This Wiki is available to view but still under maintenance. PLEASE DO NOT EDIT THE WIKI UNTIL FURTHER NOTICE. We are attempting to restore missing edits which took place between Monday 8 and Thursday 11 April 2019, therefore the site is likely to be taken off line at any time. Updated 20:43 CEST 16 April 2019.
Child pages
  • Guidance on justification for attribute release for RandS

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • There is no access on a general basis to a database of users:.
  • The access only covers time-limited, minimised data of the single user who has chosen to authenticate that way and should already have been informed of the consequences.
  • There are individual safeguards: we minimise, pseudonymise, encrypt and contractually limit the purpose for which the data can be used.
  • Retaining data is actively counter-productive – the main benefit for the data importer is that they can get fresh data every time the individual logs in.
  • There isn’t a “stable relationship between the exporter (IdP) and importer (SP)”: each has a relationship only with its own federation. Where there are such relationships (e.g. site licenses) then there’s already a contract to put the necessary safeguards in.