* Peter peter.gietz@daasi.de [2019-04-05 18:13]:
How are we to fix such issues? Should we have sentences like "publishers who push for FIM should also align their software offerings accordingly"
I don't even understand why they should be able to provide such stats for non-personally identifiable access from IP ranges but not for non-personally identifiable access from any IP address but authorised by a SAML IDP: In both cases they have the client IP addresses, in both cases they need to perform authorisation checks (IP, SAML attribute), in both cases they lack an identifier to reliably map access requests to individuals.
The ask would therefore be to fix the system to provide stats consistently, no matter the access method. Because there's no technical reason this couldn't be done in those two scenarios.
-peter