Anil John
Making Digital Services Secure and Trustworthy

Anil John

The Trusted Role of an Attribute Broker

 Share  Print  Email

My earlier blog post on proxy/broker/hub/exchange architecture introduced two deployment patterns which I called unified proxy and split proxy. This blog post explores the capabilities that could be implemented by the attribute validation component of a split proxy architecture.

I am becoming more and more convinced that a unified proxy implementation that combines both authentication and attribute validation into a single physical instance limits architectural flexibility and increases privacy and operational burdens.

I won’t focus here on the authentication proxy component, but will simply point you to the Government of Canada’s SecureKey Concierge Credential Broker Service as an example of a successful, large scale, public sector implementation of a pure authentication proxy. Mike Waddingham has a screen-by-screen walk-through of how it works for our northern neighbors.

At its core, the attribute validation proxy is all about the specialized brokering of attributes from sources that are external AND internal to the RP’s trust domain. It must also be interoperable with other attribute brokers (e.g. ID DataWeb Attribute Exchange Network) that exist.

The following are some of the “questions” that I would expect a public sector attribute validation proxy to be able to answer:

  1. Here is an identifier; send the previously agreed upon verified attribute bundle that enables identity resolution for the individual associated with that identifier
  2. Here is a self-asserted attribute bundle; verify and validate it
  3. Here is a self-asserted attribute bundle; return a MATCH/NO-MATCH on a per attribute basis
  4. Here is an identifier and a policy URI; Use the policy URI to look up previously agreed upon actions that need to performed (e.g. retrieve verified attributes 1,2,3, do policy evaluation X, use answer format Y) and provide the answer such that it does not reveal anything sensitive about the individual associated with the identifier

What other questions would you want an attribute validation proxy to answer?

RELATED INFO


This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.
Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post.
Meet me over on Mastodon to join the conversation!
I am a public interest technologist. I help organizations and leaders make digital services secure and trustworthy.
Learn more »

Disclaimer: The opinions expressed here are my own and do not represent my employer’s view in any way.

About

Anil JohnI am a public interest technologist. I help organizations and leaders gain clarity and understanding on complex architecture, information security, privacy practices, and market dynamics, so they can enable secure, trustworthy digital services. More about me →

Find me on Mastodon

Find me on Mastodon

Organizations I Support

© 2003-2023 Kylas Group LLC
Privacy Policy | Terms of Service