SlideShare uma empresa Scribd logo

The user perspective on consent for identity federations (TNC 2011)

W
wegdam

1) A large-scale user study was conducted on consent for an identity federation to understand user perspectives. 2) The study found that users do want consent over how their data is shared in the federation and what information is exchanged. 3) Different consent options were prototyped and tested, including always asking for consent, informed consent, timed automated consent, notification of exchanges, and revocation of consent. Users responded positively to options that gave them more control and transparency.

Tecnologia
1 de 31
Baixar para ler offline
The user perspective on consent for identity federations Terena Networking Conference 2011, 16 May 2011 Maarten Wegdam, Eefje van der Harst, Ruud Janssen Acknowledgement: SURFnet: Hans Zandbelt, Roland van Rijswijk, Remco Poortinga-van Wijnen and others Novay: Bob Hulsebosch, Dirk-Jan van Dijk and others
Novay? • Mission “to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations” • Independent ICT research institute • Formerly called Telematica Instituut • Innovation projects for customers • Networked innovation 2
What to expect? Large-scale user study on consent for an identity federation • Goal • Design choices & prototype • Pilot & survey outcome 3
Intro to user consent • (Old ?) trend: user centric identity • Empower user to control his/her identity • See also: Laws of Identity by Cameron • Why: legal, ethical and user acceptance • How: insight and control over the exchange data 4
SURFfederatie • NL Federation for higher education and research • ~700k users, >60 IdPs, ~30 SPs • Limited sharing of attributes • Trust framework • Multi-protocol, including SAML & WS-Federation IdP SP hub IdP SP IdP SP 5 IdP SP
Research question: do users want consent, and if so, how? 6
A complicated trade-off Under- standable 7
Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.] 8
Research approach • State-of-the-art • Design web-redirect based consent • Not SAML/OpenID protocol specific … • 5 guidelines • Based on professional literature, academic literature and existing implementations • 2 roundes of small-scale user studies • A large pilot with two rounds of surveys 9
Set-up user studies • Small/qualitative, in depth • First study: mockups • Co-discovery, 9 * 2 users, 3 institutes, mix students & employees, list of questions • Do they want consent, or do they prefer their institute to control this? • And: feedback on the trade-offs in our mockup • Second round: with prototype • Focus on trade-off • Mockups of different design choices 10
Example screenshot 11
Outcome user studies Yes: SURFfederatie users want consent How to make the trade-offs: see next slides … 12
0 Consent Always ask user before exchanging data We decided in our case not to provide per-attribute choice, too difficult to understand. 13
1 Informed Make the information flow clear We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement 14
2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget… 15
2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget… will be longer 16
3 Notification Notify when information is exchanged (in right context) Even if consent was already provided Difficult to do with web-browser without becoming too intrusive 17
4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log 18
4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log. 19
User study – other points • Why do service providers need my attributes? Specific answers are very difficult ... • What happens after my consent with my data? No real solution for this (yet?)… • What is SURFnet doing here? Web-interface runs on SURFnet hub, which now becomes visible… We explained this carefully 20
Pilot & survey • Three universities (TUD, RuG, Univ Leiden) • Three service providers (Legal Intelligence, Prof, SURFdiensten) • Dutch and English • 1043 participants (18%), 507 did the survey • Ran for 2 months 21
Main conclusion 1 22
Main conclusion 2 The new option is a good add-on to the SURFfederatie (1=absolutely; 5=not at all) 45% 40% 42% 35% 30% 28% 25% 20% 20% 15% 10% 8% 5% 2% 0% 23 1 2 3 4 5
Check on bias towards privacy fundementalists: representative 24
Timed consent • 87% of users wants this! • No clear preference how long … 25
Conclusions • Users want consent • Current prototype is good way to provide this • Open issues • Do the other stakeholders want this? • For all institutes, and can each one choose? • On the hub or at the institutes? • SURFnet decided to deploy this (summer 2011) 26
Questions? More information: User controlled privacy for the SURFfederatie: the user perspective report, Jan 2011, to appear on www.surfnet.nl, or send me an email for pre-final version Report extended summary http://maartenwegdam.files.wordpress.com/2011/04/20110125-gp3-ucp-2010-ext-summary.pdf (or as “extra file” on TNC2011 site) Blog post http://maarten.wegdam.name/2011/04/03/user-study-outcome-users-do-want-consent-for- federated-login/ Email maarten.wegdam@novay.nl 27
backup 28
Consent on hub or with institute IdP SP IdP hub SP consent IdP SP IdP SP consent IdP hub SP consent IdP SP consent 29
Consent on hub or with institute? Hub Institute + one-time deploy + ‘logical’ place + analog to current - Some of the identity attribute filtering software will not support this, custom changes - hub becomes ‘fatter’ needed - hub becomes visible 30
31

