Evolving Attribute Release Policies for campuses
Wessel, Keith
kwessel at illinois.edu
Wed Apr 6 12:15:35 EDT 2016
Nice!
But now we're also talking about the federation management interfaces for all of the eduGAIN federations adding support for SP admins being able to enter this text for each requested attribute and then generating metadata that includes these extensions. That's the technical issue, and maybe not an impossible one. The bigger challenge, IMHO, is getting the SP admins to actually enter something. We've had a hard enough time getting SP admins to enter RequestedAttributes; now we're asking them to go back and put in meaningful text for each attribute. And what does the IDP display if no text was entered for a requested attribute?
Being able to put this in metadata is the first step, though, and it sounds like that's technically possible.
Keith
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Tom Zeller
Sent: Wednesday, April 06, 2016 10:40 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Evolving Attribute Release Policies for campuses
> On Apr 5, 2016, at 4:36 PM, Wessel, Keith <kwessel at illinois.edu> wrote:
>
> It might not be enough to tell a user that an attribute is optional; it'd be better to tell them what the SP plans to do with that attribute so they can make an informed decision: is the intended use a feature that the user care about enough to release that piece of their information? That, obviously, involves changes to metadata to allow SPs a place to say what each attribute will be used for. Other registries such as the AAF's federation registry require the SP operator to record the reason for wanting the attribute, but there's currently no place in metadata (that I know of) to pass that text along.
FWIW uApproveJP has extensions which provide a description of requested attributes, see section A "Notification of the using purpose of attributes on SP”.
https://meatwiki.nii.ac.jp/confluence/display/GakuNinShibInstall/Installation+and+configuration+of+uApprove+Jet+Pack+2.5.0
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list