Hello Keystone community, I am a PhD student researching privacy in federated identity systems. My work focuses on OpenStack Keystone federation, specifically how mapping rules process attributes from external Identity Providers. I would appreciate any insights from operators or developers about real-world federation deployments. My questions are: About mapping rules: 1. How many mapping rules do you typically have per federated IdP? 2. How often do these rules change after initial deployment? 3. Do you commonly use regex conditions, or mostly exact match conditions like any_one_of and not_any_of? About attributes: 4. How many attributes do you typically receive from federated IdPs? 5. For multi-valued attributes, how many values does a typical user have? About privacy: 6. Do you have privacy requirements affecting federated attributes? Any response would help my research. I am happy to share findings with the community when completed. Thank you for your time. Best regards, Abubakur Sait PhD Student, Wright State University, Dayton, OH, USA