...
IDENTIFY: Kantara Initiative stakeholder requirements regarding Attribute Management.
GAP ANALYSIS: Attribute Management KI stakeholder requirements compared to work under development (both internal and external to KI)
RECOMMEND: scope of work, potential KI adoption of external works, collaboration with external organizations and/or new WG in KI to perform design phase of Attribute Management based on requirements, discovery and gap analysis.
The goal purpose of this report is to fulfill the goals defined in the charter, setting the stage for the next area of work.
...
Each of these functional process patterns, contains a sub-sets and super-sets of attributes.
...
Efforts in this space:
- SEMIC.EU was a starter project but closed in 2009, now kind of replaced by ISA
...
The local definition of attributes in any given global schema, the interpretation of metadata and trust frameworks, all of this creates a space where it is very difficult to share information that will meet the expectation of relying parties.
...
Efforts in this space:
...
How should attributes be categorized or expressed in different contexts? Is this a question that can be rolled in to the questions around Attribute Semantics? Governance? Schema? It overlaps all of the above.
Efforts in this space:
- none known
Common language - Schema and Metadata
Attribute metadata is another aspect of attribute management regarding the exchange of attributes. What is needed is agreement on what the semantics are for metadata. SAML has some metadata for attributes, but much more will be needed as the growth of interoperability of attributes continues. We will need registries for attribute sets/categorization (i.e. IANA), agreement about the semantics, and mappings between sets of attributes having differing semantics
Efforts in this space:
Higher Education
- the eduPerson schema
- the SCHema for ACademia effort (SCHAC) – Europe
...
With no standard, normative query language, there is no way to ask a broad set of identity providers anything about the entities they are authoritative for. When a service provider needs to ask dozens of identity providers across the globe "Is this person of legal age to use my service?" the attribute space has no answer.
Efforts in this space:
- OpenID Connect
- Could the SAML Attribute Query be profiled to do this?
...
How do you move attributes around?
Efforts in this space:
- SAML
- OAuth
Metadata
Attribute metadata is another aspect of attribute management regarding the exchange of attributes. What is needed is agreement on what the semantics are for metadata. SAML has some metadata for attributes, but much more will be needed as the growth of interoperability of attributes continues. We will need registries for attribute sets/categorization (i.e. IANA), agreement about the semantics, and mappings between sets of attributes having differing semantics
Efforts in this space:
- ???
Trust frameworks
- Attribute Assurance Profiles - ???'' .. e.g. different LoA for attributes based if they are self reported or proofed at a high level
...
The legal definition and implementation around consent is reaching a stable point in the EU. That said, there is still some concern that implementing consent in the federation space is still problematic. Consent needs to be 'designed in' either as in band or as a service but implemented in a standardized way so you get consistent UX.
Efforts in this space:
Governance
...