5.1.5 Privacy

Privacy is a concern whenever the transmission of user information occurs. [WSFederation1.2] section 16 addresses some of the privacy issues, such as obtaining user permission for transmission of user data. The confidentiality measures specified in Confidentiality (section 5.1.3) also address some privacy concerns. Another privacy issue relevant to single sign-on (SSO) across security realms is the correlation of user information by relying parties using a common identifier. Because this protocol does not require the same identifier to be issued to every relying party, implementers have the option of implementing configurable behavior for the transmission of user identifiers to relying parties.<91>

Note  Single sign-on is an optimization of user authentications that enables a user with a domain account to log on to a network once and gain access to all network resources. It removes the burden of repeating actions placed on the end user (for example, prompting for user names and passwords multiple times). To facilitate SSO, an IP/STS can provide evidence of authentication events and user account information to third parties requesting information about the requestor (subject to policy and authorization restrictions). For more information, see [WSFederation1.2] sections 1.6 and 13. Note that the use of the term "sign on" or "sign-on" is based on [WSFederation1.2].