user consent, which SPs should trigger these screens ?

Eric Goodman Eric.Goodman at ucop.edu
Thu Jan 14 15:45:05 EST 2016


Jeffrey at UCSC configured his IdP to have something like three levels of data release:

* Bi-lateral agreement SPs with (essentially) custom data attribute filter settings that don't require consent (normal "must be specifically approved" processes)
* InCommon SPs with <RequestedAttribute> elements in metadata will require consent and will only release the specified attributes
* Other InCommon SPs require consent and will release a (UCSC-selected) default set of attributes

There may be other variances in his setup; e.g., I'm not sure if R&S is handled under the above use cases (I'm pretty sure they require consent for "random" R&S sites) or as a special case and it's possible they may have "bi-lateral agreement SPs" that still require consent, but they've been in production for a while with the model.

I was thinking just last week (volunteering someone else to do work here) that this might be an interesting topic (both generally and covering UCSC's specific approach) to discuss in an InCommon webinar. Something like "real-life consent models and campus experiences". 

--- Eric

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Thursday, January 14, 2016 6:29 AM
To: Shib Users
Subject: RE: user consent, which SPs should trigger these screens ?

> Looking at how to implement this, it seems the deployer would want to 
> AND their activationCondition predicate with the default/system 
> predicate. But in this case I don’t see an easy way to do that without 
> copying the default/system activationCondition, since it is wired as an inner bean.
> Perhaps an improvement would be to remove the inner-ness of the 
> default/system activationCondition, so that it could be referred to in 
> an AND, and would ’survive' updates.

Yes, probably true.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list