Executive Summary

Brief Introduction to Attributes in an Identity Ecosystem

• need to limit the scope of what attributes we're talking about - is this the correct scope?

Attributes in a Global Context

• EU Data Handling
  
  • EU Code of Conduct
• Gov't of Canada policies

Attributes from an Identity Provider Perspective

• What can an IdP reasonably provide?

Attributes from a Service Provider Perspective

• What can/should a Service Provider ask for?

Attributes from a Relying Party Perspective

• What can a Relying Party expect to see?
• What permissions/consent should be covered?

Topics to definitely include

• attribute Level of Confidence
• attribute life cycle
• self-assertion vs. third-party asserted
• risk management in handling attributes