...
Therefore, a modest proposal would be to use the convention undefined@domain to represent user affiliation inferred from the IdP used to authenticate in the current session.
Examples in scoped role format:
- undefined@berkeley.edu
- undefined@wisc.edu
- undefined@google.comĀ
Examples in IdPId format:
- http://berkeley.edu
- http://wisc.edu
- http://google.com
...