Attribute release to Service Providers
Posted on Friday, 23 December 2016
Federation members may be aware of a reported security breach at Lynda.com https://www.linkedin.com/help/lynda/answer/75205. As it stands this should not have resulted in any leak of Personally Identifiable Information (PII) for any UK federation users through UK federation related authentication processes, however at this time I’d like to remind everyone of the key element of federated access being the correct attribute request and attribute release by Service Providers and Identity providers respectively.
Further details on best practice can be found here https://www.ukfederation.org.uk/content/Documents/AttributesForAuthorization and also in the UK federation Technical recommendations https://www.ukfederation.org.uk/library/uploads/Documents/federation-technical-specifications.pdf and any Institutions or Service Providers who would like further advice on attribute release should contact the UK federation helpdesk.
On a different note we’d like to wish everyone happy holidays and the UK federation will be available for entity registrations and modifications from January 3rd 2017.