Shibboleth Developers

[Thomas Lenggenhager <>]

The ArpViewer was built on demand of one of the Swiss universities. They
have to provide their users the option to say no to the attribute
release - which results in no access to the SP.

It is implemented as a one time consent per SP (as long as the set of
attributes to be released does not grow).
For users disturbed by that question, an option exists for 'global
consent' (all future SPs the user accesses).
The user can also reset everything to get asked again.

The tool is limited by design to still be simple to use. So the user
cannot choose which attributes to send. It is a yes or no to the set of
attributes listed per SP in the arp.site.xml.

Thomas

Nathan Dors wrote:
> Are actual policies driving the development of these capabilities? (See
> also MAMS Autograph.) That is, policies that say users must be given the
> chance to control release of their information? Or is this more a
> philosophy of transparency?
> 
> In a medium-large community like UWash, some users may want these
> controls, others will be annoyed by the extra step. Maybe the right
> direction therefore involves some amount of user preference?
> 
> Unless, of course, there really *are* policies that say they've got to
> see and accept the privacy implications of continuing to the SP.
> 
> -Nathan

-- 
Thomas Lenggenhager           http://www.switch.ch/
SWITCH       The Swiss Education & Research Network
Zurich, Switzerland            Tel: +41 44 268 1541