On Tue, Jul 23, 2019 at 2:29 PM Peter Schober peter.schober@univie.ac.at wrote:
- Jiri Pavlik jiri.pavlik@mzk.cz [2019-07-23 14:19]:
Could be Albert-Ludwigs-Universität Freiburg a representative of a group of universitites, libraries who don't want to release any identifier and want their users to sign-in twice for personalisation?
That's not what he said, though. He was merely extending my argument that the term "anonymous" should be avoided when releasing some kinds of identifiers to apply to essentially any kind of identifiers (and rightfully so), at least for IDPs and SPs that need to adhere to GDPR. -peter
At eduID.at all IdPs are fine with releasing eduPersonTargetedID according to
<md:EntityDescriptor... entityID="https://sdauth.sciencedirect.com/%22%3E ... md:NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:persistent </md:NameIDFormat> md:NameIDFormat urn:oasis:names:tc:SAML:2.0:nameid-format:transient </md:NameIDFormat> ... <md:RequestedAttribute FriendlyName="eduPersonTargetedID" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <md:RequestedAttribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"> saml:AttributeValueurn:mace:dir:entitlement:common-lib-terms</saml:AttributeValue> </md:RequestedAttribute>
I suppose. Is it correct, Peter?
BR Jiri