Recomendados

Mapping Living Labs Esteve Almirall
Mapping Living Labs Esteve AlmirallMapping Living Labs Esteve Almirall
Mapping Living Labs Esteve Almirall
European Network of Living Labs (ENoLL)
 
Andy Lark "Into the Lifestream" Presentation
Andy Lark "Into the Lifestream" PresentationAndy Lark "Into the Lifestream" Presentation
Andy Lark "Into the Lifestream" Presentation
Jeffrey Lamb
 
Todd Caponi "Selling in a Down Economy"
Todd Caponi "Selling in a Down Economy"Todd Caponi "Selling in a Down Economy"
Todd Caponi "Selling in a Down Economy"
Jeffrey Lamb
 
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobielNovay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
wegdam
 
Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010
wegdam
 
Rob Wishnowsky's presentation "How to Tell Your Story in the US"
Rob Wishnowsky's presentation "How to Tell Your Story in the US"Rob Wishnowsky's presentation "How to Tell Your Story in the US"
Rob Wishnowsky's presentation "How to Tell Your Story in the US"
Jeffrey Lamb
 
Modelo de solicitud
Modelo de solicitudModelo de solicitud
Modelo de solicitud
carlosfran
 
David Steuer "Sustainability: Why Bother?"
David Steuer "Sustainability: Why Bother?"David Steuer "Sustainability: Why Bother?"
David Steuer "Sustainability: Why Bother?"
Jeffrey Lamb
 

Recomendados

Mapping Living Labs Esteve Almirall
Mapping Living Labs Esteve AlmirallMapping Living Labs Esteve Almirall
Mapping Living Labs Esteve Almirall
European Network of Living Labs (ENoLL)
 
Andy Lark "Into the Lifestream" Presentation
Andy Lark "Into the Lifestream" PresentationAndy Lark "Into the Lifestream" Presentation
Andy Lark "Into the Lifestream" Presentation
Jeffrey Lamb
 
Todd Caponi "Selling in a Down Economy"
Todd Caponi "Selling in a Down Economy"Todd Caponi "Selling in a Down Economy"
Todd Caponi "Selling in a Down Economy"
Jeffrey Lamb
 
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobielNovay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
wegdam
 
Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010
wegdam
 
Rob Wishnowsky's presentation "How to Tell Your Story in the US"
Rob Wishnowsky's presentation "How to Tell Your Story in the US"Rob Wishnowsky's presentation "How to Tell Your Story in the US"
Rob Wishnowsky's presentation "How to Tell Your Story in the US"
Jeffrey Lamb
 
Modelo de solicitud
Modelo de solicitudModelo de solicitud
Modelo de solicitud
carlosfran
 
David Steuer "Sustainability: Why Bother?"
David Steuer "Sustainability: Why Bother?"David Steuer "Sustainability: Why Bother?"
David Steuer "Sustainability: Why Bother?"
Jeffrey Lamb
 
User consent for consumer identity (@ISSE2010)
User consent for consumer identity (@ISSE2010)User consent for consumer identity (@ISSE2010)
User consent for consumer identity (@ISSE2010)
wegdam
 
RA21: An Update on RA21
RA21: An Update on RA21RA21: An Update on RA21
RA21: An Update on RA21
National Information Standards Organization (NISO)
 
Deciphering the DNA of innovation platforms
Deciphering the DNA of innovation platforms Deciphering the DNA of innovation platforms
Deciphering the DNA of innovation platforms
Zelalem Lema
 
Deciphering the DNA of innovation platforms
Deciphering the DNA of innovation platformsDeciphering the DNA of innovation platforms
Deciphering the DNA of innovation platforms
ILRI
 
Inti escem-tours2012-acs
Inti escem-tours2012-acsInti escem-tours2012-acs
Inti escem-tours2012-acs
Territorial Intelligence
 
