My view on this remains “to increase privacy get rid of brokers”. A full mesh SAML or PKI federation is untenable, so that’s why we’ve deployed brokers in the past. But OIDC, with dynamic client registration and server discovery, is built for this. I believe wee need to move towards this model.

Is anyone interested in writing up a response to that effect with me? Perhaps we could run a session on it at IIW this week for those of us that will be there (including myself).

 — Justin

On Oct 23, 2015, at 8:29 AM, Andrew Hughes <andrewhughes3000@gmail.com> wrote:

Hi UMAnitarians - not sure if you've seen this notice yet

I'm vice-chair of IAWG & we are probably going to assemble comments on this. 

"Privacy-Enhanced Identity Brokers" 

Comments to inform a new collaborative project & eventual 1800 series Practice Guide at the NIST NCCoE

Due 18 December

http://www.nist.gov/itl/acd/ncce/20151022privacy.cfm

Andrew Hughes CISM CISSP 
Independent Consultant
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com 
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security 


_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma