The eduPersonTargetedID (ePTID) attribute provides a persistent user pseudonym, which is distinct for each user and service provider. As such it can be used to support functions such as personalisation or usage profiling in a way that does not reveal the user's identity or allow collusion between SPs.
The Internet2 IdP software can generate ePTID on the fly by hashing the identity of the user and the SP with a secret. Alternatively, and perhaps better, ePTIDs can be generated when first required and then stored keyed to the user and SP identity. This latter approach allows ePTIDs to be changed if their anonymity is compromised, or to be maintained across a change to the representation of user or SP identity.