Freedom of the Shelves: Untangling the Confusion on Federated Identity, Access Controls, and Privacy

Powerful forces are driving a more secure and managed approach to access controls on content for the research and education community. Born-digital content, abuses in mass downloading, the need for greater customization of user experience, and the global scale of the community are moving the market forward into the greater capabilities provided by a federated identity approach. At the same time, chronic deficiencies in the current federated identity infrastructure are creating confusion on exactly how to achieve traditional scholarly goals such as freedom of the shelves in the federated landscape. A number of the gaps are being addressed, although progress is slow. The first of the challenges is to improve the “discovery” process, i.e. helping unauthenticated users to find their identity provider (IdP) organization in order to authenticate. The Seamless Access effort is working on this issue. Then the right set of attributes needs to be released from the IdP to the service provider (SP). There are several parts to this puzzle piece, including providing users with content to make informed decisions, tools that allow the fine-grain release of individual, community norms around data minimization and purposes of use, and managing the experience to reduce user friction. Consent-Informed Attribute Release (CAR) is providing this puzzle piece. Finally, the service provider must behave properly with the information they receive, in issues from codes of conduct to adequate security controls. Legislation and European Union codes of conduct are moving this along. This session will provide updates on each of these efforts. It will also include demos on how the developing tools work in concert to provide a user-effective environment to access content selectively and maintain a variety of degrees of personal freedom in the electronic shelves.

https://spaces.at.internet2.edu/display/CARDrivers/CAR+Drivers+Home
https://seamlessaccess.org
https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home