shibboleth-dev - RE: [Shib-Dev] [IdPv3] Attribute Filter Work
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shib-Dev] [IdPv3] Attribute Filter Work
- Date: Thu, 3 Jun 2010 11:34:04 -0400
- Organization: The Ohio State University
> Speaking of consent: I have no idea what is involved here (or whether
> it might even be possible today, but I doubt it is) but it would be
> great if the "flow" would be such, that it would be possible for a (or
> preferrably: the one that comes integrated with the Shib IdP) consent
> module to let people opt-in or opt-out to the release of specific
> attributes (or values) and only then generate the signed and encrypted
> assertion.
This is the thing Microsoft claims to have done a lot of user research on
for Cardspace and concluded it's a bad idea. One reason I think is that
users can't get clear indications about what the implications are of
blocking the data.
Personally, I favor a "service level" model where the SP just identifies the
kinds of packages of attributes they need to do certain things and if they
can live with less, they can describe services that don't require as much
data. That way the user gets a choice, but potentially understands what the
result will be.
-- Scott
- [IdPv3] Attribute Filter Work, Chad La Joie, 06/02/2010
- RE: [Shib-Dev] [IdPv3] Attribute Filter Work, Rod Widdowson, 06/03/2010
- Re: [Shib-Dev] [IdPv3] Attribute Filter Work, Peter Schober, 06/03/2010
- RE: [Shib-Dev] [IdPv3] Attribute Filter Work, Scott Cantor, 06/03/2010
- Re: [Shib-Dev] [IdPv3] Attribute Filter Work, Peter Schober, 06/03/2010
- RE: [Shib-Dev] [IdPv3] Attribute Filter Work, Scott Cantor, 06/03/2010
- Re: [Shib-Dev] [IdPv3] Attribute Filter Work, Adam Lantos, 06/04/2010
- Re: [Shib-Dev] [IdPv3] Attribute Filter Work, Peter Schober, 06/03/2010
- Re: [Shib-Dev] [IdPv3] Attribute Filter Work, Chad La Joie, 06/03/2010
- RE: [Shib-Dev] [IdPv3] Attribute Filter Work, Scott Cantor, 06/03/2010
Archive powered by MHonArc 2.6.16.