On Wed, 11 Apr 2007, Ross MacIntyre wrote:
> A note of caution - MIMAS (& other SPs) would *love* to receive quality
> assured attributes for the users of our services from IdPs. For example,
> it would save us from asking the user to try and provide us with
> correctly formed email addresses, which we have to try to deal with when
> they fail - wastes so much time and the user gets irritated when alerts
> haven't appeared.
>
> However, the Federation's 'rules' covering the transmission of the
> attributes, where they (conceivably) constitute personal data would
> require us to have an agreement in place with each IdP to clarify who
> would be liable if the wrong data was associated with an individual.
> Their recommendation is effectively for no SP to hold personal data
> supplied other than by the user. Square one.
Ironic isn't it? Users (in the mass) generally want us to simultaneously:
a) preserve their privacy by not divulging personal data (like e-mail
address)
and
b) make it easy to access sites that need various bits of information
(like e-mail address)
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|