Shintau, Account Linking and Attribute Aggregation

David Chadwick is in Washington to present on the work of the Shintau project. Shintau aims to allow users to link a series of accounts to aggregate the attributes across these accounts and deliver an attribute aggregation to a Service Provider. The account linking system permits the use of levels of assurance, but does not allow the user to assert an attribute at a high level of assurance when it was given at a low level of assurance.

The user goes through a process of selecting a series of accounts from the account linking service that it wants to join together. The user also creates an account linking policy which defines which set of aggregated attributes it wishes to release to each service provider. At the point of authentication, the user selects an option to aggregate its attributes.

To link the accounts, the account linking service uses standard SAML2.0 but requests a persistent identifier from the IdP. The persistent identifier that is passed is encrypted at the point where a user clicks on ‘aggregate attributes’ and this is placed in a referral to the linking service by the Identity Provider.

It relies on the user having already set up a personal attribute release at each of the IdPs for each service they may wish to send attributes to, and this personal attribute release policy is then passed across through the linking service. This is a high burden on end-users – and this seems to be the general opinion on this process…it is too complex for end-users to manage. I could easily aggregate my accounts without realising the importance of having established a personal attribute release policy at each IdP and inadvertently release large amounts of data to Service Providers.