...
- Participants should preserve the privacy of all involved and ensure that any confidential or sensitive information is not inappropriately shared.
- Participants should not share security incident information on behalf of the federation or any other federation member with external parties such as the media without prior agreement. Inquiries regarding security incidents in the federation should be directed to published federation contact points (http://www.incommonfederationincommon.org/contacts.cfm).
Auditing and logging
- Participants are expected to keep internal logs with accurate date/time stamps that allow for security incident response. For example, an Identity Provider should be able to identify the specific individual associated with an anonymised identity presented to a Service Provider.
- Participants are expected to retain such logs for whatever period of time organizational policy dictates or allows.
...