terena networking conference 2010

UCA: implementing User Centric Privacy in a multi-protocol SSO-Federation

Boudewijn Ector (University of Amsterdam)

My research about User Centric Privacy (UCP) at SURFnet has resulted in the following results: • A model which defines different levels of user control (from passive consent to active control), allowing different approaches to UCP and user control to be ranked and compared. • A new architecture for enabling the designated levels of privacy, while: – Still fitting into multi-protocol hub-and-spoke based federations such as the SURFfederatie. – Allowing the user to change (and add) his attributes without harming federation’s trust. – Combining attributes from a federated and non-federated IdP. 1 These characteristics are unique for the User Controlled Attributes (UCA) approach to user centric privacy: No other investigated solution offers these possibilities. The user can provide the UCA server with an OpenID account on another server, which provides the UCA server with attributes controlled by the user. These attributes are merged into the federated identity of the user, while making sure SPs can distinguish between the ’trusted’ attributes from the federated IdP, and the ’untrusted’ attributes managed by the user. This allows the user to modify his identity without damaging the trust in the federation.

Download poster (PDF)