Andy Swiffin wrote:
> I find the statement:
>
> "ii) The UK federation as currently deployed has a significant
> shortcoming which is the readiness of IdPs to disclose the real-world
> identity of users to SPs (as distinct from providing opaque persistent
> identifiers to support simple customisation). [...]
>
> rather strange. Should it not read "unreadiness"?
I think that was the intent, yes.
> and it isn't a shortcoming! The whole point is that we _don't_
> expose real-world personal identity in breach of the data protection act
> but that we provide the mechanism for personalisation through the
> opaque identifier. Why would we want to fix that?
What is being said, I think, is that there are some types of
service which would naturally like to refer to you, Andy Swiffen,
e.g., the author of that paper in a repository, and not an opaque
identifier at the University of Dundee (especially after you've moved...)
The federation has the mechanisms, both technical and procedural,
to allow this kind of thing, but because the procedural side involves
getting "central services" at many different institutions to enable
the desired attribute releases, it appears as a somewhat daunting
shortcoming to someone with a service that wants that kind of information.
Fiona.
|