-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authcontext suggests putting sensitive data in event attributes #1251
Comments
This issue is stale because it has been open for 30 days with no |
@inlined any thoughts on this one? |
This issue is stale because it has been open for 30 days with no |
@inlined any comments on this one? |
This issue is stale because it has been open for 30 days with no |
From the authid definition
Emails are considered as PII therefore sensitive data. May cause issues with compliance such as GDPR.
The spec says that we SHOULD NOT put sensitive data into extension attributes
I suggest removing this suggestion from the spec, or suggesting to put the hash of the email or something
The text was updated successfully, but these errors were encountered: