Refeds


Subject RE: (fwd) New version of eduPerson now entering last call
From Mikael Linden <Mikael.Linden@xxxxxx>
Date Thu, 13 Jun 2013 12:29:28 +0300

>I don't know (or have any opinion about) weather this means that 
>eduPersonUniqueID shouldn't be used for national id numbers.

The current draft says eduPersonUniqueId "is meant to be freely sharable, is public, opaque, and..."
In many (European) countries a National Identification Number counts as sensitive personal data. In those countries it doesn't seem a good idea to use NIN as ePUID.

Although defined as "freely sharable, public and opaque", there is still the possibility that ePUID qualifies as personal data in Europe and the data protection laws will apply to it, as Andrew mentioned. It means that the organization (IdP) "sharing it freely" may take some legal risks. The risks are probably smaller for an identifier that is opaque, though. 

mikael