Consent and federated identity
Download
1 / 12

Consent and Federated Identity - PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on

Consent and Federated Identity. Topics. Consent Where and when How the interface looks today Where it needs to go Informed consent Setting the bar Engaging the SP’s Educating the User. Jurisdictional Issues at the Start. At least three policy spaces at play IdP location SP location

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Consent and Federated Identity' - tanner-hickman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Topics
Topics

  • Consent

    • Where and when

    • How the interface looks today

    • Where it needs to go

  • Informed consent

    • Setting the bar

    • Engaging the SP’s

    • Educating the User


Jurisdictional issues at the start
Jurisdictional Issues at the Start

  • At least three policy spaces at play

    • IdP location

    • SP location

    • User’s national and local laws

  • Known exploits exist today…


Consent
Consent

  • At the point of collection of information

    • “We intend to use what you give us in the following ways”

  • At the point of release of information

    • “I authorize the release of this data in order to get my rubber squeeze toy…”


User interface
User interface

  • Provide users with control, and guidance, over the release of attributes

    • Includes consent, privacy management, etc.

  • Basic controls (uApprove) now built into Shibboleth, but largely untapped in deployments.

  • Additional technical developments would help scalability

  • Human interface issues largely not yet understood – getting the defaults right, putting the informed into informed consent, etc.



Next steps
Next Steps

  • Normalize the “presentation of the attributes” language

  • Field test – get the defaults right

  • Sift through what really needs consent

    • Need to complete the business transaction

    • Europe model more sophisticated but is compounded by national issues

    • Federations as vehicle for national consent management

    • ePTID – opaque, non-correlating. Does it need consent?

    • Cookie consent?

  • Attribute bundles


ad