Anil John
Making Digital Services Secure and Trustworthy

Anil John

The Trusted Role of an Attribute Broker

 Tweet  Share  Comment  Print  Email

My earlier blog post on proxy/broker/hub/exchange architecture introduced two deployment patterns which I called unified proxy and split proxy. This blog post explores the capabilities that could be implemented by the attribute validation component of a split proxy architecture.

I am becoming more and more convinced that a unified proxy implementation that combines both authentication and attribute validation into a single physical instance limits architectural flexibility and increases privacy and operational burdens.

I won’t focus here on the authentication proxy component, but will simply point you to the Government of Canada’s SecureKey Concierge Credential Broker Service as an example of a successful, large scale, public sector implementation of a pure authentication proxy. Mike Waddingham has a screen-by-screen walk-through of how it works for our northern neighbors.

At its core, the attribute validation proxy is all about the specialized brokering of attributes from sources that are external AND internal to the RP’s trust domain. It must also be interoperable with other attribute brokers (e.g. ID DataWeb Attribute Exchange Network) that exist.

The following are some of the “questions” that I would expect a public sector attribute validation proxy to be able to answer:

  1. Here is an identifier; send the previously agreed upon verified attribute bundle that enables identity resolution for the individual associated with that identifier
  2. Here is a self-asserted attribute bundle; verify and validate it
  3. Here is a self-asserted attribute bundle; return a MATCH/NO-MATCH on a per attribute basis
  4. Here is an identifier and a policy URI; Use the policy URI to look up previously agreed upon actions that need to performed (e.g. retrieve verified attributes 1,2,3, do policy evaluation X, use answer format Y) and provide the answer such that it does not reveal anything sensitive about the individual associated with the identifier

What other questions would you want an attribute validation proxy to answer?


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog ( The opinions expressed here are my own and do not represent my employer’s view in any way.

By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a Public Interest Technologist. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone