Section E.2.13 suggests that because XSEDE already obtains usage data from Globus Auth, no additional usage tracking is needed. This is incorrect.
The Globus Auth usage data only includes usage data for a specific set of XSEDE applications that use Globus Auth. (Examples include XSEDE User Portal, Jetstream, Research Software Portal, XSEDE Confluence & Jira.) Use of XSEDE identities in other applications are not included in XSEDE's Globus Auth usage data.
Furthermore, the Globus Auth usage data reports every use of Globus Auth to authenticate an individual in one of the tracked XSEDE applications. This isn't the same as every use of the XSEDE IDP to authenticate XSEDE identities. XSEDE applications are configured to require an XSEDE identity, but this requirement is satisfied by any identity that has been linked to an XSEDE identity. Thus, a usage record from Globus Auth indicates that EITHER an XSEDE identity OR an identity linked to an XSEDE identity was used to login to an application. It does not mean that the XSEDE identity was authenticated.
Having clarified these points, I wonder if the logging mentioned in E.2.7 can be used to track usage of this XSEDE IDP?