Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] [IdPv3] Attribute Filter Work

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] [IdPv3] Attribute Filter Work


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: [Shib-Dev] [IdPv3] Attribute Filter Work
  • Date: Thu, 3 Jun 2010 11:34:04 -0400
  • Organization: The Ohio State University

> Speaking of consent: I have no idea what is involved here (or whether
> it might even be possible today, but I doubt it is) but it would be
> great if the "flow" would be such, that it would be possible for a (or
> preferrably: the one that comes integrated with the Shib IdP) consent
> module to let people opt-in or opt-out to the release of specific
> attributes (or values) and only then generate the signed and encrypted
> assertion.

This is the thing Microsoft claims to have done a lot of user research on
for Cardspace and concluded it's a bad idea. One reason I think is that
users can't get clear indications about what the implications are of
blocking the data.

Personally, I favor a "service level" model where the SP just identifies the
kinds of packages of attributes they need to do certain things and if they
can live with less, they can describe services that don't require as much
data. That way the user gets a choice, but potentially understands what the
result will be.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page