Edugate Futures
Edugate FuturesEdugate Futures
Edugate Futures
HEAnet
 
3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...
CFG
 
Supersede overview presentation
Supersede overview presentationSupersede overview presentation
Supersede overview presentation
Supersede
 
UX research
UX researchUX research
UX research
Billy Choi
 
Chris Shillum: Overview of the RA21 proejct presentation
Chris Shillum: Overview of the RA21 proejct presentationChris Shillum: Overview of the RA21 proejct presentation
Chris Shillum: Overview of the RA21 proejct presentation
National Information Standards Organization (NISO)
 
ASA conference Feb 2013
ASA conference Feb 2013ASA conference Feb 2013
ASA conference Feb 2013
mrkwr
 
Software Adoption - How to get your employees to use your SaaS solution
Software Adoption - How to get your employees to use your SaaS solutionSoftware Adoption - How to get your employees to use your SaaS solution
Software Adoption - How to get your employees to use your SaaS solution
ITM Platform
 
Basics of Lean UX
Basics of Lean UXBasics of Lean UX
Basics of Lean UX
Gopi Thyagarajan
 
Track a 215_fry_liberman
Track a 215_fry_libermanTrack a 215_fry_liberman
Track a 215_fry_liberman
BentleyDUC
 
Rapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Rapid User Research - a talk from Agile 2013 by Aviva RosensteinRapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Rapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Aviva Rosenstein
 
Streamline Your Negotiation: Creating & Updating a License Template for Your...
Streamline Your Negotiation: Creating & Updating a License Template for Your...Streamline Your Negotiation: Creating & Updating a License Template for Your...
Streamline Your Negotiation: Creating & Updating a License Template for Your...
Liane Taylor
 
Open Research Data & H2020
Open Research Data & H2020Open Research Data & H2020
Open Research Data & H2020
Sarah Jones
 
WS 8 Living Lab Methodology Handbook
WS 8 Living Lab Methodology HandbookWS 8 Living Lab Methodology Handbook
WS 8 Living Lab Methodology Handbook
European Network of Living Labs (ENoLL)
 
Requirements Elicitation Techniques For Data Discovery
Requirements Elicitation Techniques For Data DiscoveryRequirements Elicitation Techniques For Data Discovery
Requirements Elicitation Techniques For Data Discovery
Joe Newbert
 
Thriving in an Environment of Change
Thriving in an Environment of ChangeThriving in an Environment of Change
Thriving in an Environment of Change
Neeraj Bhatia
 
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
wegdam
 
Digital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studyDigital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case study
wegdam
 

Mais conteúdo relacionado

Semelhante a The user perspective on consent for identity federations (TNC 2011)

3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...
CFG
 
Track a 215_fry_liberman
Track a 215_fry_libermanTrack a 215_fry_liberman
Track a 215_fry_liberman
BentleyDUC
 
Rapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Rapid User Research - a talk from Agile 2013 by Aviva RosensteinRapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Rapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Aviva Rosenstein
 

Semelhante a The user perspective on consent for identity federations (TNC 2011) (20)

User consent for consumer identity (@ISSE2010)
User consent for consumer identity (@ISSE2010)User consent for consumer identity (@ISSE2010)
User consent for consumer identity (@ISSE2010)
 
RA21: An Update on RA21
RA21: An Update on RA21RA21: An Update on RA21
RA21: An Update on RA21
 
Deciphering the DNA of innovation platforms
Deciphering the DNA of innovation platforms Deciphering the DNA of innovation platforms
Deciphering the DNA of innovation platforms
 
Deciphering the DNA of innovation platforms
Deciphering the DNA of innovation platformsDeciphering the DNA of innovation platforms
Deciphering the DNA of innovation platforms
 
Inti escem-tours2012-acs
Inti escem-tours2012-acsInti escem-tours2012-acs
Inti escem-tours2012-acs
 
Edugate Futures
Edugate FuturesEdugate Futures
Edugate Futures
 
3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...3B - How to effectively engage users and managers in IT projects - Richard Co...
3B - How to effectively engage users and managers in IT projects - Richard Co...
 
