Common use of Respect for Identity Information Clause in Contracts

Respect for Identity Information. a. Participant agrees to respect the privacy of and any other constraints placed on identity information that it might receive from other Participants or any Co- Federation Participants. In particular, Participant understands that it may not permanently store, share, disclose or use for any purpose other than its intended purpose any identity information that it receives from another Participant or Co-Federation Participant without express written permission of the other Participant or Co-Federation Participant. Participant understands that the storing and sharing of resources is between the Participant and the other Participants and/or Co-Federation Participants and is not the responsibility of InCommon. b. InCommon strongly recommends that Service Provider systems may temporarily cache identity attributes/credentials that are supplied by IdPs for operational efficiency or sequential, repeated authentication purposes within a given session or reasonable length episode. InCommon further recommends that any shared attributes/credentials should not be used for any purpose other than the original purpose or intent, and that such attributes/credentials should be destroyed at the end of the session or episode in which they are needed. This temporary storage of credentials shall not be deemed as permanent storage for the purposes of this Agreement.