Subject Re: draft charge, refeds working group on attribute release
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Tue, 05 Jul 2011 19:01:09 +0100

Attribute release is not a one dimensional problem. It is multi-faceted,
which requires all of the following components at least to be in place

- user consent
- trust by the SP that the released attributes are genuine
- trust by the IDP that the SP will only use the attributes for the stated purpose

So everything we have been discussing is related to attribute release



On 05/07/2011 14:45, Rhys Smith wrote:
On 5 Jul 2011, at 08:58, RL 'Bob' Morgan wrote:

But none of this has anything to do with attribute release.

And another +1.

We could be at the stage where we can all support LOA4 for all of our
users. And we're still not going to release personally identifiable
information because we're all afraid of being sued / being fined /
being on the front page of the Daily Mail. Whatever the detail,
that's what it comes down to within institutions and their very
risk-averse corporate governance crowd.

R. --

Dr Rhys Smith                                   e: smith@xxxxxxxxxxxxx
Engineering Consultant: Identity&  Access Management
(GPG:0xDE2F024C) Information Services, Cardiff University,
t: +44 (0) 29 2087 0126 39-41 Park Place, Cardiff,
f: +44 (0) 29 2087 4285 CF10 3BB, United Kingdom.
m: +44 (0) 7968 087 821


David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page:
Research Web site:
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5