Fwd: Clarifications About the SeamlessAccess.org Service

Hello FIM4L,
You might be interested in a letter I sent recently to Service Providers who are somewhere on the path to using the Advanced Integration model with SeamlessAccess. Questions are always welcome!
-Heather
Begin forwarded message:
From: Heather Flanagan heather@seamlessaccess.org Subject: Clarifications About the SeamlessAccess.org Service Date: January 13, 2020 at 9:49:23 AM PST To: Laura Paglione laura@seamlessaccess.org
Hello SeamlessAccess integrators, past, present, and future,
Following feedback before and during the Internet2 Technology Exchange https://meetings.internet2.edu/2019-technology-exchange/, the Seamless Access program is reviewing the permissible use of the stored Identity Provider (IdP) preference information when using some of the SeamlessAccess.org http://seamlessaccess.org/ integration models (see our “Getting Started https://seamlessaccess.org/get-started/” page for more information about the different integration models).
What we realized is that in its current form, authorized Service Providers (SPs) using the advanced integration model https://seamlessaccess.org/get-started/ may be able to access stored IdP choices before a user logs into that SP’s service. When a website authorized to use SeamlessAccess connects their Federated Identity Management (FIM) service, the website can see the user’s previous choice of IdP before any user authentication occurs. This design choice was originally made to enable full flexibility of the user interface for advanced integrators, for example, to display the preferred IdP in the interface. Further, integrators using the limited and standard integration models are unable to access stored IdP choices.
We now understand that the current situation has some privacy implications that take the service beyond what SeamlessAccess has been promising. For example, a SeamlessAccess-authorized SP could potentially collect information about exactly which IdPs are preferred by the user (which is often correlated to a person’s affiliation) without the user being aware. While the persisted choice of IdP is not considered personally identifiable information (see the WAYF Cloud and P3W Security & Privacy Recommendations https://ra21.org/index.php/results/ra21-security-privacy-final-report/ from RA21 for more detail) the exposure of any information outside of what matches a more traditional authentication flow runs counter to the principles of SeamlessAccess.
The SeamlessAccess Governance Committee is currently evaluating several options to remediate this unintended possibility, including, but not limited to: Changes to the advanced integration API which make it impossible to access the stored IdP choices while still allowing the UI customization and integration with local discovery services for which this model was originally intended. A UI mechanism to allow users to grant permission to SPs to access their stored IdP preference information. Clear prohibition in the Terms of Use of SeamlessAccess of utilization of stored preference information in any way that is not intended.
In order to become an authorized SP for the advanced integration model using our production service, the SP has to follow a process that includes a review of their proposed integration with SeamlessAccess. The SeamlessAccess governance committee is currently working with appropriate legal counsel to develop a strong Terms of Service and Privacy Statements that will be part of authorizing any new SP. A link to the onboarding process and appropriate policies will be made available on the SeamlessAccess website as soon as they are complete.
As we have more information and documentation on how to integrate with SeamlessAccess, we will let you know.
Heather Flanagan, Program Director, SeamlessAccess.org http://seamlessaccess.org/

Heather, Could this be shared with those who have signed up for the emails re SA? I'm on that list and, while I appreciate it here, it seems that community (esp the librarians who signed up) would be interested? Lisa
Lisa Janicke Hinchliffe lisalibrarian@gmail.com
On Thu, Jan 23, 2020, 10:27 AM Heather Flanagan < hlf@sphericalcowconsulting.com> wrote:
Hello FIM4L,
You might be interested in a letter I sent recently to Service Providers who are somewhere on the path to using the Advanced Integration model with SeamlessAccess. Questions are always welcome!
-Heather
Begin forwarded message:
*From: *Heather Flanagan heather@seamlessaccess.org *Subject: **Clarifications About the SeamlessAccess.org http://SeamlessAccess.org Service* *Date: *January 13, 2020 at 9:49:23 AM PST *To: *Laura Paglione laura@seamlessaccess.org
Hello SeamlessAccess integrators, past, present, and future,
Following feedback before and during the Internet2 Technology Exchange https://meetings.internet2.edu/2019-technology-exchange/, the Seamless Access program is reviewing the permissible use of the stored Identity Provider (IdP) preference information when using some of the SeamlessAccess.org http://seamlessaccess.org/ integration models (see our “Getting Started https://seamlessaccess.org/get-started/” page for more information about the different integration models).
What we realized is that in its current form, authorized Service Providers (SPs) using the advanced integration model https://seamlessaccess.org/get-started/ may be able to access stored IdP choices before a user logs into that SP’s service. When a website authorized to use SeamlessAccess connects their Federated Identity Management (FIM) service, the website can see the user’s previous choice of IdP before any user authentication occurs. This design choice was originally made to enable full flexibility of the user interface for advanced integrators, for example, to display the preferred IdP in the interface. Further, integrators using the limited and standard integration models are unable to access stored IdP choices.