Supersede overview presentation
Supersede overview presentationSupersede overview presentation
Supersede overview presentation
 
UX research
UX researchUX research
UX research
 
Chris Shillum: Overview of the RA21 proejct presentation
Chris Shillum: Overview of the RA21 proejct presentationChris Shillum: Overview of the RA21 proejct presentation
Chris Shillum: Overview of the RA21 proejct presentation
 
ASA conference Feb 2013
ASA conference Feb 2013ASA conference Feb 2013
ASA conference Feb 2013
 
Software Adoption - How to get your employees to use your SaaS solution
Software Adoption - How to get your employees to use your SaaS solutionSoftware Adoption - How to get your employees to use your SaaS solution
Software Adoption - How to get your employees to use your SaaS solution
 
Basics of Lean UX
Basics of Lean UXBasics of Lean UX
Basics of Lean UX
 
Track a 215_fry_liberman
Track a 215_fry_libermanTrack a 215_fry_liberman
Track a 215_fry_liberman
 
Rapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Rapid User Research - a talk from Agile 2013 by Aviva RosensteinRapid User Research - a talk from Agile 2013 by Aviva Rosenstein
Rapid User Research - a talk from Agile 2013 by Aviva Rosenstein
 
Streamline Your Negotiation: Creating & Updating a License Template for Your...
Streamline Your Negotiation: Creating & Updating a License Template for Your...Streamline Your Negotiation: Creating & Updating a License Template for Your...
Streamline Your Negotiation: Creating & Updating a License Template for Your...
 
Open Research Data & H2020
Open Research Data & H2020Open Research Data & H2020
Open Research Data & H2020
 
WS 8 Living Lab Methodology Handbook
WS 8 Living Lab Methodology HandbookWS 8 Living Lab Methodology Handbook
WS 8 Living Lab Methodology Handbook
 
Requirements Elicitation Techniques For Data Discovery
Requirements Elicitation Techniques For Data DiscoveryRequirements Elicitation Techniques For Data Discovery
Requirements Elicitation Techniques For Data Discovery
 
Thriving in an Environment of Change
Thriving in an Environment of ChangeThriving in an Environment of Change
Thriving in an Environment of Change
 

Mais de wegdam

2de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 292de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 29
wegdam
 

Mais de wegdam (20)

Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
 
Digital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studyDigital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case study
 
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
 
FIDOs place in the identity ecosystem
FIDOs place in the identity ecosystemFIDOs place in the identity ecosystem
FIDOs place in the identity ecosystem
 
AWARENESS overview @ closing working - context-aware mobile health (March 2008)
AWARENESS overview @ closing working - context-aware mobile health (March 2008)AWARENESS overview @ closing working - context-aware mobile health (March 2008)
AWARENESS overview @ closing working - context-aware mobile health (March 2008)
 
#SNRD12 Maak student baas over eigen data
#SNRD12 Maak student baas over eigen data#SNRD12 Maak student baas over eigen data
#SNRD12 Maak student baas over eigen data
 
Cloud privacy & security - Een verkenning van tools en technieken
Cloud privacy & security - Een verkenning van tools en techniekenCloud privacy & security - Een verkenning van tools en technieken
Cloud privacy & security - Een verkenning van tools en technieken
 
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
 
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
 
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
 
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
 
User controlled privacy voor de SURFfederatie
User controlled privacy voor de SURFfederatieUser controlled privacy voor de SURFfederatie
User controlled privacy voor de SURFfederatie
 
cidSafe project, 23 September 2010, for EEMA event
cidSafe project, 23 September 2010, for EEMA eventcidSafe project, 23 September 2010, for EEMA event
cidSafe project, 23 September 2010, for EEMA event
 
2de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 292de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 29
 
cidSafe project overview (in Dutch!!!)
cidSafe project overview (in Dutch!!!)cidSafe project overview (in Dutch!!!)
cidSafe project overview (in Dutch!!!)
 
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
 
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
 
User & Mobile Centric Identity
User & Mobile Centric IdentityUser & Mobile Centric Identity
User & Mobile Centric Identity
 
Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identity
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

The user perspective on consent for identity federations (TNC 2011)

