Aggregation of attributes from different authorities

The model for grid authorisation is now reasonably well established. Attribute Authorities (or Identity Providers) assign attributes to users, and policy decision points (PDPs) at the resource sites make access control decisions based on the user’s attributes. Well known examples of AAs/IdPs are VOMS, CAS and Shibboleth, and well known examples of PDPs are XACML, PERMIS, Akenti, and LCAS. However, existing solutions are not capable of receiving attributes from multiple IdPs when the user is known by different identities at each IdP. Projects such as GridShib at Globus are making limited progress, but only in an IdP and middleware dependent way. This talk will describe the Shintau project, whose purpose is to define and build an application and middleware independent set of tools that will allow users to aggregate their attributes from multiple authorities, in a privacy preserving manner.