| Table of Contents |
|---|
Abstract
The goal of the Attribute Management Discussion Group is to determine what Attribute Management means to Kantara Initiative (KI) stakeholders, what areas need further discussion or development, and to make recommendations regarding where and how the Kantara Initiative should contribute to efforts in this space.
...
The purpose of this report is to provide a high-level look at the current state of the Attribute Management space and make recommendations on where further work would provide the most value to KI stakeholders.
Introduction
Note: the full charter of the Discussion Group is available online
...
| Anchor | ||||
|---|---|---|---|---|
|
Gap Analysis
During the work conducted by the Discussion Group it identified areas that it believed had no cohesive, supporting effort behind them. Analysis of these areas identified the following gaps in the Attribute Management space:
...
The following elaborates each of these gaps including the work, if any, that Discussion Group members were aware was happening in the area.
Gap #1: Terminology in the attribute space
| Info | ||
|---|---|---|
| ||
Information bound to a subject identity that specifies a characteristic of the subject. – Derived from the ITU-T X.1252 definition of "attribute" |
...
The repository of information put together by the Attribute Management Discussion group is a start to closing the gap around the definitions required of the different components of the attribute ecosystem. Investigating the creation of a more granular document should be a fundamental requirement to further work being done by Kantara. The general consensus is that it is better to take the time to find where work is going on than to duplicate effort. The monitoring and coordination of efforts across the attribute management space is a general theme among the gaps and recommendations.
Efforts in this space:
- Kantara Initiative Attribute Management Discussion Group – Industry Efforts wiki page: http://kantarainitiative.org/confluence/display/AMDG/Current+Industry+Efforts
- Internet Society Trust & Identity group, Mapping the Identity Ecosystem and Moving Forward with an Internet Attribute Infrastructure workshops (reports not yet public)
Gap #2: Identifying common core business activity (and matching process) sets
Discussions around attribute management extend into specific industry and activity classifications. More work is needed, however, to understand if it is possible to describe across industry a core set of activity and processes that drive services, and develop a classification system for the these. For interoperability, we need an agreed upon taxonomy, syntax, grammar and semantics for these process patterns just as much as we need agreement on the attributes that are managed down in these processes.
...
| Info | ||
|---|---|---|
| ||
An organization or individual that is trusted to be an authority on the identity related attributes or roles associated with users and subjects of services. -- taken from the Government of British Columbia Identity Information Reference Model |
Efforts in this space:
- SEMIC.EU was a starter project but closed in 2009, now partly replaced by ISA
- Federating Identity Management in the Government of Canada: A Backgrounder
- North American Security Products Organization (NASPO) http://www.naspo.info/PDFiles/IDPV_PBP_WorkProgressReport.pdf
Gap #3: Normalization and categorization of identity attributes
A broad, common, accepted list of attributes and associated definitions is currently not achievable in its entirety. The goal, however, of publishing lists and meanings to a public directory should be possible. Local profiles could be published to a central URN/URL repository so other parties and metadata interoperating with an attribute provider can get the applicable 'set'.
...
Local definitions of attributes in any given schema along with the related metadata and trust frameworks creates a situation where it is very difficult to efficiently share (or trust) information. This gap needs to be addressed in a context that can meet the expectation of relying parties working across identity and attribute providers.
Efforts in this space:
- InCommon Federation site regarding the Categorization of attributes
- The Finnish attribute profile (in Finnish but English option available of the portal front page): http://www.suomi.fi/suomifi/tyohuone/yhteiset_palvelut/verkkotunnistaminen_ja_-maksaminen_vetuma/tekninen_rajapinta/finnish_attribute_profile/FinnishAttributeProfile20110221.pdf
- UK government data standards http://interim.cabinetoffice.gov.uk/govtalk/schemasstandards/e-gif/datastandards.aspx
- An emerging effort is the ISOC initiative 'Moving forward with an Internet Attribute Infrastructure', that spawned from the main gap identified in the 2011 workshop 'Mapping the Identity Ecosystem' ( http://tid.isoc.org/trac/ideco) ;
Gap #4: Identifying and defining contexts
Perhaps a subset of semantics and terminology, the question of context is significant in its own right. From an electronic identity perspective, what information is expressed about an individual will often vary according to the context in which it is requested or presented. An identity is expressed differently with different attributes under different contexts.
...
How should identity attributes be categorized or expressed in different contexts? Are these different identity attributes or sub-attributes? Is this a question that can be rolled in to the questions around attribute semantics, governance, schema? It overlaps all of the these.
Efforts in this space:
- The Government of British Columbia evidence of identity
- New Zealand Evidence of Identity Standard and additional guidance
Gap #5: Agreeing to a common language - Schema and Metadata
Attribute metadata is an aspect of attribute management concerning the exchange of attributes. What is needed is agreement on what the semantics are for metadata. For example, SAML has some metadata for attributes, but much more will be needed as the growth of interoperability of attributes continues. We will need registries for attribute sets/categorization (i.e. IANA), agreement about the semantics, and mappings between sets of attributes having differing semantics
Efforts in this space:
Higher Education
- the eduPerson schema
- the SCHema for ACademia effort (SCHAC) – Europe
...
