* Jos Westerbeke jos.westerbeke@eur.nl [2019-05-15 14:08]:
If 5.b comes in one SAML connection together with 5.a (like the most wanted option 4, Peter S., May 13th) then a choice (of releasing a stable identifier) has to be made by 1.) the library beforehand or 2.) user consent at login, for each SAML connection. Right?
Let me prepend that the jury is still out on whether we can even pull off those categories I just mentioned that mandated to NOT release data (which has technical issues), but the above choice you mention is orthogonal to that or would remove the need to even have such a category:
*If* we managed to pull of those categories then the federation community would have to work consistently on getting library services into exactly *one* of those categories ("can work without recognising returning subjects" vs. "needs stable identifier"). That *removes* the need for such decisions from both the library as well as the subject as the semantics (and expected bahaviour at both the IDP and SP) are then baked into the category.
Theoretically an IDP (institution, library) would still have the choice to send a persistent pseudonymous identifier also to all SPs labelled with a category we specifically invented so that such SPs would NOT recieve such identifiers (and the category spec may even say that SPs "MUST NOT" process such data even if recieved) -- but doing that would seem highly illogical.
So it you're aiming for choice (and therefore: complexity) over having a pre-privacy-optimised set of SPs where all care has been taken to protect subjects' privacy -- even from some forms of misconfiguration and from overly liberal default attribute release policies (as reportedly common in the US) -- then the categories I proposed are not needed.
I.e., I wouldn't aim for *one* category/classification/grouping of SAML SPs (what you call "SAML connection" above, AFAIU?) that should cover the two cases of "can work without recognising returning subjects" vs. "needs stable identifier", but two separate ones, clearly defined and delineated.
-peter