[DG-AM] Report status and input requested

0 views
Skip to first unread message

Heather Flanagan

unread,
Feb 9, 2012, 3:25:54 PM2/9/12
to dg...@kantarainitiative.org
Hi all -

Thank you for the input this week. I've incorporated what seemed to be immediately relevant to the draft report. There is a section, however, that still needs significant attention:

Protocols
How do you move attributes around? (is there any more to the question of protocols other than the SAML and OAuth work?)

Metadata
???

Trust frameworks
Attribute Assurance Profiles - ???'' .. e.g. different LoA for attributes based if they are self reported or proofed at a high level
(I know a lot more must be said on this one. I will be focusing my attention here since I know I have the documentation around somewhere)

Consent
(Is the work around consent actually a gap in the attribute management space, or does it belong somewhere else?)
???

Context
(I think context has the potential to be very interesting, but may fit in to the Categorization under Semantics and terminology?)
???

Feedback encouraged, welcomed, begged for...

-Heather


_______________________________________________
DG-AM mailing list
DG...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am

Colin Wallis

unread,
Feb 10, 2012, 12:14:10 AM2/10/12
to Heather Flanagan, dg...@kantarainitiative.org
Hi Heather
Great work so far.
I'll have quick stab at this, as much to offer a target for others to shoot at, as anything else :-)
Cheers
colin

-----Original Message-----
From: dg-am-...@kantarainitiative.org [mailto:dg-am-...@kantarainitiative.org] On Behalf Of Heather Flanagan
Sent: Friday, 10 February 2012 9:26 a.m.
To: dg...@kantarainitiative.org
Subject: [DG-AM] Report status and input requested

Hi all -

Thank you for the input this week. I've incorporated what seemed to be immediately relevant to the draft report. There is a section, however, that still needs significant attention:

Protocols
How do you move attributes around? (is there any more to the question of protocols other than the SAML and OAuth work?)

CW: Web Services of course. They either move via the front channel (browser for example), or the back channel (WS* stack) and I guess in some special cases point to point with a secured VPN channel (governments and larger enterprises often have these)

Metadata
???
CW: Another aspect supporting the moving of attributes around. What is needed is agreement on what the semantics are. SAML has some metadata for attributes, but much more will be needed as the growth of interop of attributes continues. We will need registries for attribute sets/categorization (think IANA here), and agreement about the semantics and if not at least mappings between sets of attributes having differing semantics

Trust frameworks
Attribute Assurance Profiles - ???'' .. e.g. different LoA for attributes based if they are self reported or proofed at a high level

(I know a lot more must be said on this one. I will be focusing my attention here since I know I have the documentation around somewhere).

CW: Yes, and the LoA will be a meta data item as well of course

Consent
(Is the work around consent actually a gap in the attribute management space, or does it belong somewhere else?)
???

CW: It's a gap in the federation space in my view. Consent needs to be 'designed in' either as in band or as a service but implemented in a standardized way so you get consistent UX. In the last days of Liberty, the TEG (a test to see how many remember the acronym) were going to build one for the ID-WSF.

Context
(I think context has the potential to be very interesting, but may fit in to the Categorization under Semantics and terminology?)
???

CW: Exactly

Feedback encouraged, welcomed, begged for...

-Heather


_______________________________________________
DG-AM mailing list
DG...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am

====
CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====

Heather Flanagan

unread,
Feb 10, 2012, 11:29:30 AM2/10/12
to Colin Wallis, dg...@kantarainitiative.org

Thank you for the input, Colin! I've added a bunch of it to the wiki, but have a few questions regarding some of your points below.

>
> Protocols
> How do you move attributes around? (is there any more to the
> question of protocols other than the SAML and OAuth work?)
> CW: Web Services of course. They either move via the front channel
> (browser for example), or the back channel (WS* stack) and I guess
> in some special cases point to point with a secured VPN channel
> (governments and larger enterprises often have these)

So does this mean we need a new protocol or set of protocols for attribute management? Is there a technology problem we are trying to solve that should be mentioned as a gap?

>
> Metadata
> ???
> CW: Another aspect supporting the moving of attributes around. What
> is needed is agreement on what the semantics are. SAML has some
> metadata for attributes, but much more will be needed as the growth
> of interop of attributes continues. We will need registries for
> attribute sets/categorization (think IANA here), and agreement about
> the semantics and if not at least mappings between sets of
> attributes having differing semantics
>

Is getting an agreed-upon set/description of metadata just an extension of the schema problem?

