Attributes like your name or email address can be added to your IRMA app via the social media Twitter and LinkedIn. The Privacy by Design foundation is registered with each of these parties in order to receive attributes. The foundation digitally signs these attributes and places them in the IRMA app of a user. Immediately after issuance, the foundation removes these attributes from its own systems. The foundation does not keep a log of issuance.
The following attributes can be used.
- Twitter: username, full name, email address, web-address of one’s own Twitter profile
- LinkedIn: full name, first name, family name, email address, web-address of one’s own LinkedIn profile.
The validity period of these social media attributes is one year.
In order to receive these attributes you first log in, via the special buttons for Twitter / LinkedIn. Subsequently, the relevant attributes will be displayed on the screen, together with another button that allows you to load these attributes into your IRMA app.
A webpage that checks these IRMA attributes should be aware that they are self-reported in these social media. Their reliability is thus not guaranteed independently. When a webpage allows login with (some of) these attributes via IRMA, the relevant social media do not observe such login, since the IRMA app communicates directly with the webpage. This protects the privacy of the user. In contrast, when for instance a Facebook login is used to access a webpage of a newspaper, Facebook records each login and uses it to extend its profiles of users.
Back to attribute issuance.