Yes, that. Always looking at privacy from linkablility and anonymity perspectives. An Identity Broker with privacy in mind has the responsibility to protect those properties. Through policy, but also some funky cryptography could be applied to assist there. But yeah, in the end they have the potential to only make things worse from a privacy point of view, and not better. Cheers! Mark On 24/10/15 08:24, Justin Richer wrote:
My view on this remains “to increase privacy get rid of brokers”. A full mesh SAML or PKI federation is untenable, so that’s why we’ve deployed brokers in the past. But OIDC, with dynamic client registration and server discovery, is built for this. I believe wee need to move towards this model.
Is anyone interested in writing up a response to that effect with me? Perhaps we could run a session on it at IIW this week for those of us that will be there (including myself).
— Justin
On Oct 23, 2015, at 8:29 AM, Andrew Hughes <andrewhughes3000@gmail.com <mailto:andrewhughes3000@gmail.com>> wrote:
Hi UMAnitarians - not sure if you've seen this notice yet
I'm vice-chair of IAWG & we are probably going to assemble comments on this.
"Privacy-Enhanced Identity Brokers"
Comments to inform a new collaborative project & eventual 1800 series Practice Guide at the NIST NCCoE
Due 18 December
http://www.nist.gov/itl/acd/ncce/20151022privacy.cfm
*Andrew Hughes *CISM CISSP Independent Consultant *In Turn Information Management Consulting*
o +1 650.209.7542 <tel:%2B1%20650.209.7542> m +1 250.888.9474 <tel:%2B1%20250.888.9474> 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com <mailto:AndrewHughes3000@gmail.com> ca.linkedin.com/pub/andrew-hughes/a/58/682/ <http://ca.linkedin.com/pub/andrew-hughes/a/58/682/> *Identity Management | IT Governance | Information Security *
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma