Subject Re: entity category work?
From Rhys Smith <smith@xxxxxxxxxxxxx>
Date Fri, 26 Apr 2013 17:20:03 +0100

On 26 Apr 2013, at 13:21, Andrew Cormack <Andrew.Cormack@xxxxxx> wrote:

> I'd hope that the privacy risk of an ARP limited to those two attributes was seen as very low (the original UK federation recommendation was to have that as default). Unfortunately the European authorities seem rather resistant to the idea of providing regulatory incentives to use opaque identifiers ("it's still personal data", at least beyond the UK), so even for just ePTID there's still a bit of a selling job to do :( I'm still working on that.

Having said that, I would suggest the vast majority of IdPs in the UKfed release ePTID and ePSA to any entity that it knows about...

Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet - the UK's research and education network

email: smith@xxxxxxxxxxxxx / rhys.smith@xxxxxx
GPG: 0xDE2F024C