* Alistair Young <[log in to unmask]> [2008-12-10 18:11]: > SPs in the federation get round privacy issues by just asking for > your personal information once you're past shibboleth authn/authz > and then link it with your ePTID. Note that according to a recent draft by Andrew Cormack (archived at http://www.terena.org/mail-archives/refeds/msg00373.html ) this practice would probably make the ePTID itself "personal data" per the Data Protection Directive (95/46/EC): "Clearly if a service provider subsequently collects information that allows them to link the identifier to the real-world person (for example by asking the user for their name or e-mail address) then the identifier will become personal data, subject to all the compliance requirements of EU and national laws." Which will significantly reduce ePTID's general usefulness (e.g. by requiring informed consent, which is quite a challenge in this case: try to explain this attribute to your average student or professor). So as far as "getting around privacy issues" is concerned, you might just as well be passing on ePPN or email (not that I'm suggesting this). cheers, -peter -- [log in to unmask] - vienna university computer center Universitaetsstrasse 7, A-1010 Wien, Austria/Europe Tel. +43-1-4277-14155, Fax. +43-1-4277-9140