1 / 12

Consent and Federated Identity

Consent and Federated Identity. Topics. Consent Where and when How the interface looks today Where it needs to go Informed consent Setting the bar Engaging the SP’s Educating the User. Jurisdictional Issues at the Start. At least three policy spaces at play IdP location SP location

tanner-hickman
Download Presentation

Consent and Federated Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Consent and Federated Identity

  2. Topics • Consent • Where and when • How the interface looks today • Where it needs to go • Informed consent • Setting the bar • Engaging the SP’s • Educating the User

  3. Jurisdictional Issues at the Start • At least three policy spaces at play • IdP location • SP location • User’s national and local laws • Known exploits exist today…

  4. Consent • At the point of collection of information • “We intend to use what you give us in the following ways” • At the point of release of information • “I authorize the release of this data in order to get my rubber squeeze toy…”

  5. User interface • Provide users with control, and guidance, over the release of attributes • Includes consent, privacy management, etc. • Basic controls (uApprove) now built into Shibboleth, but largely untapped in deployments. • Additional technical developments would help scalability • Human interface issues largely not yet understood – getting the defaults right, putting the informed into informed consent, etc.

  6. Informed Consent

  7. Next Steps • Normalize the “presentation of the attributes” language • Field test – get the defaults right • Sift through what really needs consent • Need to complete the business transaction • Europe model more sophisticated but is compounded by national issues • Federations as vehicle for national consent management • ePTID – opaque, non-correlating. Does it need consent? • Cookie consent? • Attribute bundles

More Related