Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Shib WG Topics

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Shib WG Topics


Chronological Thread 
  • From: Bradley Beddoes <>
  • To:
  • Subject: Re: [Shib-Dev] Shib WG Topics
  • Date: Wed, 13 Apr 2011 09:22:52 +1000

Hi Folks,
Just to add to this thread following on from yesterdays community call. Here at the AAF we're asking our service providers to provide us through Federation Registry specific, end user consumable reasons for why they are requesting a particular attribute be transferred to their service.

We'd then like to present this as part of release consent UI so our users not only see a list of attributes but are afforded the opportunity to better understand what this personally identifiable information(PII) will be used for on the SP end. 

On a related note our usage of IdP attribute filtering and uApprove together within the AAF has been very effective. Using (in our case) automatically generated attribute filters with our IdPs combined with user consent is a strategy we'll certainly be taking forward. It forms part of our compliance to Australian privacy law which in layman terms requires both minimal disclosure and the ability for users to approve transfer of PII before it actually occurs.

regards,
Bradley

On Fri, Apr 8, 2011 at 3:17 AM, Chad La Joie <> wrote:
Okay.  Just wanted to make sure everyone was on the same page.

On 4/7/11 1:14 PM, Cantor, Scott E. wrote:
>> On 4/7/11 12:45 PM, Cantor, Scott E. wrote:
>> What part exactly do you think v3 won't support?
>
> A GUI enabling per-attribute consent.
>
>> We will support the IdP releasing all attributes and allowing users to
>> consent to them.  The only thing that isn't on the roadmap is a UI that
>> has per-attribute checkboxes because, as you said before, we don't have
>> a high degree of confidence that we can make this intelligible.
>
> That's all I'm talking about. But the problem is that if somebody does implement that feature and wants to use it along with isRequired to make sure people release the required stuff, they in turn prevent the SP from asking for alternative attribute names on required attributes.
>
> So that's the trade-off unless and until we start over.
>
> -- Scott
>
>

--
Chad La Joie
http://itumi.biz
trusted identities, delivered



--

Bradley Beddoes | Advanced Technical Development | Australian Access Federation
Mob: 0413768802 | Email: | Web: http://www.aaf.edu.au/
Twitter: http://twitter.com/ausaccessfed Facebook: http://facebook.com/ausaccessfed



PRIVILEGED – PRIVATE AND CONFIDENTIAL

This email and any files transmitted with it are intended solely for the use of the addressee(s) and may contain information which is confidential or privileged.  If you receive this email and you are not the addressee(s) [or responsible for delivery of the email to the addressee(s)], please disregard the contents of the email, delete the email and notify the author immediately





Archive powered by MHonArc 2.6.16.

Top of Page