Usually, the only data released to a protected resource are the data that resource needs 1) to ensure you should be granted access, 2) to give you the same access each time you visit that resource, and 3) to enable necessary actions on the resource.

For instance, if you are accessing a Shibboleth-protected Wiki, your name and e-mail address may be released to the resource to allow it to display your name on wiki entries or comments you create, or to enable communication with you. Other information released usually contains an encoded identifier that is unique to the resource you are accessing. This allows the resource to identify you as the same person who accessed it on another occasion. Other information may indicate that you are affiliated with the University in a specific role such as student, staff, faculty, affiliate or member.

The University will work with protected resources to determine the minimum amount of data that needs to be released, and then configure Shibboleth to release only that necessary data to that resource. No data are released until you log in to a protected resource using Shibboleth.

Article number: 
60
Last updated: 
September 10, 2012
Service: