In frameworks for Web services like SAML, Liberty or Shibboleth, a user can get authentication by asking one?s IdP (identity provider) to issue a security assertion by which one can get access to services at an SP (service provider). If the SP additionally requests some attributes of one?s, the user is forced to reveal the immediate values of them. There are cases where users must present detailed privacy information which SPs don?t actually require to authorize them. We focus on Shibboleth and propose an extension of the attribute exchange protocol between an IdP and an SP in Shibboleth. While in the conventional framework of Shibboleth attributes are exchanged in immediate value, in our extension an SP requests an IdP to test whether user?s attributes are satisfied some conditions, then the IdP returns either "true", "false" or "unanswerable" to the SP. We specify a language to describe the conditions as a query at the SP. We also extend an Attribute Authority at the IdP to evaluate the conditions presented from the SP.