User consent for consumer identity (@ISSE2010)

1,174 views
1,074 views

Published on

As presented for ISSE 2010, on 7 October 2010 in Berlin.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,174
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

User consent for consumer identity (@ISSE2010)

  1. 1. User consent for consumer identity 7 October 2010, ISSE 2010, Berlin Maarten Wegdam Principal Research @ Novay
  2. 2. Novay? <ul><li>Mission “ to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations ” </li></ul><ul><li>Independent Dutch ICT research institute </li></ul><ul><li>Formerly Telematica Instituut </li></ul><ul><li>Innovation projects for clients </li></ul><ul><li>Networked innovation </li></ul><ul><li>Identity & Trust is focus area, e.g.: </li></ul>
  3. 3. An intro to user consent <ul><li>User centric identity </li></ul><ul><li>Empower user to control his/her identity </li></ul><ul><li>See also: Laws of Identity by Cameron </li></ul><ul><li>Why: legal, ethical and user acceptance </li></ul><ul><li>How: insight and control over data flow </li></ul>
  4. 4. Case: SURFfederation <ul><li>Federate for Dutch higher education and research </li></ul><ul><li>~700k users, ~40 IdPs, ~30 SPs </li></ul><ul><li>Limited sharing of attributes </li></ul><ul><li>Trust framework </li></ul><ul><li>Multi-protocol, including SAML & WS-Federation </li></ul><ul><li>Question: do users want consent, and how? </li></ul>IdP IdP IdP IdP SP SP SP SP hub
  5. 5. State-of-the-art for consent InfoCard (active client)
  6. 6. State-of-the-art for consent OpenID (web-redirect)
  7. 7. User centric SAML? <ul><li>But isn ’t SAML is Identity Provider centric? Well, that depends … </li></ul><ul><li>SAML WebSSO is web-redirect, similar to OpenID: consent can be similar </li></ul><ul><li>Already examples: </li></ul><ul><ul><li>consent module van SimpleSAMLphp (WAYF, Feide) </li></ul></ul><ul><ul><li>uApprove (SWITCH) </li></ul></ul>
  8. 8. A step back A complicated trade-off for consent
  9. 9. Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]
  10. 10. Approach <ul><li>State-of-the-art </li></ul><ul><li>Design web-redirect based consent </li></ul><ul><ul><li>Not SAML/OpenID specific … </li></ul></ul><ul><ul><li>5 guidelines (next slides) </li></ul></ul><ul><ul><li>Based on ‘professional’ literature, academic literature and existing implementations </li></ul></ul><ul><li>User studies! InfoCard vs user-centric SAML </li></ul><ul><li>Pilot </li></ul>
  11. 11. We decided in our case not to provide per-attribute choice, too difficult to understand. Always ask user before exchanging data 0 Consent
  12. 12. We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement Make the information flow clear 1 Informed
  13. 13. We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate
  14. 14. We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate will be longer
  15. 15. Difficult to do with web-browser without becoming too intrusive… <ul><li>Notify when information is exchanged (in right context) </li></ul><ul><ul><li>Even if consent was already provided </li></ul></ul>3 Notification
  16. 16. Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
  17. 17. Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
  18. 18. User study setup <ul><li>Small/qualitative, in depth, using mockups </li></ul><ul><ul><li>Co-discovery, 9 * 2 people, 3 universities, mix students & employees, questionnaire </li></ul></ul><ul><li>Do they want consent, or will they rather leave it to their university? </li></ul><ul><li>If they do: do they prefer InfoCard or user-centric SAML? </li></ul><ul><li>And specific feedback on trade-off in our user-centric SAML </li></ul>
  19. 19. User study outcome <ul><li>Yes , they did want consent </li></ul><ul><li>They prefer user-centric SAML over InfoCard </li></ul>
  20. 20. User study – other points <ul><li>No consensus on desired ‘obtrusiveness’: we decided to skip notification </li></ul><ul><li>They want to know why service providers want their attributes </li></ul><ul><li>They want control over the data after consent: no solution yet … </li></ul>
  21. 21. Current status <ul><li>Exploring user-centric SAML </li></ul><ul><li>Additional user studies to fine-tune user interface </li></ul><ul><li>Started large pilot two weeks ago  </li></ul><ul><li>Based on outcome SURFnet will decide if to roll-out </li></ul>
  22. 22. Closing remarks <ul><li>Providing actual consent is NOT trivial </li></ul><ul><li>Unclear how specific the results are for our case: trust, web-redirect, limited attributes </li></ul><ul><li>Complication (?): role of hub and SURFnet </li></ul><ul><li>Asking people about privacy behavior is tricky: risk of bias towards privacy-paranoids, behavior over longer time, social desirable </li></ul><ul><li>Timed consent: what period? </li></ul>
  23. 23. THANK YOU <ul><li>Acknowledgement: </li></ul><ul><li>SURFnet: Hans Zandbelt, Roland van Rijswijk, Eefje van der Harst, Remco Poortinga-van Wijnen and others </li></ul><ul><li>Novay: Ruud Janssen, Bob Hulsebosch, Dirk-Jan van Dijk and others </li></ul>More information: report: User controlled privacy voor de SURFfederatie (Dutch) report: User controlled privacy voor de SURFfederatie: een gebruikersstudie (Dutch) report: Outcome user controlled privacy pilot, to appear Dec 2010 (English) blog post: http://maarten.wegdam.name/2010/03/11/user-centric-saml/ email: [email_address]

×