Date: Thu, 28 Mar 2024 14:42:16 +0000 (UTC) Message-ID: <1460625237.6537.1711636936289@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6536_1321452935.1711636936289" ------=_Part_6536_1321452935.1711636936289 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Background: At many universities and colleges today, a = user doesn't have say in the release of their personal information (e.g. em= ail address) to a vendor site that is in a relationship with the institutio= n.
The CAR system:
This site offers information about CAR. Most of the information is= intended for people who already are familiar with "identity management," b= ut we give a bit more background for normal people immediately below. = We follow the background material with a brief overview of CAR's component= services. The bottom of the pages contains links to in-depth technical inf= ormation about CAR (e.g architecture and policy language documents).
Con= sent Policy Service For Users (COPSU):
Stores user policies (including =E2=80=9Cask me=E2=80= =9D) with respect to release of specific values of attributes=E2=80=93 or O= AUTH scopes or OIDC claims =E2=80=93 to specific relying parties (RPs)= .
Answers queries about a given user=E2=80=99s choices = with respect to a given RP, and a specific set of attributes/scopes/claims.=
Doesn=E2=80=99t hold a user's actual attribute values= ; instead holds the release policy around the attributes and their values.<= /span>
Att= ribute Release Policy Service For Institutions (ARPSI):
Stores Institutional attribute release policies about= users, attributes, values, and relying parties (RPs). <= /p>
Answers queries about the institutional choices= with respect to a given user, a given RP, and a specific set of attributes= .
Con= sent-informed Attribute Release Manager (CARMA)
Holds and applies a "meta policy" to decide what to d= o when institutional and user policies conflict.
Takes care of authenticating and authorizing identity=
providers, users, and admins, so that the COPSU and ARPSI don't have to.=
span> =
<=
/p>