 and suggested that bug 1.1 urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

was a bug.

Section 8 of the spec document mentions this at the beginning:

The following sections define URI-based identifiers for common resource access actions, person name identifier formats, and attribute name formats. Whenever possible, the existing URN is used to define the protocol. In the case of IETF protocols, the URN of the current RFC itself is used, which defines the protocol. References to URIs created specifically for SAML have one of the following fundamentals as per the specification in which they were first introduced:

urn:oasis:names:tc:SAML:1.0:
urn:oasis:names:tc:SAML:1.1:
urn:oasis:names:tc:SAML:2.0:

      

        
        
        
      

    

http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Since the email address ID was introduced in SAML v1.1, this makes sense. Check out section 7 box and 7.3.2 here ( https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf ).

So tl; dr: urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress

conflicts with SAML 1.1 and SAML 2.0 specifications.