Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Shib WG Topics

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Shib WG Topics


Chronological Thread 
  • From: Bradley Beddoes <>
  • To:
  • Subject: Re: [Shib-Dev] Shib WG Topics
  • Date: Wed, 13 Apr 2011 09:35:59 +1000

Hi Bob,
Generated by our Federation Registry tool (http://wiki.aaf.edu.au/federationregistry/) as an intersection between what IdP have marked as available and what SP have requested.

Filters themselves provide a level of automation but no IdP is required to utilize them. Many folk of course do, others download with cron and do manual local updates very few still manually manage policies themselves. Regardless the requirement is the same, IdP within the AAF most only disclose PII each service specifically requires.

cheers,
Bradley

On Wed, Apr 13, 2011 at 9:27 AM, RL 'Bob' Morgan <> wrote:

On Wed, 13 Apr 2011, Bradley Beddoes wrote:

On a related note our usage of IdP attribute filtering and uApprove together within the AAF has been very effective. Using (in our case) automatically generated attribute filters with our IdPs combined with user consent is a strategy we'll certainly be taking forward. It forms part of our compliance to Australian privacy law which in layman terms requires both minimal disclosure and the ability for users to approve transfer of PII before it actually occurs.

Interesting stuff.  Probly OT for shib-dev, but:

"automatically generated attribute filters" are automatically generated where?  By the federation management system?

Are all IdPs required to use these filters or just highly motivated due to the compliance issue?

Thanks,

 - RL "Bob"



--

Bradley Beddoes | Advanced Technical Development | Australian Access Federation
Mob: 0413768802 | Email: | Web: http://www.aaf.edu.au/
Twitter: http://twitter.com/ausaccessfed Facebook: http://facebook.com/ausaccessfed



PRIVILEGED – PRIVATE AND CONFIDENTIAL

This email and any files transmitted with it are intended solely for the use of the addressee(s) and may contain information which is confidential or privileged.  If you receive this email and you are not the addressee(s) [or responsible for delivery of the email to the addressee(s)], please disregard the contents of the email, delete the email and notify the author immediately





Archive powered by MHonArc 2.6.16.

Top of Page