Federated attribute aggregation in hub and spoke based federation environments

WAYF has developed and implemented a technical solution, JAKOB, which, in a configuration detached from the normal operational setup, aggregates attributes from attribute stores (aka 'attribute authorities'). Attributes may be aggregated in parallel or with serial dependancies which means that the lookups in multiple attribute stores must happen in a predefined order, as some lookups depend on the results of previous lookups. The updated features of the consent dialogue is presented and the legal background as well as usability considerations are explained. In WAYF.dk's context they are operated in an opt-in fashion and hence only enabled when explicitly needed. The formal framework and workflows for supporting such a setup is presented. New legal agreements for connecting the attribute stores were developed and differences from the existing IdP-agreement are covered. Use cases from the Danish public library sector are presented as they have been a key driver in the development of the presented solution.



  • David Simonsen
  • Jacob Christiansen
  • Mikkel Hald

Part of session

Will work for attributes!

Related documents