We have developed an attribute taxonomy that provides a useful categorization of issues about attributes, and notably their values, in regard to their impacts on consent and attribute release. See https://docs.google.com/document/d/13cFEpkaerCgit-aPPek2VZBFLwp7XhixZz0MHuZkdx8/edit?usp=sharing


A Rough Consensus is emerging on the characteristics for a consent mechanism to satisfy a diverse set of legal requirements, be effective for end-users, and foster a Internet-scale infrastructure to support it. These items are consumed by the IdP operator and/or by the end-user. 

One statement of the set of requirements - Scalable Consent Requirements.pdf


They include:

  • trustmarks - e.g. R&S, CoC, IDESG
  • notification and consent suppression options
  • icons to represent either the SP or the IdP or both
  • required and optional attributes
  • informed consent informational dialogues
  • third party reuse and other privacy policy information

A variety of mechanisms are anticipated to provide this information:

  •  SAML end-entity, generally acting as trustmarks, particularly for dynamic information
  •   Well-known URIs where policies and more static information might reside
  •   Resolvable attributes, where the information is obtained directly through resolving the attribute name or value
  •   Others


Internal sources of the information could include local configuration options (e.g.notification options) as well as supporting above the above information for local applications

External sources may provide the above information for federated applications.


  • No labels