> Trust frameworks
> Attribute Assurance Profiles - ???'' .. e.g. different LoA for
> attributes based if they are self reported or proofed at a high
> level
> (I know a lot more must be said on this one. I will be focusing my
> attention here since I know I have the documentation around
> somewhere).
>
> CW: Yes, and the LoA will be a meta data item as well of course

Mmmm, gotta love me some LoA. ;-)

>
> Consent
> (Is the work around consent actually a gap in the attribute
> management space, or does it belong somewhere else?)
> ???
> CW: It's a gap in the federation space in my view. Consent needs to
> be 'designed in' either as in band or as a service but implemented
> in a standardized way so you get consistent UX. In the last days of
> Liberty, the TEG (a test to see how many remember the acronym) were
> going to build one for the ID-WSF.

Do you (or does anyone else) know of consent work going on outside of the EU Data Privacy directive?

>
> Context
> (I think context has the potential to be very interesting, but may
> fit in to the Categorization under Semantics and terminology?)
> ???
> CW: Exactly

Thanks!

Colin Wallis

unread,
Feb 13, 2012, 12:30:32 AM2/13/12
to Heather Flanagan, dg...@kantarainitiative.org
Hi Heather
Thanks!
In line..
Cheers
Colin

-----Original Message-----
From: dg-am-...@kantarainitiative.org [mailto:dg-am-...@kantarainitiative.org] On Behalf Of Heather Flanagan

Sent: Saturday, 11 February 2012 5:30 a.m.
To: Colin Wallis
Cc: dg...@kantarainitiative.org
Subject: Re: [DG-AM] Report status and input requested


Thank you for the input, Colin! I've added a bunch of it to the wiki, but have a few questions regarding some of your points below.

>
> Protocols
> How do you move attributes around? (is there any more to the
> question of protocols other than the SAML and OAuth work?)
> CW: Web Services of course. They either move via the front channel
> (browser for example), or the back channel (WS* stack) and I guess
> in some special cases point to point with a secured VPN channel
> (governments and larger enterprises often have these)

So does this mean we need a new protocol or set of protocols for attribute management? Is there a technology problem we are trying to solve that should be mentioned as a gap?

Colin: OASIS Web Services over SOAP is a set of specifications/protocols that should be included, but no new protocols needed

>
> Metadata
> ???
> CW: Another aspect supporting the moving of attributes around. What
> is needed is agreement on what the semantics are. SAML has some
> metadata for attributes, but much more will be needed as the growth
> of interop of attributes continues. We will need registries for
> attribute sets/categorization (think IANA here), and agreement about
> the semantics and if not at least mappings between sets of
> attributes having differing semantics
>

Is getting an agreed-upon set/description of metadata just an extension of the schema problem?

Colin: Yes, at a coarse grained level...yes..

> Trust frameworks
> Attribute Assurance Profiles - ???'' .. e.g. different LoA for
> attributes based if they are self reported or proofed at a high
> level
> (I know a lot more must be said on this one. I will be focusing my
> attention here since I know I have the documentation around
> somewhere).
>
> CW: Yes, and the LoA will be a meta data item as well of course

Mmmm, gotta love me some LoA. ;-)

Colin: Indeed .. +1 :-)

>
> Consent
> (Is the work around consent actually a gap in the attribute
> management space, or does it belong somewhere else?)
> ???
> CW: It's a gap in the federation space in my view. Consent needs to
> be 'designed in' either as in band or as a service but implemented
> in a standardized way so you get consistent UX. In the last days of
> Liberty, the TEG (a test to see how many remember the acronym) were
> going to build one for the ID-WSF.

Do you (or does anyone else) know of consent work going on outside of the EU Data Privacy directive?

Colin: EduGain in Denmark I think...quickly check with David Simonsen?

>
> Context
> (I think context has the potential to be very interesting, but may
> fit in to the Categorization under Semantics and terminology?)
> ???
> CW: Exactly

Thanks!
-Heather
_______________________________________________
DG-AM mailing list
DG...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am

====
CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====

Salvatore D'Agostino

unread,
Feb 13, 2012, 12:21:59 PM2/13/12
to Colin Wallis, Heather Flanagan, dg...@kantarainitiative.org
Hi folks,

In line.

Regards,
Sal

Salvatore D'Agostino

unread,
Feb 13, 2012, 12:35:21 PM2/13/12
to Colin Wallis, Heather Flanagan, dg...@kantarainitiative.org
Misfire, taking comments to wiki, apologies for the spam.

-----Original Message-----
From: dg-am-...@kantarainitiative.org
[mailto:dg-am-...@kantarainitiative.org] On Behalf Of Colin Wallis
Sent: Monday, February 13, 2012 12:31 AM
To: 'Heather Flanagan'
Reply all
Reply to author
Forward
0 new messages