Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
User consent for consumer identity 7 October 2010, ISSE 2010, Berlin Maarten Wegdam Principal Research @ Novay
Novay? <ul><li>Mission  “ to create breakthroughs in the way we work, live, and entertain ourselves, by creating and apply...
An intro to user consent  <ul><li>User centric identity </li></ul><ul><li>Empower user to control his/her identity </li></...
Case: SURFfederation <ul><li>Federate for Dutch higher education and research </li></ul><ul><li>~700k users, ~40 IdPs, ~30...
State-of-the-art for consent InfoCard (active client)
State-of-the-art for consent OpenID (web-redirect)
User centric SAML? <ul><li>But isn ’t  SAML is Identity Provider centric?  Well, that depends … </li></ul><ul><li>SAML Web...
A step back A complicated trade-off for consent
Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor.  ISRI technical report, decembe...
Approach <ul><li>State-of-the-art </li></ul><ul><li>Design web-redirect based consent </li></ul><ul><ul><li>Not SAML/OpenI...
We decided in our case not to provide per-attribute choice, too difficult to understand. Always ask user before exchanging...
We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement Make the in...
We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate
We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate will be ...
Difficult to do with web-browser without becoming too intrusive…  <ul><li>Notify when information is exchanged (in right c...
Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents ...
Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents ...
User study setup <ul><li>Small/qualitative, in depth, using mockups </li></ul><ul><ul><li>Co-discovery, 9 * 2 people, 3 un...
User study outcome <ul><li>Yes , they did want consent </li></ul><ul><li>They prefer user-centric SAML over InfoCard </li>...
User study – other points <ul><li>No consensus on desired ‘obtrusiveness’: we decided to skip notification </li></ul><ul><...
Current status <ul><li>Exploring user-centric SAML </li></ul><ul><li>Additional user studies to fine-tune user interface <...
Closing remarks <ul><li>Providing actual consent is NOT trivial </li></ul><ul><li>Unclear how specific the results are for...
THANK YOU <ul><li>Acknowledgement: </li></ul><ul><li>SURFnet: Hans Zandbelt, Roland van Rijswijk, Eefje van der Harst, Rem...
Upcoming SlideShare
Loading in …5
×

User consent for consumer identity (@ISSE2010)

1,343 views

Published on

As presented for ISSE 2010, on 7 October 2010 in Berlin.

  • Be the first to comment

  • Be the first to like this

User consent for consumer identity (@ISSE2010)

  1. 1. User consent for consumer identity 7 October 2010, ISSE 2010, Berlin Maarten Wegdam Principal Research @ Novay
  2. 2. Novay? <ul><li>Mission “ to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations ” </li></ul><ul><li>Independent Dutch ICT research institute </li></ul><ul><li>Formerly Telematica Instituut </li></ul><ul><li>Innovation projects for clients </li></ul><ul><li>Networked innovation </li></ul><ul><li>Identity & Trust is focus area, e.g.: </li></ul>
  3. 3. An intro to user consent <ul><li>User centric identity </li></ul><ul><li>Empower user to control his/her identity </li></ul><ul><li>See also: Laws of Identity by Cameron </li></ul><ul><li>Why: legal, ethical and user acceptance </li></ul><ul><li>How: insight and control over data flow </li></ul>
  4. 4. Case: SURFfederation <ul><li>Federate for Dutch higher education and research </li></ul><ul><li>~700k users, ~40 IdPs, ~30 SPs </li></ul><ul><li>Limited sharing of attributes </li></ul><ul><li>Trust framework </li></ul><ul><li>Multi-protocol, including SAML & WS-Federation </li></ul><ul><li>Question: do users want consent, and how? </li></ul>IdP IdP IdP IdP SP SP SP SP hub
  5. 5. State-of-the-art for consent InfoCard (active client)
  6. 6. State-of-the-art for consent OpenID (web-redirect)
  7. 7. User centric SAML? <ul><li>But isn ’t SAML is Identity Provider centric? Well, that depends … </li></ul><ul><li>SAML WebSSO is web-redirect, similar to OpenID: consent can be similar </li></ul><ul><li>Already examples: </li></ul><ul><ul><li>consent module van SimpleSAMLphp (WAYF, Feide) </li></ul></ul><ul><ul><li>uApprove (SWITCH) </li></ul></ul>
  8. 8. A step back A complicated trade-off for consent
  9. 9. Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]
  10. 10. Approach <ul><li>State-of-the-art </li></ul><ul><li>Design web-redirect based consent </li></ul><ul><ul><li>Not SAML/OpenID specific … </li></ul></ul><ul><ul><li>5 guidelines (next slides) </li></ul></ul><ul><ul><li>Based on ‘professional’ literature, academic literature and existing implementations </li></ul></ul><ul><li>User studies! InfoCard vs user-centric SAML </li></ul><ul><li>Pilot </li></ul>
  11. 11. We decided in our case not to provide per-attribute choice, too difficult to understand. Always ask user before exchanging data 0 Consent
  12. 12. We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement Make the information flow clear 1 Informed
  13. 13. We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate
  14. 14. We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate will be longer
  15. 15. Difficult to do with web-browser without becoming too intrusive… <ul><li>Notify when information is exchanged (in right context) </li></ul><ul><ul><li>Even if consent was already provided </li></ul></ul>3 Notification
  16. 16. Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
  17. 17. Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
  18. 18. User study setup <ul><li>Small/qualitative, in depth, using mockups </li></ul><ul><ul><li>Co-discovery, 9 * 2 people, 3 universities, mix students & employees, questionnaire </li></ul></ul><ul><li>Do they want consent, or will they rather leave it to their university? </li></ul><ul><li>If they do: do they prefer InfoCard or user-centric SAML? </li></ul><ul><li>And specific feedback on trade-off in our user-centric SAML </li></ul>
  19. 19. User study outcome <ul><li>Yes , they did want consent </li></ul><ul><li>They prefer user-centric SAML over InfoCard </li></ul>
  20. 20. User study – other points <ul><li>No consensus on desired ‘obtrusiveness’: we decided to skip notification </li></ul><ul><li>They want to know why service providers want their attributes </li></ul><ul><li>They want control over the data after consent: no solution yet … </li></ul>
  21. 21. Current status <ul><li>Exploring user-centric SAML </li></ul><ul><li>Additional user studies to fine-tune user interface </li></ul><ul><li>Started large pilot two weeks ago  </li></ul><ul><li>Based on outcome SURFnet will decide if to roll-out </li></ul>
  22. 22. Closing remarks <ul><li>Providing actual consent is NOT trivial </li></ul><ul><li>Unclear how specific the results are for our case: trust, web-redirect, limited attributes </li></ul><ul><li>Complication (?): role of hub and SURFnet </li></ul><ul><li>Asking people about privacy behavior is tricky: risk of bias towards privacy-paranoids, behavior over longer time, social desirable </li></ul><ul><li>Timed consent: what period? </li></ul>
  23. 23. THANK YOU <ul><li>Acknowledgement: </li></ul><ul><li>SURFnet: Hans Zandbelt, Roland van Rijswijk, Eefje van der Harst, Remco Poortinga-van Wijnen and others </li></ul><ul><li>Novay: Ruud Janssen, Bob Hulsebosch, Dirk-Jan van Dijk and others </li></ul>More information: report: User controlled privacy voor de SURFfederatie (Dutch) report: User controlled privacy voor de SURFfederatie: een gebruikersstudie (Dutch) report: Outcome user controlled privacy pilot, to appear Dec 2010 (English) blog post: http://maarten.wegdam.name/2010/03/11/user-centric-saml/ email: [email_address]

×