Mauro et al,
in the consumer world, attribute control (if there is any at all) is as Nat and Gerald describe. Anything goes. Technology proliferation encourages a Tower of Babel.
In highly regulated worlds, entity and attribute authorities are defined in support of either a corporate data model (e.g. Intel, which is controlled by the CEO), or a government data model (e.g. the US Dept of Defence Data Model implemented in the Defence Metadata Service and referenced in the DoD Architecture Framework (DODAF)) or a collaborative data model implemented in collaborative programmes or whole industry sectors (e.g. the aerospace and defence model for US Export Controls/ ITAR (International Traffic and Arms Regulations), similarly the data model supporting the Joint Strike Fighter programme). The situation is made complicated by the rules governing which party or person can update which values or attributes in which circumstances, which requires a taxonomy or at least a set of rules based on Common Policy. This is very similar to the federation scenarios which are very familiar to those involved in widely deployed PKI Federation.
As it happens, this week I will be sitting down in a Norwegian military base with 14 other nations, including IT, US, UK, FR - and NATO. (Italy heads a parallel work item on Legal). We are working on Cyber Situational Awareness (Cyber SA), which requires an agreed attribute schema to support the kinds of information that governments and critical national infrastructure etc providers need to share. In two weeks, I will be with the TMForum in Madrid, which is working on developing a set of Cyber SA metrics.
I see Kantara potentially providing the certification regime for attribute providers and, further, data quality.
I am also involved in EUSTIC with UK, German and Austrian colleagues, which is submitting a bid to the European Commission for funding for a wide range of trust framework enabling research and development. This includes attribute management. We will know if the bid is successful in March. If it isn't, then the EUSTIC Partner Alliance will press ahead with smaller set of trust-related activities.
I hope this helps. If your work can relate to the above, that would be good.
regards,
Patrick
On 7 Jan 2012, at 00:42, Gerald Beuchelt wrote:
Mauro -
As far as I can see there are two principal approaches:
1. An authoritative attribute provider is determined by policy, i.e. an authority within the group of operators defines who is authoritative. This will - most likely - have to be decided and configured upfront.
2. The relying party makes their own determination, based on its needs and policies. In this scenario, the RP has more flexibility to determine authoritativeness at runtime.
So, in general, the problem is really a managerial problem, and not a technical one. However, meta data may help in making decisions at runtime.
Best,
Gerald
On Jan 6, 2012, at 18:50 , Colin Wallis wrote:
Hi Mauro
It is a good question and one which along with many others, the Kantara Attribute Management Discussion Group has within its scope.
The general feeling is that 'responsibility' as you mention below, will be published/consumed via meta data.
But we need to determine what that actual attribute will be - whether we create one or re-use one (say from a SAML 2.0 profile).
Cheers
Colin
> Date: Tue, 3 Jan 2012 19:43:50 +0100
> From:
s172556@studenti.polito.it> To:
community@kantarainitiative.org> Subject: [Kantara - Community] Attributes from multiple APs
>
> Hello everyone,
>
> I am starting a thesis work on attributes management and aggregation in
> a federated identity environment and I am trying to figure out how to
> address attributes resolution in a scenario where there are multiple
> Attribute Providers.
> The main issue is: how does a relying party know which AP is responsible
> for a given attribute?
> As I am doing a research, I would like to know if in Kantara this
> problem has been faced and, if so, how you have solved it.
>
> Thank you for your time and consideration.
>
> Best Regards,
>
> Mauro
>
> --
> Mauro L
> Polytechnic University of Turin
> _______________________________________________
> Community mailing list
>
Community@kantarainitiative.org>
http://kantarainitiative.org/mailman/listinfo/community_______________________________________________
Community mailing list
Community@kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/community
_______________________________________________
Community mailing list
Community@kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/community