![Page 1: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/1.jpg)
User consent for consumer identity7 October 2010, ISSE 2010, Berlin
Maarten Wegdam
Principal Research @ Novay
![Page 2: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/2.jpg)
Novay?
• Mission “to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations”
• Independent Dutch ICT research institute• Formerly Telematica Instituut• Innovation projects for clients• Networked innovation• Identity & Trust is focus area, e.g.:
2
![Page 3: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/3.jpg)
An intro to user consent
• User centric identity
• Empower user to control his/her identity
• See also: Laws of Identity by Cameron
• Why: legal, ethical and user acceptance
• How: insight and control over data flow
3
![Page 4: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/4.jpg)
Case: SURFfederation
• Federate for Dutch higher education and research• ~700k users, ~40 IdPs, ~30 SPs• Limited sharing of attributes• Trust framework• Multi-protocol, including SAML & WS-Federation• Question: do users want consent, and how?
4
IdP
IdP
IdP
IdPSP
SP
SP
SP
hub
![Page 5: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/5.jpg)
State-of-the-art for consent
InfoCard (active client)
5
![Page 6: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/6.jpg)
State-of-the-art for consent
OpenID (web-redirect)
6
![Page 7: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/7.jpg)
User centric SAML?
• But isn’t SAML is Identity Provider centric? Well, that depends …
• SAML WebSSO is web-redirect, similar to OpenID: consent can be similar
• Already examples:
• consent module van SimpleSAMLphp (WAYF, Feide)
• uApprove (SWITCH)
7
![Page 8: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/8.jpg)
A step backA complicated trade-off for consent
8
![Page 9: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/9.jpg)
Privacy attitude
9
[Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]
![Page 10: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/10.jpg)
Approach
• State-of-the-art• Design web-redirect based consent
• Not SAML/OpenID specific …
• 5 guidelines (next slides)
• Based on ‘professional’ literature, academic literature and existing implementations
• User studies! InfoCard vs user-centric SAML
• Pilot
10
![Page 11: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/11.jpg)
11
We decided in our case not to provide per-attribute choice, too difficult to understand.
Always ask user before exchanging data
0 Consent
![Page 12: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/12.jpg)
12
We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement
Make the information flow clear
1 Informed
![Page 13: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/13.jpg)
13
We decided to only have ‘timed’ automation, people forget…
Enable providing consent for future log-ins
2 Automate
![Page 14: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/14.jpg)
14
We decided to only have ‘timed’ automation, people forget…
Enable providing consent for future log-ins
2 Automate
will be longer
![Page 15: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/15.jpg)
15
Difficult to do with web-browser without becoming too intrusive…
Notify when information is exchanged (in right context)
Even if consent was already provided
3 Notification
![Page 16: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/16.jpg)
16
Including what attributes are included in consent, but no log.
Provide overview and allow revocation of provided
consents
4 Revocation
![Page 17: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/17.jpg)
17
Including what attributes are included in consent, but no log.
Provide overview and allow revocation of provided
consents
4 Revocation
![Page 18: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/18.jpg)
User study setup
• Small/qualitative, in depth, using mockups
• Co-discovery, 9 * 2 people, 3 universities, mix
students & employees, questionnaire
• Do they want consent, or will they rather leave it to their university?
• If they do: do they prefer InfoCard or user-centric SAML?
• And specific feedback on trade-off in our user-centric SAML
18
![Page 19: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/19.jpg)
User study outcome
• Yes, they did want consent
• They prefer user-centric SAML over InfoCard
19
![Page 20: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/20.jpg)
User study – other points
• No consensus on desired ‘obtrusiveness’: we decided to skip notification
• They want to know why service providers want their attributes
• They want control over the data after consent: no solution yet …
20
![Page 21: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/21.jpg)
Current status
• Exploring user-centric SAML• Additional user studies to fine-tune user
interface• Started large pilot two weeks ago • Based on outcome SURFnet will decide
if to roll-out
21
![Page 22: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/22.jpg)
Closing remarks
• Providing actual consent is NOT trivial• Unclear how specific the results are for our
case: trust, web-redirect, limited attributes• Complication (?): role of hub and SURFnet• Asking people about privacy behavior is
tricky: risk of bias towards privacy-paranoids, behavior over longer time, social desirable
• Timed consent: what period?
22
![Page 23: User consent for consumer identity (@ISSE2010)](https://reader034.vdocument.in/reader034/viewer/2022042607/558caef4d8b42a27188b46bf/html5/thumbnails/23.jpg)
THANK YOU
Acknowledgement:• SURFnet: Hans Zandbelt, Roland van Rijswijk, Eefje van
der Harst, Remco Poortinga-van Wijnen and others• Novay: Ruud Janssen, Bob Hulsebosch, Dirk-Jan van
Dijk and others
23
More information: report: User controlled privacy voor de SURFfederatie (Dutch)report: User controlled privacy voor de SURFfederatie: een gebruikersstudie (Dutch)report: Outcome user controlled privacy pilot, to appear Dec 2010 (English)blog post: http://maarten.wegdam.name/2010/03/11/user-centric-saml/ email: [email protected]