uApprove - User Consent Module for Shibboleth Identity Providers
- The user is informed about the release of his data (attributes) to a Service Provider (SP) when he accesses the SP for the first time or if his data changed.
- The administrator of an Identity Provider (IdP)
- gets a tool that implements data protection laws by enforcing user consent before personal user attributes are released to an SP
- knows when a particular user gave consent to release which attribute and value to a particular SP
- he can globally accept the release of all his/her attributes to any Service Provider
- he has to accept the release of his/her attributes upon first access to a given Service Provider (if the global release has not been approved)
There is a demonstration site, where you can see uApprove in action.
Username(s): demo[1..50] Password: demo
Please consult the README file for license, issue tracking, source access information.
Comments & questions to email@example.com.
Some deployers might also be interested in uApproveJP (Jet Pack), a fork by our colleagues from the Japanese GakuNin AAI federation. The main difference of uApproveJP to uApprove is that the former gives users the choice to select which optional attributes are released about them.
Another (newer) fork is PrivacyLens, which introduces a completely new user interface and similarily like uApproveJP gives the user more control what information is sent to a service.
Both of the above forks, like uApprove itself, are plug-ins for the Shibboleth Identity Provider v2.x. Version 3 of Shibboleth will come with built-in user consent. Therefore, it is likely that uApprove or similar plug-ins won't be needed anymore.