See also others in Repository [Current Industry Efforts|]
Gap #6: Interoperability between protocols
The protocol space around attributes is comparatively stable. Protocols such as SAML and OAuth (and related OpenID Connect and User Managed Access (UMA) are in use and fairly well understood even if they are still evolving. PKI certificates and web services also have strong community support and understanding. What is missing, however, is better guidance on how exactly to use those protocols to carry attributes and their associated metadata in an interoperable (and secure) fashion. In particular, how to use these protocols in the mobile device context is at issue. A means is needed to ask a broad set of identity providers about the wide range of attributes for which they are authoritative or trusted. When a service provider needs to ask dozens of identity providers across the globe "Is this person of legal age to use my service?" the attribute space has no easy path to accomplish this.
Efforts in this space:
- SAML
- SAML Attribute Query
- OAuth
- PKI certificates
- OASIS Web Services over SOAP
- OpenID Connect
- SCIM
- United States Federal Identity Credentialing and Access Managment (FICAM) profiles
Gap #7: Trust frameworks
With regard to attribute management and governance in trust frameworks, substantial work has gone into identity confidence/assurance. Different levels of confidence/assurance and associated certifications are described by different accreditation and standards organizations. Auditors have been trained and are at work across these organizations but these do not fully address the accreditation needs around attribute management. That said, finding a trust framework that extends down to a widely useful set of attributes is still a work in progress. An individual can have a mix of self-asserted, derived and proofed attributes describing them, and a consumer of those attributes should be able to choose which attribute to use, depending on the context of the activity or transaction and have knowledge about how the attribute was established. The question of how a cohesive Trust Framework handles confidence at the federated attribute level (perhaps outside of higher education) is still an open question. This gap and open question is a missing and a critical component of attribute management in practice. This attribute management gap is multiplied in the inter-federation context. Trust framework governance becomes a critical dependency for attribute management and is a challenge today across identity and attribute providers.
The notion of levels of assurance applying to attributes has been recently challenged (see http://blog.idmanagement.gov/2012/03/to-loa-or-not-to-loa-for-attributes-not.html ) and as a result the DG has also adopted the use of the term level of confidence. Since the measure of confidence/level of confidence one can have in an attribute (and how that is determined) is likely to be different than the manner in which Level of Assurance is derived from the context of OMB M-04-04 and NIST SP-800-63-1. Work needs to be done to resolve any further confusion or misunderstanding through defining the components that constitute this 'LoC'. There also exists the need to compare and contrast this with the context of identity proofing and credential strength that is currently applied to the 'LoA' of identity.
Efforts in this space:
- OIX Attribute Working Group
- Kantara's Business Cases for Trust Frameworks: http://kantarainitiative.org/confluence/display/bctf/Home
- ProtectNetwork: www.protectnetwork.org
- United States Federal Government Backend Attribute Exchange
Gap #8: Defining and implementing consent
The legal definition and implementation around consent is reaching a stable point in the EU. That said, there is still some concern that implementing consent in the federation space is problematic. Consent management will undoubtedly involve consent-related attributes and attribute sets in the consent process. Consent needs to be 'designed in' either as in band or as a service but implemented in a standardized way so you get consistent user experience. Consent is also important when examining the use of attributes.
Efforts in this space:
- EU Data Protection
- ABC4Trust: https://abc4trust.eu/
- Kantara Initiative P3WG Privacy Assessment Criteria
- Kantara User Managed Access (UMA) Working Group
Gap #9: Governance around use of attributes
A driver for the exploration of attribute management is the growing economy behind the mining and exchange of attribute information. We see here the intersection of financial reward and privacy regulation; situations such as this generally see the creation of some kind of governance model. That governance may be formal regulation, accepted industry standards groups, or some other model. Different sectors of society and industry are looking at what governance is necessary in the world of Internet Identity and the attribute economy. Each group, however, has a fairly narrow view of how governance is required in their particular sector. The definition of governance needs to identify the extent to which consent is required.
Efforts in this space:
- Federal PKI and PKI Bridge Certification Authority: http://www.idmanagement.gov/
- APEC Privacy Framework, in particular the Cross Border Privacy enforcement Arrangement: www.apec.org/Groups/Committee-on-Trade-andInvestment/Electronic-Commerce-Steering-Group/Cross-border-Privacy-Enforcement-Arrangement.aspx
- An emerging effort is the ISOC initiative 'Moving forward with an Internet Attribute Infrastructure', that spawned from the main gap identified in the 2011 workshop 'Mapping the Identity Ecosystem' ( http://tid.isoc.org/trac/ideco )
- Open Identity Exchange
- NSTIC (potentially)
Recommendations
Recommendation #1: Defining Contexts
In response to Gap #3, 4, 5, and 6
...
- Recommendation: Create a Kantara Discussion Group (or subgroup of a Working Group) to describe what contexts might be and how they might be used, characterizing them and registering/exposing them.
Recommendation #2: Clarifying the use of attributes
In response to Gaps #2, 8, 9
...
- Recommendation: Creation of a Kantara Attribute Management Working Group or continuation of the existing Discussion Group (but rechartered) to work across industry organizations and sectors. Work to establish a means of expressing relying party needs with respect to a level of confidence in an identity attribute, or a set of identity attributes.
Recommendation #3: Definitions and general coordination
In response to Gap #1
A more detailed review of working groups, standards efforts, and general understanding of terms is required. The ideal document would be