Problem statement: Trusted third parties like Identity and Attribute Providers tend to accumulate a lot of traffic data and 'RP graph' data about its user population. This might create some risk, in particular when identities are used across domains like professional and private context or different government agencies.
(t.b.d. How can these requirements be deducted from FIPs? Is a Privacy Impact Assessment needed? Is there a requirement at all?)
Discussion in Kantara eGov WG listed approaches to mitigate this risk in 5 categories: