TF-OpenSpace – Session 1, room 8. 16 October 2013.
Lead by: Roland van Risjwik-Deij
Notes: Nicole Harris
ABC = Attribute Based Credentials. uApprove and IdMix are examples of these. European project: ABC4Trust. How do we bring ABC approaches together with federations?
ABC = a signed bag of attributes. Could these also be encrypted? (Yes, this is a possibility). Effectively similar to the user building up their own attribute authority.
What is the difference between UMA (User Managed Access) and ABC? UMA is more user asserted.
Possible reasons for use:
- How can we prevent the IdP from knowing which SPs I am releasing data to.
- How can we prevent SPs from colluding on attributes that are released to them.
One of the problems of linking these approaches up to federations is that you effectively create a ‘hotspot’ at the IdP.
Should look at the presentation given by Roland at 31st TF-MNM meeting and from TNC2013: https://tnc2013.terena.org/core/presentation/5.
Is this a real issue – is there any evidence that the issues articulated above are a problem? This is possible an academic issue, there is no actual evidence. It is perhaps saying that we currently deal with this in contracts within federations…you will agree not to do ‘x’. This moves that to a technical solution to prevent it from happening.
Risk-based approach – may be more important in the health / government environment. Will academic federations be consumed in to government federations?
OpenIDConnect might be an interesting in this space.
Attribute value ecosystem needed? Did this attribute come from a trusted source?
Technically possible, but more of a business / political model. How would we make this work??