Sorry if this may be slightly OT for this list, but I think it does
The task of setting up Dundee's access to Gartner data has fallen to
me. This requires that we set up a wee portal that firstly
authenticates the user against our own site and then passes control over
to Gartner. When passing over to Gartner there are two ways of
identifying users, as detailed below:
"Identifying Your Users
As part of this script, we require that you identify each unique user.
This enables us to personalize the user experience on the site. You may
choose one of the following two options:
Option 1: First Name, Last Name, E-mail Address
If you choose to send a first name, last name, and unique e-mail
address; on the Gartner home page, we display "Welcome ‘First Name
Last Name’” when the user enters. A registration confirmation will
be sent to each individual e-mail address.
Option 2: Unique Identifier
You may use a unique identifier of your choosing, as long as each user
has a unique ID. These user IDs must be unique within your environment;
no two users can share the same ID. In this case, you will need to
provide a valid generic e-mail address to us when we set up your
Now, I know there are some Data Protection savvy people on this list.
I have misgivings about option 1 which is exposing personal data to
Gartner, are my misgivings well founded or if there is a disclaimer on
the login page saying that this information will be disclosed is
everything just fine?
My other choice is to use Option2 but to protect the PHP script which
generates the stuff for the Gartner login with the Shibboleth SP. I can
then use ePTID as the uniqueID which is passed to Gartner. The
downside is that users will be greeted each time they login with the
message Welcome <28chars>@dundee.ac.uk, i.e. their ePTID, but it seems
more in keeping with the current thinking on access to remote resources
and protecting personal identity.
(And yes, I will be asking them why they aren't just providing direct
The University of Dundee is a registered Scottish charity, No: SC015096