On Thursday 03 November 2005 21:53, Steven Carmody wrote:
> > > Hope you don't mind my asking, but how does the user override the site
> >> ARP (in practice)? Reason I ask is this question comes up all the
> >> time, so if you have some neat tool that allows the user to do this...
> >As far as Athens is concerned, this is another project we're working on at
> > the moment. It will be possible for users to set ARPs for certain
> > attributes, both prempively, and at the time of access (ie.'This service
> > is requesting attribute X, do you want to release it?'). Overall user
> > ARPs will be manageable via the current MyAthens interface. We hope to be
> > trialling for a restricted set of attributes and/or users by the end of
> > this year.
> we're seeing Shibboleth used both for access to licensed information
> resources (where user privacy is often a concern), and to application
> environments supporting collaboration (eg wiki's, where user identity
> is expected to be released).
Sure. We're also interested in cases where privacy is not just a concern, but
a legal requirement. This means that the user has to be put in control of
what may be released, why it is required, and what the consequences of not
releasing the necessary information are.
> Do you expect that the ARP management interface you describe would be
> able to control release of
Our ARP mechanism makes a clear distinction between who owns that attribute
definition (schema instance etc), the data constituting a particular instance
of an attribute and the policy governing the release of that attribute. This,
we believe, provides a great flexibility in being able to control the release
of attributes in a wide range of different cases, where the stakeholders in
the ARP may be different. In many ways it is too complex to be able to
implement all possible functionaltiy in a simple enough UI, so we have to
make sure that the most common use cases are covered.
> -- the attributes often used with information providers (eg
> eduPersonEntitlement, targetedId, email, etc)
This is the initial application that we're interested in and have already had
some interest from SPs who are interested in piloting with us. In many of
these cases it is a legal requirement for the user to be able to specify
policy governing the release of this kind of information.
> -- the attributes often used with collaboration environments (eg
Doesn't this depend on who the collaboration is with and its scope?