Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Introduction

Attribute Management is a hot topic in the Internet world today. The goal of the Attribute Management discussion group is to determine what Attribute Management actually means to the players in this space, what areas need further discussion or development, and to make recommendations for further work. The charter states:

IDENTIFY: Kantara Initiative stakeholder requirements regarding Attribute Management.
GAP ANALYSIS: Attribute Management KI stakeholder requirements compared to work under development (both internal and external to KI)
RECOMMEND: scope of work, potential KI adoption of external works, collaboration with external organizations and/or new WG in KI to perform design phase of Attribute Management based on requirements, discovery and gap analysis.

The goal of this report is to fulfill the goals defined in the charter, setting the stage for the next area of work.

Requirements

http://kantarainitiative.org/confluence/display/AMDG/Attribute+Requirements

1. There must be a base set of attributes and associated definitions and representations available to all interested and involved parties.
2. There must be a catalog of vertical specific attribute set (i.e. extensions).
3. There must be a list of authoritative sources for attribute sets.
3. Individuals and service providers must have the ability to protect and share these attributes.
4. There must be coordination among the groups creating and using these attributes.
5. A framework to address privacy, trust and level of assurance of attributes is necessary.
6. There must be a process to allow for ongoing evaluation of where the attribute ecosystem stands (i.e. governance)

Gap Analysis

The attribute space - Areas of interest, summary of efforts, categorization of gaps

Definition - attribute: Information bound to an entity that specifies a characteristic of the entity. – ITU-T X.1252


Common core business activity (and matching process) sets


Common Semantics and terminology

A common, accepted list of attributes and associated definitions is currently not achievable in its entirety. The goal, however, of publishing code lists and meanings to a public directory should be possible. There is a need for local profiles to be published to a central URN/URL namespace repository so other parties/metadata interoperating with the attribute provider can get the applicable 'set'.

Consider a common 'attributes of an attribute' - the properties of an attribute (e.g unique, authoritative or self reported, time since verified, last time changed, last time accessed, last time consented) that would be released and provide an audit trail.

The local definition of attributes (isn't this semantics not schema?) in any given global schema, the interpretation of metadata and trust frameworks, all of this creates a space where it is very difficult to share information that will meet the expectation of relying parties.

Common language - Schema

Efforts in this space:

Higher Education

Commercial

  • ???

Government

  • ???

Query Language

With no standard, normative query language, there is no way to ask a broad set of identity providers anything about the entities they are authoritative for. When a service provider needs to ask dozens of identity providers across the globe "Is this person of legal age to use my service?" the attribute space has no answer.

Efforts in this space:

  • OpenID Connect
  • Could the SAML Attribute Query be profiled to do this?

Protocols

How do you move attributes around?

Efforts in this space:

  • SAML
  • OAuth

Metadata

  • ???

Trust frameworks

  • Attribute Assurance Profiles - ???'' .. e.g. different LoA for attributes based if they are self reported or proofed at a high level
  • ???

Context

  • ???

Recommendations

  • Where is more effort/discussion required?
    • Context
    • Query Language
  • No labels