terena networking conference 2010

User Consent Acquisition System For Japanese Federation (GakuNin)

Tananun Orawiwattanakul, Kazutsuna Yamaji, Motonori Nakamura, Toshiyuki Kataoka, Noboru Sonehara (National Institute of Informatics - Japan)

The release of personal information from an IdP to an SP without the user's consent is an issue of information privacy in a Shibboleth-based federation. Consequently, SWITCH, the Switzerland higher education and research network, developed a plugin-java user consent acquisition system (UCAS) for Shibboleth IdP 2.x called, uApprove [10]. uApprove shows the user the attributes that the IdP will release to the corresponding SP on his/her browser for requesting his/her consent, but he/she cannot filter some attributes that he/she does not want released. The GakuNin (a Japanese academic federation) development team developed uApprove.jp, an extension of uApprove, for universities participating in GakuNin and other Shibboleth-based federations. The goal of uApprove.jp is to provide of requesting a user's consent and enabling the user to control the release of his/her attributes from the IdP to the SP. The attributes are classified into two types: mandatory (for authorizing a user to access SP’s services) and optional (for providing a proper service/content according to the user’s background). uApprove.jp displays mandatory attributes (no checkbox) and optional attributes (with checkboxes) on the user's browser. The user selects the optional attributes to be released by crossing checkboxes but he/she cannot filter mandatory attributes. When the user clicks a confirm-button to give consent, both mandatory and user’s selected optional attributes are released to the SP. This poster presents the flows, components, messages, details, and modifications from uApprove in shibboleth/uApprove.jp. uApprove.jp is being tested, and it will be practically implemented in the IdPs of GakuNin universities by July 2010.

Download poster (PDF)