AMDG Current Industry Efforts

Higher Education & Research

Open Source Identity and Access Management for Higher Education

  • (OSIdM4HE) Alliance. Kuali Rice, Internet2 and Jasig are collaborating on defining, releasing and supporting an open source IAM Reference Architecture and Software Suite. The first task was to define gaps in the open source IAM space. A top priority gap is person registries (aka Person Hub, Master Data Management for Person Information). Work is underway to define the way forward. Notable results include a draft person data model.

White papers and discussion

  • REFEDS Attribute Management Working Group report
    • This work is being done by REFEDS (https://refeds.org/), an international group of research and education federation representatives chartered by TERENA (Trans-European Research and Education Networking Association) to discuss issues involving identity and access management.  This is a work in progress and touches on some very interesting areas of attribute management.
  • InCommon Federation
    • Abstract: New methods of managing attributes promise to make federation easier to use and to operate. The key elements are: publishing of attribute requirements, support for user consent, and common attribute policies. Software and services that provide these features are becoming available, but will require InCommon participants to align their policy and technology deployments to actually realize the potential benefits across the federation.

Tools

  • uApprove
    • A tool for the user that allows them to see and approve sharing of specific attributes to other sites (Shibboleth/SAML tool).
  • Trusted Attribute Aggregation Service
    • TAAS acts as a secure service to link multiple IdP/AAs together using persistent identifiers without actually requiring the service that is performing the linking to know anything about the user at all. The TAAS then stores the attribute types that the IdPs return as part of the account. It can then work as a proxy IdP service that authenticates the user at an IdP and retrieves the user attributes that are requested by the SP from multiple AAs.

Standards work


Government

Department for Work and Pensions  - United Kingdom

Department of Defense - USA - Enterprise Directory Services Capability - Contact Attributes Specification

Department of Defense Identity and Privilege Management Working Group

Department of Commerce NIST "A Report on the Privilege Management Workshop"

NIEM and NIEF from GFIPM (Global Federated Identity and Priviledge Management)

MITRE Cyber Observable Expression (CybOX)

Industry/Commercial

White papers and discussion

 

Tools


Other

ISOC-sponsored "Mapping the Identity Ecosystem workshop", Amsterdam, December 2011

IIW Attribute Management Discussion, Washington, DC 2012

  • Distinction between core identity attributes (name, date of birth, biometrics) and acquired attributes
    • Often breaks down along the lines of authentication (core identity or identifier) and authorization (acquired over time)
    • Base attributes, dynamic attributes and particular use case extension are another set of distinctions
  • Another line of distinction around identity and attributes is between the proofing process and the token activation and the attributes of each
  • Differences in attribute control (lifecycle management) vs. attribute brokering (exchange)
  • What is trust elevation?
    • Check with OASIS committee to see how this evolves.
    • Also track the OIX Attribute Exchange work (OIX AX)
  • Can attributes be normalized and characterized by Object Identifiers (OIDs)?
  • Definitions still can be a challenge
    • Authoritative vs. Trusted Attributes
    • Level of Assurance or Level of Confidence
  • How do attributes relate to scopes
    • OpenID Connect provides one take

ISOC-sponsored "Moving forward with an Internet Attribute Infrastructure", Gaithersburg, March 2012

Discussion and summary of Attribute Workshop.  Goals were to knowledge share across multi-focus and multi-context communities.  Attendees included representatives from Research and Education, State, Local and Tribal Governments, Enterprise, Standards Setting and Fostering Organizations, International Federal Governments. Organizations and attendees shared overviews of their work in the Attribute space. One high-level next step is the creation of a requirements document for the creation and resourcing of an Attribute Registry. 

Discussion: What are next steps? The Attribute Registry Requirements document will likely be socialized with in the workshop stakeholder group and likely further externally as it develops.  A follow on meeting may be planned but is not yet confirmed.