We now understand that the current situation has some privacy implications that take the service beyond what SeamlessAccess has been promising. For example, a SeamlessAccess-authorized SP could potentially collect information about exactly which IdPs are preferred by the user (which is often correlated to a person’s affiliation) without the user being aware. While the persisted choice of IdP is not considered personally identifiable information (see the WAYF Cloud and P3W Security & Privacy Recommendations https://ra21.org/index.php/results/ra21-security-privacy-final-report/ from RA21 for more detail) the exposure of any information outside of what matches a more traditional authentication flow runs counter to the principles of SeamlessAccess.
The SeamlessAccess Governance Committee is currently evaluating several options to remediate this unintended possibility, including, but not limited to:
- Changes to the advanced integration API which make it impossible to
access the stored IdP choices while still allowing the UI customization and integration with local discovery services for which this model was originally intended.
- A UI mechanism to allow users to grant permission to SPs to access
their stored IdP preference information.
- Clear prohibition in the Terms of Use of SeamlessAccess of
utilization of stored preference information in any way that is not intended.
In order to become an authorized SP for the advanced integration model using our production service, the SP has to follow a process that includes a review of their proposed integration with SeamlessAccess. The SeamlessAccess governance committee is currently working with appropriate legal counsel to develop a strong Terms of Service and Privacy Statements that will be part of authorizing any new SP. A link to the onboarding process and appropriate policies will be made available on the SeamlessAccess website as soon as they are complete.
As we have more information and documentation on how to integrate with SeamlessAccess, we will let you know.
Heather Flanagan, Program Director, SeamlessAccess.org http://seamlessaccess.org/
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l

HI Lisa,
I could use some feedback on whether it’s written to the right level for the general list. What do you think? Alternatively, I can put it up on the website blog and point to it in the monthly announcement.
-Heather
On Jan 23, 2020, at 11:15 AM, Lisa Hinchliffe lisalibrarian@gmail.com wrote:
Heather, Could this be shared with those who have signed up for the emails re SA? I'm on that list and, while I appreciate it here, it seems that community (esp the librarians who signed up) would be interested? Lisa
Lisa Janicke Hinchliffe lisalibrarian@gmail.com mailto:lisalibrarian@gmail.com On Thu, Jan 23, 2020, 10:27 AM Heather Flanagan <hlf@sphericalcowconsulting.com mailto:hlf@sphericalcowconsulting.com> wrote: Hello FIM4L,
You might be interested in a letter I sent recently to Service Providers who are somewhere on the path to using the Advanced Integration model with SeamlessAccess. Questions are always welcome!
-Heather
Begin forwarded message:
From: Heather Flanagan <heather@seamlessaccess.org mailto:heather@seamlessaccess.org> Subject: Clarifications About the SeamlessAccess.org http://seamlessaccess.org/ Service Date: January 13, 2020 at 9:49:23 AM PST To: Laura Paglione <laura@seamlessaccess.org mailto:laura@seamlessaccess.org>
Hello SeamlessAccess integrators, past, present, and future,
Following feedback before and during the Internet2 Technology Exchange https://meetings.internet2.edu/2019-technology-exchange/, the Seamless Access program is reviewing the permissible use of the stored Identity Provider (IdP) preference information when using some of the SeamlessAccess.org http://seamlessaccess.org/ integration models (see our “Getting Started https://seamlessaccess.org/get-started/” page for more information about the different integration models).
What we realized is that in its current form, authorized Service Providers (SPs) using the advanced integration model https://seamlessaccess.org/get-started/ may be able to access stored IdP choices before a user logs into that SP’s service. When a website authorized to use SeamlessAccess connects their Federated Identity Management (FIM) service, the website can see the user’s previous choice of IdP before any user authentication occurs. This design choice was originally made to enable full flexibility of the user interface for advanced integrators, for example, to display the preferred IdP in the interface. Further, integrators using the limited and standard integration models are unable to access stored IdP choices.
We now understand that the current situation has some privacy implications that take the service beyond what SeamlessAccess has been promising. For example, a SeamlessAccess-authorized SP could potentially collect information about exactly which IdPs are preferred by the user (which is often correlated to a person’s affiliation) without the user being aware. While the persisted choice of IdP is not considered personally identifiable information (see the WAYF Cloud and P3W Security & Privacy Recommendations https://ra21.org/index.php/results/ra21-security-privacy-final-report/ from RA21 for more detail) the exposure of any information outside of what matches a more traditional authentication flow runs counter to the principles of SeamlessAccess.
The SeamlessAccess Governance Committee is currently evaluating several options to remediate this unintended possibility, including, but not limited to: Changes to the advanced integration API which make it impossible to access the stored IdP choices while still allowing the UI customization and integration with local discovery services for which this model was originally intended. A UI mechanism to allow users to grant permission to SPs to access their stored IdP preference information. Clear prohibition in the Terms of Use of SeamlessAccess of utilization of stored preference information in any way that is not intended.
