ging / fiware-idm

OAuth 2.0-based authentication of users and devices, user profile management, Single Sign-On (SSO) and Identity Federation across multiple administration domains.
https://keyrock-fiware.github.io
MIT License
36 stars 80 forks source link

Privacy issue: Not showing the users on the Web portal #298

Open MandatInternational opened 2 years ago

MandatInternational commented 2 years ago

For a given application, is it possible to hide the authorized users of this application on the Web portal of Keyrock? The rationale behind this question is to be fully compliant within the privacy, in particular the GDPR. Normally, a user connected to the Web portal of Keyrock should not know the name and the email address of the other users authorized for this application, considering that the username and his email address are personal data.

nikosft commented 1 year ago

Related to that. A user can create an "Organization". Then in the "Members" section, users can add to their organization any other user of the system. They even get suggestions of all users in the system simply by typing two letters. A user is added to another's user organization without giving consent. Finally, a user can view the details of all other users he has added to his organization.

MandatInternational commented 1 year ago

Yes, exactly. This is not really compliant with GDPR. To come back to my initial question, is it scheduled to change this behavior?