Refeds


Subject RE: draft charge, refeds working group on attribute release
From Mikael Linden <Mikael.Linden@xxxxxx>
Date Fri, 1 Jul 2011 17:29:28 +0300

me>> - the text in the button is either "I consent to attribute release" or
me>> "I am informed on the attribute release"

Tom> We need to figure out how to implement and deploy these two 
Tom>notions independently since one may be easier than the other.

The problem we found is that who decides and how if attribute release to an SP is necessary or not.
In the eduGAIN data protection good practice profile[1] we ended up to a solution that
1. The SP makes a proposal, by adding an element to its SAML metadata:
   <md:Extensions>
      <mddp:DataProtectionProperties>
         <mddp:LegalGrounds>consent</mddp:LegalGrounds>
      </mddp:DataProtectionProperties>
   </md:Extensions>
2. Based on the element, the IdP decides if it's consent or necessity
3. When the attribute release is taking place, a consent module shows either of the two texts to the user

[1] See my TNC2011 slides for details: https://tnc2011.terena.org/core/presentation/40

Peter>So, Mikael, are you in fact arguing that REFED[Ss] indeed 
Peter>needs to tackle the problem of consent overuse now -- and I 
Peter>thought the problem was that consent was not available widely 
Peter>enough even in those cases where it would be desirable and 
Peter>justified (and legally required)?

We probably often use the word "consent" to actually mean "consent or necessity". Technically, one implementation ("consent module") could cover them both.
If the above solution gets support, the next step would be having it implemented in common SAML IdPs' "consent modules". 

mikael