• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The user perspective on consent for identity federations (TNC 2011)
 

The user perspective on consent for identity federations (TNC 2011)

on

  • 449 views

As presented at the Terena Networking Conference 2011, 16 May 2011, in Prague. See https://tnc2011.terena.org/core/presentation/71.

As presented at the Terena Networking Conference 2011, 16 May 2011, in Prague. See https://tnc2011.terena.org/core/presentation/71.

Statistics

Views

Total Views
449
Views on SlideShare
448
Embed Views
1

Actions

Likes
1
Downloads
5
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    The user perspective on consent for identity federations (TNC 2011) The user perspective on consent for identity federations (TNC 2011) Presentation Transcript

    • The user perspective on consentfor identity federationsTerena Networking Conference 2011, 16 May 2011Maarten Wegdam, Eefje van der Harst, Ruud Janssen Acknowledgement: SURFnet: Hans Zandbelt, Roland van Rijswijk, Remco Poortinga-van Wijnen and others Novay: Bob Hulsebosch, Dirk-Jan van Dijk and others
    • Novay? • Mission “to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations” • Independent ICT research institute • Formerly called Telematica Instituut • Innovation projects for customers • Networked innovation2
    • What to expect? Large-scale user study on consent for an identity federation • Goal • Design choices & prototype • Pilot & survey outcome3
    • Intro to user consent • (Old ?) trend: user centric identity • Empower user to control his/her identity • See also: Laws of Identity by Cameron • Why: legal, ethical and user acceptance • How: insight and control over the exchange data4
    • SURFfederatie • NL Federation for higher education and research • ~700k users, >60 IdPs, ~30 SPs • Limited sharing of attributes • Trust framework • Multi-protocol, including SAML & WS-Federation IdP SP hub IdP SP IdP SP5 IdP SP
    • Research question: do users want consent, and if so, how?6
    • A complicated trade-off Under- standable7
    • Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]8
    • Research approach • State-of-the-art • Design web-redirect based consent • Not SAML/OpenID protocol specific … • 5 guidelines • Based on professional literature, academic literature and existing implementations • 2 roundes of small-scale user studies • A large pilot with two rounds of surveys9
    • Set-up user studies • Small/qualitative, in depth • First study: mockups • Co-discovery, 9 * 2 users, 3 institutes, mix students & employees, list of questions • Do they want consent, or do they prefer their institute to control this? • And: feedback on the trade-offs in our mockup • Second round: with prototype • Focus on trade-off • Mockups of different design choices10
    • Example screenshot11
    • Outcome user studies Yes: SURFfederatie users want consent How to make the trade-offs: see next slides …12
    • 0 Consent Always ask user before exchanging data We decided in our case not to provide per-attribute choice, too difficult to understand.13
    • 1 Informed Make the information flow clear We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement14
    • 2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget…15
    • 2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget… will be longer16
    • 3 Notification Notify when information is exchanged (in right context) Even if consent was already provided Difficult to do with web-browser without becoming too intrusive17
    • 4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log18
    • 4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log.19
    • User study – other points • Why do service providers need my attributes? Specific answers are very difficult ... • What happens after my consent with my data? No real solution for this (yet?)… • What is SURFnet doing here? Web-interface runs on SURFnet hub, which now becomes visible… We explained this carefully20
    • Pilot & survey • Three universities (TUD, RuG, Univ Leiden) • Three service providers (Legal Intelligence, Prof, SURFdiensten) • Dutch and English • 1043 participants (18%), 507 did the survey • Ran for 2 months21
    • Main conclusion 122
    • Main conclusion 2 The new option is a good add-on to the SURFfederatie (1=absolutely; 5=not at all)45%40% 42%35%30% 28%25%20% 20%15%10% 8%5% 2%0% 23 1 2 3 4 5
    • Check on bias towards privacy fundementalists: representative24
    • Timed consent • 87% of users wants this! • No clear preference how long …25
    • Conclusions • Users want consent • Current prototype is good way to provide this • Open issues • Do the other stakeholders want this? • For all institutes, and can each one choose? • On the hub or at the institutes? • SURFnet decided to deploy this (summer 2011)26
    • Questions? More information: User controlled privacy for the SURFfederatie: the user perspective report, Jan 2011, to appear on www.surfnet.nl, or send me an email for pre-final version Report extended summary http://maartenwegdam.files.wordpress.com/2011/04/20110125-gp3-ucp-2010-ext-summary.pdf (or as “extra file” on TNC2011 site) Blog post http://maarten.wegdam.name/2011/04/03/user-study-outcome-users-do-want-consent-for- federated-login/ Email maarten.wegdam@novay.nl27
    • backup28
    • Consent on hub or with institute IdP SP IdP hub SP consent IdP SP IdP SP consent IdP hub SP consent IdP SP consent29
    • Consent on hub or with institute? Hub Institute + one-time deploy + ‘logical’ place + analog to current - Some of the identity attribute filtering software will not support this, custom changes - hub becomes ‘fatter’ needed - hub becomes visible30
    • 31