Shibboleth Developers

[Chad La Joie <>]

Well, as Halm knows, I've gone back and forth on whether we should 
support this "feature" at all.  I continue to feel that people should 
never use this feature, and I have in the past told Halm I was going to 
yank it when we included uApprove into IdP v3.  However, I also know 
that some folks who have deploy uApprove do in fact allow user's to 
opt-in to global consent.

So for me, at this point, I am mostly settled on the model where we 
leave it in but have it off by default.  What I really want to ensure 
though is that our APIs are developed such that they are easy to extend 
or chopped up and reused for people who want to do drastically different 
UIs.  I feel pretty confident in saying that outside the very simple 
uApprove/card selector UI we have today, we have no idea what UIs people 
really find usable.

So, my hope is that once attribute consent is baked in to the IdP, and 
thus in front of many more people, we can get people experimenting with 
more advanced UIs and figuring out what really works.  Or, maybe we find 
out that the "simple" interface is the best option.

On 11/15/10 12:25 PM, Halm Reusser wrote:
> Hi,
>
> On 22.07.64 20:59, Chad La Joie wrote:
> > Features I am considering but not yet committed:
> >
> > [...]
> >
> > - Global consent, meaning the ability to tick some box and never be
> > asked anything again regards of the SP or changes in the
> > to-be-release data. Again, as above, people are free to experiment
> > with this feature but I don't think there are enough data points to
> > determine if users really understand what this means or how to
> > change such a setting.
>
> Actually I was thinking a little bit about this. At my personal opinion
> I'm not very happy with the current implementation of this "feature".
>
> The as-is situation (Arpviewer 1.x / uApprove 2.x) is like described by
> Chad. If a user checks this box, he gets never ever asked about consent
> again independently if he,
>
> ... accesses a new service provider
> ... accesses a already visited service provider including a new
> attribute to be released
> ... accesses a already visited service provider including a
> attribute already accepted to be released, but including different
> values.
>
> Sounds not like a good privacy protection.
>
> I can tell you my suggestion for this "feature". If a user checks such a
> box, it should mean "I accept that these attributes, which are listed
> above, including exact those values" might be released to every other
> service provider I access in the future". This is straight and clean.
>
> This implies, the user has to confirm the attribute release again, if
> he access an already visited or new service provider and
>
> ... attributes, on which he did not give "global consent",
> will be released.
>
> ... attributes, on which he did give "global consent",
> but the values have changed will be released.
>
> I'm looking forward to have a fruitful discussion about it.
>
> -Halm

--
Chad La Joie
http://itumi.biz
trusted identities, delivered