Identity Federation Do Not Track Pattern
All information has been extracted from http://blog.beejones.net/the-identity-federation-do-not-track-pattern
The Do Not Track Pattern makes sure that neither the Identity Provider nor the Identity Broker can learn the relationship between the user and the Service Providers the user us.
This pattern is focused on identity federation models
When an identity system provides identifying information about a user and passes this to a third party service, different parties can do correlation and derive additional information.
Include an orchestrator component, that must act in behalf and be controlled by the user. The orchestrator makes sure that the identity broker can’t correlate the original request from the service provider with the assertions that are returned from the identity provider. The correlation can only be done within the orchestrator but that’s no issue because this acts on behalf of the user, possibly on the device of the user.
Avoid the correlation of end user and service provider data
Identity federations and ecosystems