Within the framework of the Australian Access Federation, identity providers pass information about individual end users to service providers in the form of attribute assertions. The service provider uses the attributes for authorisation and for providing a better service to the end user.
The policies and technologies behind the AAF are intended to protect user privacy while making it easier for users to access resources. However, because AAF Subscribers are handling information about individuals, there is also a potential risk to individual privacy if the information is not handled correctly. These recommendations are intended to help AAF Subscribers have a better understanding of handling personal information within the context of the federation.
Authoritative Sources of Information
Information privacy in Australia is regulated by the Privacy Act 1988. The Act includes a set of Information Privacy Principles that apply to government agencies, and a set of National Privacy Principles that apply to other types of organisations. (Law reform currently in progress may integrate these two sets of principles into one set of Australian Privacy Principles.) All AAF Subscribers are strongly encouraged to become familiar with the Guidelines to the Australian Privacy Principles. These are available on the website for the Office of the Australian Information Commissioner.
For more information about the Recommendations on the Use of Personal Information