FAQ content

How does LibAuth protect user authentication data?

In this article

Is authentication data encrypted?

LibAuth is a Linux-based platform hosted on Amazon Web Services. Amazon AWS/RDS maintains ISO 27001 certifications and provide public SOC 3 reports. Learn more about AWS compliance offerings.

All LibAuth authentication data is encrypted using Transportation Layer Security (TLS).

How will the attributes be used in the application/service? 

As a member of InCommon, we recommend first/last name and email to be released following their Supported Attribute Summary guidelines:

  • First name: givenName
  • Last name: sn
  • Email: mail
  • Name: displayName

We mainly use those attribute to auto populate the form and attribute release is not required (unless using LibAuth as a login method for LibApps, in which case email is required).

Will the attributes be used for any other purpose?


Will the attributes be given to third parties, used for reports, etc?


Will attributes be stored? If yes, how will the attributes be stored and for how long?

If you release the optional Name & Email attributes, then LibCal will store this info as part of your booking, appointment, and event registration data. We store this indefinitely in the database. 

Note: We do have a monthly privacy scrub that can erase this info if required -- ask your Admin to submit the Privacy Scrub Request form if you'd like to set this up.