shibboleth-dev - Re: [Shib-Dev] uApprove + IdP 3.x
Subject: Shibboleth Developers
List archive
- From: Peter Schober <>
- To:
- Subject: Re: [Shib-Dev] uApprove + IdP 3.x
- Date: Fri, 19 Mar 2010 14:45:06 +0100
- Organization: Vienna University Computer Center
* Kristof BAJNOK
<>
[2010-03-19 14:02]:
> Ideally an IdP should:
> * NOT release attributes _before_ user consent has been given
> * release attributes if the user has given it the right to do so
Forcing consent on any attribute release is not sensible and is not
going to happen. We still have campus systems and systems where
release is not based on consent but necessity (which is perfectly fine
and covered within e.g. 95/46/EC)
> * NOT release attributes _after_ the user has withdrawn the approval
>
> Regardless of the binding being used. And I'm still advocating that
> this is truly a filtering step.
I would also expect that once someone explicitly denies release of
attributes a-c to SP x these should not be released, be it push or
pull.
-peter
- uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Peter Schober, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- RE: [Shib-Dev] uApprove + IdP 3.x, Scott Cantor, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/21/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
Archive powered by MHonArc 2.6.16.