- Go to the website of the information service you would like to use.
- When logging in using the WAYF button, you get referred to WAYF, where you will be asked to state from which institution you come.
- If you are not logged in at your institution, you will be taken to its log-in page.
- Once you are logged in, WAYF shows you which information will be passed on to the service provider. If you can accept this, you need to give your consent. You can have WAYF keep the consent for the following time.
- If the information service accepts your information you will be granted access to the service. It is always up to the service to decide who to let in.
WAYF connects institutions with external services used by the institutions' users. With WAYF you only have to log in at your own institution in order to get access to services such as journal databases, library databases, and similar. Article on the WAYF architecture (pdf-format).
WAYF confines the information with regard to what service providers need to be able to decide whether access should be granted to you. If e.g. the provider only needs to know whether you are coming from a specific institution, WAYF will not pass on information about your name or social security number. You will always be asked consent to the transfer, no matter which information is in question.
WAYF keeps information about those consents you have asked us to remember. The information is saved as a so-called cryptographic hash value established on the basis of your user information. It is not possible to determin which user has given which consents from the information in WAYF's database.
WAYF communicates with two kinds of organisations: Service providers and institutions. The service providers (e.g. a research library or a scientific database) make a service available. The institutions put information about the users at disposal. WAYF takes care of the necessary technical translations for the communication between the two kinds of organisations. In order for a user to be able to access the service, information about the user must be transferred to the service. This information is provided by the users' home institution — not by the user himself — which is why service providers choose to trust the data about the user. The user is always asked to consent to the data exchange before any data is handed over to the service. It is always up to the service to decide weather a user should be let in or not (authorisation).