  • 1. The user perspective on consent for identity federations Terena Networking Conference 2011, 16 May 2011 Maarten Wegdam, Eefje van der Harst, Ruud Janssen Acknowledgement: SURFnet: Hans Zandbelt, Roland van Rijswijk, Remco Poortinga-van Wijnen and others Novay: Bob Hulsebosch, Dirk-Jan van Dijk and others
  • 2. Novay? • Mission “to create breakthroughs in the way we work, live, and entertain ourselves, by creating and applying ICT-innovations” • Independent ICT research institute • Formerly called Telematica Instituut • Innovation projects for customers • Networked innovation 2
  • 3. What to expect? Large-scale user study on consent for an identity federation • Goal • Design choices & prototype • Pilot & survey outcome 3
  • 4. Intro to user consent • (Old ?) trend: user centric identity • Empower user to control his/her identity • See also: Laws of Identity by Cameron • Why: legal, ethical and user acceptance • How: insight and control over the exchange data 4
  • 5. SURFfederatie • NL Federation for higher education and research • ~700k users, >60 IdPs, ~30 SPs • Limited sharing of attributes • Trust framework • Multi-protocol, including SAML & WS-Federation IdP SP hub IdP SP IdP SP 5 IdP SP
  • 6. Research question: do users want consent, and if so, how? 6
  • 7. A complicated trade-off Under- standable 7
  • 8. Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.] 8
  • 9. Research approach • State-of-the-art • Design web-redirect based consent • Not SAML/OpenID protocol specific … • 5 guidelines • Based on professional literature, academic literature and existing implementations • 2 roundes of small-scale user studies • A large pilot with two rounds of surveys 9
  • 10. Set-up user studies • Small/qualitative, in depth • First study: mockups • Co-discovery, 9 * 2 users, 3 institutes, mix students & employees, list of questions • Do they want consent, or do they prefer their institute to control this? • And: feedback on the trade-offs in our mockup • Second round: with prototype • Focus on trade-off • Mockups of different design choices 10
  • 12. Outcome user studies Yes: SURFfederatie users want consent How to make the trade-offs: see next slides … 12
  • 13. 0 Consent Always ask user before exchanging data We decided in our case not to provide per-attribute choice, too difficult to understand. 13
  • 14. 1 Informed Make the information flow clear We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement 14
  • 15. 2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget… 15
  • 16. 2 Automate Enable providing consent for future log-ins We decided to only have ‘timed’ automation, people forget… will be longer 16
  • 17. 3 Notification Notify when information is exchanged (in right context) Even if consent was already provided Difficult to do with web-browser without becoming too intrusive 17
  • 18. 4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log 18
  • 19. 4 Revocation Provide overview and allow revocation of provided consents Including what attributes are included in consent, but no log. 19
  • 20. User study – other points • Why do service providers need my attributes? Specific answers are very difficult ... • What happens after my consent with my data? No real solution for this (yet?)… • What is SURFnet doing here? Web-interface runs on SURFnet hub, which now becomes visible… We explained this carefully 20
  • 21. Pilot & survey • Three universities (TUD, RuG, Univ Leiden) • Three service providers (Legal Intelligence, Prof, SURFdiensten) • Dutch and English • 1043 participants (18%), 507 did the survey • Ran for 2 months 21
  • 23. Main conclusion 2 The new option is a good add-on to the SURFfederatie (1=absolutely; 5=not at all) 45% 40% 42% 35% 30% 28% 25% 20% 20% 15% 10% 8% 5% 2% 0% 23 1 2 3 4 5
  • 24. Check on bias towards privacy fundementalists: representative 24
  • 25. Timed consent • 87% of users wants this! • No clear preference how long … 25
  • 26. Conclusions • Users want consent • Current prototype is good way to provide this • Open issues • Do the other stakeholders want this? • For all institutes, and can each one choose? • On the hub or at the institutes? • SURFnet decided to deploy this (summer 2011) 26
  • 27. Questions? More information: User controlled privacy for the SURFfederatie: the user perspective report, Jan 2011, to appear on www.surfnet.nl, or send me an email for pre-final version Report extended summary http://maartenwegdam.files.wordpress.com/2011/04/20110125-gp3-ucp-2010-ext-summary.pdf (or as “extra file” on TNC2011 site) Blog post http://maarten.wegdam.name/2011/04/03/user-study-outcome-users-do-want-consent-for- federated-login/ Email maarten.wegdam@novay.nl 27
  • 29. Consent on hub or with institute IdP SP IdP hub SP consent IdP SP IdP SP consent IdP hub SP consent IdP SP consent 29
  • 30. Consent on hub or with institute? Hub Institute + one-time deploy + ‘logical’ place + analog to current - Some of the identity attribute filtering software will not support this, custom changes - hub becomes ‘fatter’ needed - hub becomes visible 30
  • 31. 31