uApprove - User Consent Module for Shibboleth Identity Providers

uApprove screenshot

uApprove is an extension for the Shibboleth Identity Provider (IdP) to enforce acceptance of terms of use and user attribute release consent. It serves the following purposes:

  1. The user is informed about the release of his data (attributes) to a Service Provider (SP) when he accesses the SP for the first time or if his data changed.
  2. The administrator of an Identity Provider (IdP)
    1. can ask the user to accept an IdP's terms of use before accessing any services
    2. gets a tool that implements data protection laws by enforcing user consent before personal user attributes are released to an SP
    3. knows when a particular user gave consent to release which attribute and value to a particular SP

From the user's point of view, uApprove is an application which presents him a webpage, on which

  • he may have to accept or decline the Terms of Use of an Shibboleth Identity Provider upon first access to the system (this option can be disabled by configuration)
  • he can globally accept the release of all his/her attributes to any Service Provider
  • he has to accept the release of his/her attributes upon first access to a given Service Provider (if the global release has not been approved)

Demo

There is a demonstration site, where you can see uApprove in action.

On the page "Select your Home Organisation", choose the entry "AAI Demo Home Organisation" and click on the Select button. Then, you are redirected to the login screen where you can log in using the following credentials:

Username(s): demo[1..50]
Password:    demo

Download

Please consult the README file for license, issue tracking, source access information.
Comments & questions to aai@switch.ch.