Title :
User-controlled Privacy Protection with Attribute-filter Mechanism for a Federated SSO Environment Using Shibboleth
Author :
Orawiwattanakul, Tananun ; Yamaji, Kazutsuna ; Nakamura, Motonori ; Kataoka, Toshiyuki ; Sonehara, Noboru
Author_Institution :
Nat. Inst. of Inf., Tokyo, Japan
Abstract :
Shibboleth is a well-known software package for web single sign-on (SSO) based on several federated identity standards, including the Organization for the Advancement of Structured Information Standards (OASIS)´ security assertion markup language (SAML) version 1.1 and 2.0. This paper describes uApprove.jp, a user consent acquisition system (UCAS) with an attribute-filter mechanism for a Shibboleth-based SSO system. uApprove.jp requests the user´s consent for the release of his/her personal information from an identity provider (IdP) to a service provider (SP) and allows him/her to determine which attributes will be sent. uApprove.jp is an extension of approve, a UCAS for Shibboleth. Our development is for universities participating in GakuNin (a Japanese academic federation), but it can be utilized in other Shibboleth-based federations.
Keywords :
data privacy; educational administrative data processing; educational institutions; user interfaces; GakuNin Japanese academic federation; Japanese universities; Shibboleth-based SSO system; attribute-filter mechanism; federated SSO environment; identity provider; security assertion markup language; service provider; single sign-on environment; user consent acquisition system; user-controlled privacy protection; Japanese academic federation; Shibboleth; component; uApprove; user consent;
Conference_Titel :
P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2010 International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-8538-3
Electronic_ISBN :
978-0-7695-4237-9
DOI :
10.1109/3PGCIC.2010.40
