I've been looking at the data from the assurance survey, hoping to be able to extract some sort of meaningful analysis. Unfortunately, given the low number of respondents, (11 total) I don't think we can make much of the data. I've looked for commonalities in the responses for the shared attributes, usages, and consequences of bad data - see enclosed. There would appear to be little of interest here and arguably little to be gained by publishing. Perhaps we chock this one up to experience, cut our losses and move on? Paul p.s. The authorization survey appears more promising for delivering interesting results. What identity attributes are used by your application? (list up to 3 different attributes) Item 1 Item 2 Item 3 citizenship // clearance level // special accesses subject name // organization // virtual organization call center rep level // regonial id // home vs company name - realname // email address // affiliation social security number // birth place // fingerprint scan idpnid and cn // role // aztok (proprietary corporate authrization token, effectively a delegation of authority, digitally signed) name (full name, last name, etc.) // Organizational data (department, title, job code, region) // Authentication data (login ID or other unique identifiers that we require to uniquely map the ID) Medical Number // Date of Birth // Name fields My Birth ID // My Medical ID // My Biometric ID #################################### categories ########################## real name pseudonym persistent readable identifier role, entitlement DOB contact biometric #################################### Usages ########################## personalization authorization audit contact data index authentication #################################### Consequences ###################### security compromise degraded user experience application wont work compliance violation death breach of contract