personal information in logfiles on trust gateways

[alexstuart]

Logs contain personal information from google, FB, twitter so ensure that we know what's being stored, for how long, and include that in the data retention policy.

Note: it's not good enough just to dial down the logging and say "no personal data stored" because we may need to turn the logging up to debug problems.

[alexstuart]

Have added following code to lib/Auth/Source/Facebook.php on FB gateway. This logs the email address of the user session; need to have logging of UUID so that privacy is preserved, yet we can keep logging of distinct users.

                if (array_key_exists('facebook.email', $attributes)) {
                        /* is_string and !empty checked when populating $attributes */
                        SimpleSAML_Logger::debug('Facebook session with email address: ' . implode(", ", $attributes['facebook.email']));
                } else {
                        SimpleSAML_Logger::debug('Facebook session with no email address');
                }