Hi, [This is kind of drifting from the list charter, so I'd invite folks who may be interested to drop me a note offline, but just in case others are curious, one pass at the questions raised below...]
#On Wed, Oct 10, 2012 at 4:34 PM, Joe St Sauver <[email protected]> wrote: #> The nice part about Shib, from a privacy POV, is that you only release/get #> the attributes that may be necessary (thereby preserving user privacy). # #A rather optimistic view of federated identity... # #a) Who determines what is "necessary" and how? Attribute release policies and relying party requirements jointly determine negotiation of released attributes. You can see some examples of attribute release policies at: -- https://wiki.brown.edu/confluence/display/CISDOC/Shibboleth+Attribute+Release+Policies+and+Best+Practices -- http://www.ucs.cam.ac.uk/raven/attribute-policy -- http://www.itcs.umich.edu/itcsdocs/r1465/ -- http://www.upenn.edu/computing/weblogin/shibboleth/attribute.html -- http://technology.pitt.edu/research-computing/rc-incommon-shibboleth/attributes.html -- http://www.protectnetwork.org/support/policies/attribute-release-policy -- http://itservices.stanford.edu/service/shibboleth/arp But what about the other side of the equation, the service providers? Service providers who are relying on federated auth request certain attributes. If those are released to the provider, authentication proceeds. If the identity provider elects not to release those attributes, it doesn't. You can see an example of what one relying party requires at: https://www.educause.edu/idp_setup/info #b) How do you prevent collusion between SPs or SPs and IdPs? Identity Providers and Relying Parties ALWAYS *collaborate* with each other, that's what make federation work. That said, identity providers take their privacy obligations very seriously, and tend to be scrupulously careful about following their articulated attribute release policies, in some cases as a matter of personal integrity, in other cases because there are or may be legal consequencies for any privacy violations. Relying parties tend to avoid requesting more attributes than they need because the more they ask for, the greater the likelihood that they'll experience pushback, or find that IDPs simply won't release what they're requesting. Hope this addresses at least some of your questions, and feel free to contact me off list if you have others I can help with. Regards, Joe _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
