diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 30ab9c8cea0e3af7f81693d300e7db6833f026bd..bfdc68cb5f7da6f14f7fd7e6c6ff16fe49cf1089 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -1071,13 +1071,45 @@ class TgExtra {
       }
 
     }
+    return $result;
+  }
 
 
-    return $result;
+  // -----------------------------------------------------
+  // Function: getEPPN
+  // Input: auth / xsd:string
+  //        log / xsd:string
+  //        secret / xsd:string
+  // Output: eppn / xsd:string
+  // Description
+  //   Returns the TextGrid ID (ePPN) of a session user
+  // -----------------------------------------------------
+  public function getEPPN ( $inRequest ) {
+
+    $result = new StdClass();  // The return-result
 
+    if ($inRequest->secret !== $this->config->getValue( "SIDcheck", "secret" ) ) { 
+      return new SoapFault( "authenticationFault",
+                            $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+                            get_class( $this ),
+		            $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+    }
+
+    try {
+      $result->eppn = $this->rbac->sessionUser( $inRequest->auth );
+    } catch (Fault $f) {
+      return new SoapFault( "authenticationFault",
+                            $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+                            get_class( $this ),
+                            $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+    }
+    return $result;
   }
 
 
+
+
+
   // -----------------------------------------------------
   // Function: getUUID
   // Input: auth / xsd:string
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getEPPN.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getEPPN.php
new file mode 100755
index 0000000000000000000000000000000000000000..ab6fa3611a37588506fc21f5686d7d370b4cb4b7
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/getEPPN.php
@@ -0,0 +1,66 @@
+<?php
+// #######################################################
+// Author: Martin Haase / DAASI / TextGrid
+// Creation date: 17.11.2010
+// Modification date: 17.11.2010
+// Version: 0.0.1
+// #######################################################
+
+
+$soapExtra = new SoapClient( "../wsdl/tgextra.wsdl" );
+
+
+echo "<BODY><HTML>";
+
+
+
+
+if( isset( $_POST['auth'] ) ) {
+
+  // -----------------------------------------------------
+  // If this was successfull you can add a the user you
+  // wish to create
+  // -----------------------------------------------------
+  $Req = new StdClass();
+  $Req->auth = $_POST['auth'];
+  $Req->log = "";
+  $Req->secret = $_POST['secret'];
+
+
+  echo "<HR/>";
+  echo "Looking for ePPN...<BR/>";
+
+  try {
+
+    $response = $soapExtra->getEPPN( $Req );
+
+    if( $response->eppn ) {
+
+      echo "Owner of this session: " . $response->eppn;
+
+    }
+    else {
+
+     echo "UNABLE TO COMMIT...";
+
+    }
+
+  }
+  catch( SoapFault $f ) {
+
+    echo "SOAP FAULT!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail;
+
+  }
+
+}
+
+
+echo "<FORM action=\"getEPPN.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
+echo "Auth: <INPUT type=\"text\" name=\"auth\" value=\"\"><BR>\n";
+echo "Session Check Secret: <INPUT type=\"text\" name=\"secret\" value=\"\"><BR>\n";
+echo "<INPUT type=\"submit\" value=\"Commit...\">\n";
+echo "</FORM>\n";
+
+echo "</BODY></HTML>";
+
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
index c74c36feda564804a29811992b328298f03cded8..119c8a9e1b827352beccd27ee1ef61d313c86c95 100644
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
@@ -369,6 +369,23 @@
           </xsd:sequence>
         </xsd:complexType>
       </xsd:element>
+<!-- #### getEPPN #### //-->
+      <xsd:element name="getEPPNRequest">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+            <xsd:element name="log" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+            <xsd:element name="secret" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="getEPPNResponse">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="eppn" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
 <!-- #### getUUID #### //-->
       <xsd:element name="getUUIDRequest">
         <xsd:complexType>
@@ -853,6 +870,13 @@
   <wsdl:message name="getOwnerResponse">
     <wsdl:part element="tns:getOwnerResponse" name="getOwnerOutput"/>
   </wsdl:message>
+<!-- #### getEPPN #### //-->
+  <wsdl:message name="getEPPNRequest">
+    <wsdl:part element="tns:getEPPNRequest" name="getEPPNInput"/>
+  </wsdl:message>
+  <wsdl:message name="getEPPNResponse">
+    <wsdl:part element="tns:getEPPNResponse" name="getEPPNOutput"/>
+  </wsdl:message>
 <!-- #### getUUID #### //-->
   <wsdl:message name="getUUIDRequest">
     <wsdl:part element="tns:getUUIDRequest" name="getUUIDInput"/>
@@ -1645,6 +1669,21 @@
       <wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
     </wsdl:operation>
 
+<!-- #### getEPPN #### //-->
+    <wsdl:operation name="getEPPN">
+      <wsdl:documentation>
+				Returns ePPN (aka TextGrid ID) of authenticated user. As ths function could be used for SID guessing, the caller must know a secret.
+				<ul><li><b>Input Parameters</b>
+						getEPPNRequest, with elements
+						<ul><li>auth - String, SessionID of user that wants to query his ePPN</li><li>log - String for log information, optional</li><li>secret - String with secret</li></ul></li><li><b>Output Parameters</b>
+						getEPPNResponse, with element
+						<ul><li>eppn - String, ePPN of user.</li></ul></li><li><b>Faults</b><ul><li>authenticationFault</li></ul></li></ul>
+			</wsdl:documentation>
+      <wsdl:input message="tns:getEPPNRequest"/>
+      <wsdl:output message="tns:getEPPNResponse"/>
+      <wsdl:fault name="authenticationFault" message="tns:authenticationFault"/>
+    </wsdl:operation>
+
 <!-- #### getUUID #### //-->
     <wsdl:operation name="getUUID">
       <wsdl:documentation>
@@ -2257,6 +2296,20 @@ in PEM format, for which the RBAC's accompanying daemon will hold the real key.
       </wsdl:fault>
     </wsdl:operation>
 
+<!-- #### getEPPN #### //-->
+    <wsdl:operation name="getEPPN">
+      <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getEPPN"/>
+      <wsdl:input>
+        <soap:body use="literal"/>
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal"/>
+      </wsdl:output>
+      <wsdl:fault name="authenticationFault">
+        <soap:fault use="literal" name="authenticationFault"/>
+      </wsdl:fault>
+    </wsdl:operation>
+
 <!-- #### getUUID #### //-->
     <wsdl:operation name="getUUID">
       <soap:operation soapAction="http://textgrid.info/namespaces/middleware/tgauth/getUUID"/>