There are many services that only want to know if an entity belongs to a specific category or not. The process should be something like this:
A costumer connects to a service, the service redirects the user to the attribute validation service (AVS) for validation that the customer fulfills the requirement. The AVS in its turn redirect the customer to a Identity Provider (chosen by the customer) for authentication and attribute release. If the authentication was successful the AVS checks that the released attributes matches the attribute validation criteria and if so returns a positive response to the service. If the authentication failed or if the released attributes did not match the attribute validation criteria and negative response will be returned. No Identity information about the customer will be returned.
The object of this project is to produce a proof-of-concept implementation of a service that works according to the description above.
Design Criteria:
- The AVS must be able to use SAML federations like EduGAIN to provide information about entities.
- The interface between the AVS and the querying service will be OAuth2 and/or Open ID Connect depending on exactly which functionality that is needed.