Hi Heather Great work so far. I'll have quick stab at this, as much to offer a target for others to shoot at, as anything else :-) Cheers colin -----Original Message----- From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Heather Flanagan Sent: Friday, 10 February 2012 9:26 a.m. To: dg-am@kantarainitiative.org Subject: [DG-AM] Report status and input requested Hi all - Thank you for the input this week. I've incorporated what seemed to be immediately relevant to the draft report. There is a section, however, that still needs significant attention: Protocols How do you move attributes around? (is there any more to the question of protocols other than the SAML and OAuth work?) CW: Web Services of course. They either move via the front channel (browser for example), or the back channel (WS* stack) and I guess in some special cases point to point with a secured VPN channel (governments and larger enterprises often have these) Metadata ??? CW: Another aspect supporting the moving of attributes around. What is needed is agreement on what the semantics are. SAML has some metadata for attributes, but much more will be needed as the growth of interop of attributes continues. We will need registries for attribute sets/categorization (think IANA here), and agreement about the semantics and if not at least mappings between sets of attributes having differing semantics Trust frameworks Attribute Assurance Profiles - ???'' .. e.g. different LoA for attributes based if they are self reported or proofed at a high level (I know a lot more must be said on this one. I will be focusing my attention here since I know I have the documentation around somewhere). CW: Yes, and the LoA will be a meta data item as well of course Consent (Is the work around consent actually a gap in the attribute management space, or does it belong somewhere else?) ??? CW: It's a gap in the federation space in my view. Consent needs to be 'designed in' either as in band or as a service but implemented in a standardized way so you get consistent UX. In the last days of Liberty, the TEG (a test to see how many remember the acronym) were going to build one for the ID-WSF. Context (I think context has the potential to be very interesting, but may fit in to the Categorization under Semantics and terminology?) ??? CW: Exactly Feedback encouraged, welcomed, begged for... -Heather _______________________________________________ DG-AM mailing list DG-AM@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-am ==== CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you. ====