The user perspective on consent for identity federations (TNC 2011)


Published on

As presented at the Terena Networking Conference 2011, 16 May 2011, in Prague. See

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The user perspective on consent for identity federations (TNC 2011)

  1. 1. The user perspective on consentfor identity federationsTerena Networking Conference 2011, 16 May 2011Maarten Wegdam, Eefje van der Harst, Ruud Janssen Acknowledgement: SURFnet: Hans Zandbelt, Roland van Rijswijk, Remco Poortinga-van Wijnen and others Novay: Bob Hulsebosch, Dirk-Jan van Dijk and others
  2. 2. Novay? • Mission “to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations” • Independent ICT research institute • Formerly called Telematica Instituut • Innovation projects for customers • Networked innovation2
  3. 3. What to expect? Large-scale user study on consent for an identity federation • Goal • Design choices & prototype • Pilot & survey outcome3
  4. 4. Intro to user consent • (Old ?) trend: user centric identity • Empower user to control his/her identity • See also: Laws of Identity by Cameron • Why: legal, ethical and user acceptance • How: insight and control over the exchange data4
  5. 5. SURFfederatie • NL Federation for higher education and research • ~700k users, >60 IdPs, ~30 SPs • Limited sharing of attributes • Trust framework • Multi-protocol, including SAML & WS-Federation IdP SP hub IdP SP IdP SP5 IdP SP
  6. 6. Research question: do users want consent, and if so, how?6
  7. 7. A complicated trade-off Under- standable7
  8. 8. Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]8
  9. 9. Research approach • State-of-the-art • Design web-redirect based consent • Not SAML/OpenID protocol specific … • 5 guidelines • Based on professional literature, academic literature and existing implementations • 2 roundes of small-scale user studies • A large pilot with two rounds of surveys9
  10. 10. Set-up user studies • Small/qualitative, in depth • First study: mockups • Co-discovery, 9 * 2 users, 3 institutes, mix students & employees, list of questions • Do they want consent, or do they prefer their institute to control this? • And: feedback on the trade-offs in our mockup • Second round: with prototype • Focus on trade-off • Mockups of different design choices10
  11. 11. Example screenshot11
  12. 12. Outcome user studies Yes: SURFfederatie users want consent How to make the trade-offs: see next slides …12
  13. 13. 0 Consent Always ask user before exchanging data We decided in our case not to provide per-attribute choice, too difficult to understand.13
  14. 14. 1 Informed Make the information flow clear We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement14
  15. 15. 2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget…15
  16. 16. 2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget… will be longer16
  17. 17. 3 Notification Notify when information is exchanged (in right context) Even if consent was already provided Difficult to do with web-browser without becoming too intrusive17
  18. 18. 4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log18
  19. 19. 4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log.19
  20. 20. User study – other points • Why do service providers need my attributes? Specific answers are very difficult ... • What happens after my consent with my data? No real solution for this (yet?)… • What is SURFnet doing here? Web-interface runs on SURFnet hub, which now becomes visible… We explained this carefully20
  21. 21. Pilot & survey • Three universities (TUD, RuG, Univ Leiden) • Three service providers (Legal Intelligence, Prof, SURFdiensten) • Dutch and English • 1043 participants (18%), 507 did the survey • Ran for 2 months21
  22. 22. Main conclusion 122
  23. 23. Main conclusion 2 The new option is a good add-on to the SURFfederatie (1=absolutely; 5=not at all)45%40% 42%35%30% 28%25%20% 20%15%10% 8%5% 2%0% 23 1 2 3 4 5
  24. 24. Check on bias towards privacy fundementalists: representative24
  25. 25. Timed consent • 87% of users wants this! • No clear preference how long …25
  26. 26. Conclusions • Users want consent • Current prototype is good way to provide this • Open issues • Do the other stakeholders want this? • For all institutes, and can each one choose? • On the hub or at the institutes? • SURFnet decided to deploy this (summer 2011)26
  27. 27. Questions? More information: User controlled privacy for the SURFfederatie: the user perspective report, Jan 2011, to appear on, or send me an email for pre-final version Report extended summary (or as “extra file” on TNC2011 site) Blog post federated-login/ Email maarten.wegdam@novay.nl27
  28. 28. backup28
  29. 29. Consent on hub or with institute IdP SP IdP hub SP consent IdP SP IdP SP consent IdP hub SP consent IdP SP consent29
  30. 30. Consent on hub or with institute? Hub Institute + one-time deploy + ‘logical’ place + analog to current - Some of the identity attribute filtering software will not support this, custom changes - hub becomes ‘fatter’ needed - hub becomes visible30
  31. 31. 31