In order to become an authorized SP for the advanced integration model using our production service, the SP has to follow a process that includes a review of their proposed integration with SeamlessAccess. The SeamlessAccess governance committee is currently working with appropriate legal counsel to develop a strong Terms of Service and Privacy Statements that will be part of authorizing any new SP. A link to the onboarding process and appropriate policies will be made available on the SeamlessAccess website as soon as they are complete.
As we have more information and documentation on how to integrate with SeamlessAccess, we will let you know.
Heather Flanagan, Program Director, SeamlessAccess.org http://seamlessaccess.org/
FIM4L mailing list FIM4L@lists.daasi.de mailto:FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l http://lists.daasi.de/listinfo/fim4l

Hi Heather,
Thank you for sharing this.
I just like to say that I appreciate the voice of this letter which shared the concerns of the SeamlessAccess committee of letting library patrons gain access as anonymous as possible.
If we are able to get this principle of ‘anonymous authentication’ work, I think it would be beneficial even far beyond the library community.
And yes, it should be possible/optional for the user to share more information for better UX, profiling, etc.
best, Jos
Op 23-01-20 16:28 heeft FIM4L namens Heather Flanagan <fim4l-bounces@lists.daasi.demailto:fim4l-bounces@lists.daasi.de namens hlf@sphericalcowconsulting.commailto:hlf@sphericalcowconsulting.com> geschreven:
Hello FIM4L,
You might be interested in a letter I sent recently to Service Providers who are somewhere on the path to using the Advanced Integration model with SeamlessAccess. Questions are always welcome!
-Heather
Begin forwarded message:
From: Heather Flanagan <heather@seamlessaccess.orgmailto:heather@seamlessaccess.org> Subject: Clarifications About the SeamlessAccess.orghttp://SeamlessAccess.org Service Date: January 13, 2020 at 9:49:23 AM PST To: Laura Paglione <laura@seamlessaccess.orgmailto:laura@seamlessaccess.org>
Hello SeamlessAccess integrators, past, present, and future,
Following feedback before and during the Internet2 Technology Exchangehttps://meetings.internet2.edu/2019-technology-exchange/, the Seamless Access program is reviewing the permissible use of the stored Identity Provider (IdP) preference information when using some of the SeamlessAccess.orghttp://seamlessaccess.org/ integration models (see our “Getting Startedhttps://seamlessaccess.org/get-started/” page for more information about the different integration models).
What we realized is that in its current form, authorized Service Providers (SPs) using the advanced integration modelhttps://seamlessaccess.org/get-started/ may be able to access stored IdP choices before a user logs into that SP’s service. When a website authorized to use SeamlessAccess connects their Federated Identity Management (FIM) service, the website can see the user’s previous choice of IdP before any user authentication occurs. This design choice was originally made to enable full flexibility of the user interface for advanced integrators, for example, to display the preferred IdP in the interface. Further, integrators using the limited and standard integration models are unable to access stored IdP choices.
We now understand that the current situation has some privacy implications that take the service beyond what SeamlessAccess has been promising. For example, a SeamlessAccess-authorized SP could potentially collect information about exactly which IdPs are preferred by the user (which is often correlated to a person’s affiliation) without the user being aware. While the persisted choice of IdP is not considered personally identifiable information (see the WAYF Cloud and P3W Security & Privacy Recommendationshttps://ra21.org/index.php/results/ra21-security-privacy-final-report/ from RA21 for more detail) the exposure of any information outside of what matches a more traditional authentication flow runs counter to the principles of SeamlessAccess.
The SeamlessAccess Governance Committee is currently evaluating several options to remediate this unintended possibility, including, but not limited to:
*
* Changes * to the advanced integration API which make it impossible to access the stored IdP choices while still allowing the UI customization and integration with local discovery services for which this model was originally intended.
* *
* A * UI mechanism to allow users to grant permission to SPs to access their stored IdP preference information.
* *
* Clear * prohibition in the Terms of Use of SeamlessAccess of utilization of stored preference information in any way that is not intended.
*
In order to become an authorized SP for the advanced integration model using our production service, the SP has to follow a process that includes a review of their proposed integration with SeamlessAccess. The SeamlessAccess governance committee is currently working with appropriate legal counsel to develop a strong Terms of Service and Privacy Statements that will be part of authorizing any new SP. A link to the onboarding process and appropriate policies will be made available on the SeamlessAccess website as soon as they are complete.
As we have more information and documentation on how to integrate with SeamlessAccess, we will let you know.
Heather Flanagan, Program Director, SeamlessAccess.orghttp://seamlessaccess.org/
Teilnehmer (3)
-
Heather Flanagan
-
Jos Westerbeke
-
Lisa Hinchliffe