Kenneth Klingenstein
Evangelist, Trust and Identity
Internet2
Finally, the research and education community is turning its attention to attributes. While attributes are the precious and privacy-preserving payloads of federated identity, much of our attention has been on the safety and security transports themselves. Now, with activities on deploying privacy-preserving identifiers and putting together normative bundles of attributes for standard purposes, the need for scalable access controls and verifiable credentials, and user-managed consent software emerging, the art of attributes is beginning. Special care is needed, as the task is hard. Developing shared semantics must strike a balance between diverse campus and international cultures and the need for close-enough agreements to trust each other. Extensible schema are needed to address unanticipated use cases, but need enough structure to ensure that extensions can be automatically processed. Metadata about attributes, from assurance to shelf-life, must be defined. As communities begin to develop shared attributes, this session will attempt to glean guidance on how to proceed. It will look at the successes and failures to date (drawing on eduPerson, preferred language, given name, end-entity tags, etc.) and the factors that influenced the outcomes. Both technological and process considerations will be examined. A few pearls of wisdom might be found.