Speaker
Description
The protection of personal information represents a crucial aspect of Authorization and Authentication Infrastructures (AAIs). Moreover, as GDPR compliance has stepped forward during the last years, the focus needs to be also put on users' consent to provision their data outside AAI.
The majority of the current AAI implementations in research and education are focused on SAML and OIDC protocols and therefore allow users to decide if their data can be released to end services during the authentication process. However, the same problem has to be solved for the provisioning process that happens without the direct user interaction (usually authentication) with the AAI service.
In the Perun AAI, we wanted to craft a complete solution providing VO managers with rights to control user access whilst giving end-users the ability to control what information is released to a particular service they have been authorized to. That led us to the implementation of a user consent management toolkit, which gathers a list of available services, including what attributes they consume. Using this toolkit, the provisioning is completely controlled from the user side, by deciding if the provisioning consent is granted or not on a per-service basis.
The main challenge was to design a user-friendly way of gathering the consent when the new access is assigned by a VO manager or the attribute list required by service changes. Also, we had to present the choices to the user in a comprehensible way with straightforward management options.
In this demonstration, we would like to show the initial implementation of the users' consent management toolkit in the Perun AAI which is already used in production. We want to present our approach and gather feedback and additional use-cases for this feature.
| Topic | Security, Trust & Identity |
|---|
