Current Industry Efforts

Higher Education & Research

Open Source Identity and Access Management for Higher Education

• (OSIdM4HE) Alliance. Kuali Rice, Internet2 and Jasig are collaborating on defining, releasing and supporting an open source IAM Reference Architecture and Software Suite. The first task was to define gaps in the open source IAM space. A top priority gap is person registries (aka Person Hub, Master Data Management for Person Information). Work is underway to define the way forward. Notable results include a draft person data model.

White papers and discussion

• ??REFEDS Attribute Management Working Group report
  • This work is being done by REFEDS (https://refeds.org/), an international group of research and education federation representatives chartered by TERENA (Trans-European Research and Education Networking Association) to discuss issues involving identity and access management.  This is a work in progress and touches on some very interesting areas of attribute management.
• InCommon Federation
  • Abstract: New methods of managing attributes promise to make federation easier to use and to operate. The key elements are: publishing of attribute requirements, support for user consent, and common attribute policies. Software and services that provide these features are becoming available, but will require InCommon participants to align their policy and technology deployments to actually realize the potential benefits across the federation.
    

Tools

• uApprove
  • A tool for the user that allows them to see and approve sharing of specific attributes to other sites (Shibboleth/SAML tool).
• Trusted Attribute Aggregation Service
  • TAAS acts as a secure service to link multiple IdP/AAs together using persistent identifiers without actually requiring the service that is performing the linking to know anything about the user at all. The TAAS then stores the attribute types that the IdPs return as part of the account. It can then work as a proxy IdP service that authenticates the user at an IdP and retrieves the user attributes that are requested by the SP from multiple AAs.

Standards work

• Simple Cloud Identity Management (SCIM)
• Schema Comparison maps inetOrgPerson, eduPerson, Portable Contacts, SMPL and Saleforce
• See also
  • SAML Change Notify Protocol V 1.0
  • IMS Learning Tool Interoperability person data model

Goverment

Department of Defense Enterprise Directory Services Capability - Contact Attributes Specification

• Version 2.0 July 2009

Department of Defense Identity and Privilege Management Working Group

• Biometrics Collaboration Forum 2011

Department of Commerce NIST "A Report on the Privilege Management Workshop"

• NISTIR 7657 (March 2010)

Industry/Commercial

White papers and discussion

• Personal Levels of Assurance
  • A white paper written by J. Oliver Glasgow of AT&T discussing a different approach for determining transaction-based assurance.
• A WS twist on PKI Backend Attribute Exchange - draft NZ igovt paper  Backend Identity Data Exchange framework 0 2.doc
• ['Tokenization' of attributes - presentation to OASIS Trust Elevation TC by Rakesh Rhadakrishnan (Bank of America)|http://www.oasis-open.org/committees/document.php?document_id=44489&wg_abbrev=trust-el

Tools

• Accumulo Proposal http://wiki.apache.org/incubator/AccumuloProposal

Other

ISOC-sponsored "Mapping the Identity Ecosystem workshop", Amsterdam, December 2011

• Notes from attribute break-out session

ISOC-sponsored "Moving forward with an Internet Attribute Infrastructure", Gaithersburg, March 2012

• Notes to come...