- Go to the website of the information service you would like to use.
- When logging in using the WAYF button, you get referred to WAYF, where you will be asked to state from which institution you come.
- If you are not logged in at your institution, you will be taken to its login page.
- Once you are logged in, WAYF shows you which information will be passed on to the service provider. Simply click the Continue button to get to the service. You can click another button to tell WAYF not to re-display this information page if you log into the same service again later on.
- If the information service accepts your information, you will be granted access to the service. It is always up to the service to decide who to let in.
WAYF connects institutions with external services used by the institutions' users.
WAYF confines the information with regard to what service providers need to be able to decide whether access should be granted to you. If e.g. the provider only needs to know whether you are coming from a specific institution, WAYF will not pass on information about your name or social security number. You will always be asked consent to the transfer, no matter which information is in question.
WAYF records, on your own device, and for each service you have accessed, the identity provider that you prefer using with that service, if any. The information is saved as using so-called cryptographic hash value established on the basis of your user information. It is not possible to recover your actual identity from what is stored, only to recognise you as the same user as the one that accessed the service last time.
WAYF communicates with two kinds of organisations: Service providers and institutions. The service providers (e.g. a research library or a scientific database) make a service available. The institutions put information about the users at disposal. WAYF takes care of the necessary technical translations for the communication between the two kinds of organisations. In order for a user to be able to access the service, information about the user must be transferred to the service. This information is provided by the user's home institution — not by the user himself — which is why service providers choose to trust the data about the user. The user is always shown what information about him is to be handed over to the service. It is always up to the service to decide whether a user should be let in or not (authorisation).