Create a user profile page for Shibboleth IdP and SimpleSAMLphp

A user profile page deployed as part of Shibboleth IdP and SimpleSAMLphp would enable end users to gain insight into where their personal data is used and when it was last released to various services, as far as the IdP is aware. This feature should only release information to appropriate user (so after login). We need to consider how storing user data to facilitate this plugin would impact data retention policy of the IdP. We need to learn how both  IdP products currently store information on what was release towards services and how that can be made readily available.

Additional features to consider:

• In case the IdP is also anOIDC  OP this capability may be extended to also include OIDC based interactions.
• It should be investigated if this feature could also be used to allow users to retract consent to the release of attributes/claims
• Integration with CAR

• Describe requirements
• Investigate storage backend in Shibboleth IdP
• Investigate storage backend in SSP
• Implement storage backend
• Design/Mock GUI components
• Discuss UI design with community
• Implement GUI design

This activity provide users with the ability to track their own login behaviour. This my enhance trust and security too.

No known risks

The tool will access personal data at the IdP. However, the data will only be displayed, there will be no additional data storage.

The activity seeks to implement a working prototype of the software.

If the software works as expected, it can be handed over to the developers of Shibboleth/SimpleSAMLphp

• Demo video showcasing MVP design
• Gitlab repository for SimpleSAMLphp module: https://gitlab.geant.org/TI_Incubator/personal-profile-page/simplesamlphp
• Gitlab repository for Shibboleth IdP module: https://gitlab.geant.org/TI_Incubator/personal-profile-page/shibboleth-idp