Internet2 Fall 2011 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Facilitating the Attribute Economy

Time 10/03/11 04:30PM-05:30PM

Session Abstract

Now that Shibboleth provides federated SSO, we need to pay more attention to the attributes that are released to provide user authorisation. Some fundamental principles must be adhered to:
i) Attributes are personal information so need to be protected in line with Data Protection Legislation
ii) Users must have complete control and visibility over the release of their attributes, and must provide consent for them to be released
iii) Minimal disclosure should be observed so that only the attributes essential for the task in hand should be requested and consented to.
We are proposing an Attribute Authorisation Layer that lies on top of the existing Shibboleth SSO layer, and provides the following features:
1. SPs inform users which attributes they need at the time authorisation is needed
2. Users choose which of their attributes they wish to release from which of their IDPs, in order to fulfil the SP


Speaker David Chadwick University of Kent

Presentation Media

Secondary tracks The Future: What's Next for the Net? Security Internet2 NET+ Services Middleware and Federations Middleware Industry Partnership Development and Engagement Global Reach and Leadership Focus on Federations Cyberinfrastructure

silver Sponsors

bronze Sponsors

supporter Sponsors