...
- There is no access on a general basis to a database of users.
- The access only covers minimised data of the single user who has chosen to authenticate that way and should already have been informed of the consequences.
- There are individual safeguards: we minimise, pseudonymise, encrypt and contractually limit the purpose put in place rules for which the data can be used.
- Retaining data is actively counter-productive – the main benefit for the data importer is that they can get fresh data every time the individual logs in.
- There isn’t a “stable relationship between the exporter (IdP) and importer (SP)”: each has a relationship only with its own federation. Where there are such relationships (e.g. site licenses) then there’s already a contract to put the necessary safeguards in.
...