Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy and Consent

Presented by Fiona Culloch at FAM09, Cardiff, 24 November 2009

  • Be the first to comment

  • Be the first to like this

Privacy and Consent

  1. 1. Access Management Privacy and Consent Fiona Culloch, EDINA FAM09, Cardiff, 24 November 2009
  2. 2. FAM09, Cardiff Copyright © EDINA, 2009 2 Access Management UK federation privacy Catastrophic Success
  3. 3. FAM09, Cardiff Copyright © EDINA, 2009 3 Access Management Available attributes • Most IdPs give out only: – Organisational affiliation (ePSA) – Service-specific, opaque ID (ePTI)
  4. 4. FAM09, Cardiff Copyright © EDINA, 2009 4 Access Management FAM infrastructure allows any attributes Photo: Library of Virginia / Flickr
  5. 5. FAM09, Cardiff Copyright © EDINA, 2009 5 Access Management Personal data has stayed on the old road Photo: State Library of Queensland / Flickr
  6. 6. FAM09, Cardiff Copyright © EDINA, 2009 6 Access Management Most SPs don’t ask for personal data • Many don’t personalise • Those that do: – Had to create own accounts for IP authentication – User enters own data into form – Many have kept same system for FAM
  7. 7. FAM09, Cardiff Copyright © EDINA, 2009 7 Access Management What if an SP does want personal data?
  8. 8. FAM09, Cardiff Copyright © EDINA, 2009 8 Access Management Institutional directory •Holds personal data •Disclosure subject to DPA •So it’s treated like a safe Photo: New York Public Library / Flickr
  9. 9. FAM09, Cardiff Copyright © EDINA, 2009 9 Access Management Directory guarded by administrators Photo: New York Public Library / Flickr
  10. 10. FAM09, Cardiff Copyright © EDINA, 2009 10 Access Management There’s not just one IdP either… 238 IdPs +243 virt.
  11. 11. FAM09, Cardiff Copyright © EDINA, 2009 11 Access Management Will they be friendly? Photo: Library of Congress, Bain Collection / Flickr
  12. 12. FAM09, Cardiff Copyright © EDINA, 2009 12 Access Management “No one really asks us much for ARP changes” IdP administrator
  13. 13. FAM09, Cardiff Copyright © EDINA, 2009 13 Access Management Stable deadlock Too hard to ask, so SPs don’t IdPs get no requests, think all is well
  14. 14. FAM09, Cardiff Copyright © EDINA, 2009 14 Access Management Can’t federation coordinate top-down? Resolving MxN policies was original rationale for federations
  15. 15. FAM09, Cardiff Copyright © EDINA, 2009 15 Access Management What voices feed into UK federation standard-setting?
  16. 16. FAM09, Cardiff Copyright © EDINA, 2009 16 Access Management Voices(1): Technical Architect • If you have an aspiration… • “Show me the spec.!” • Demonstrate: – Necessity – Deployability – Widespread need Photo: Library of Congress, Bain Collection / Flickr
  17. 17. FAM09, Cardiff Copyright © EDINA, 2009 17 Access Management Voices(2): Legal • Enshrine DPA principles • Avoid liability • Agrees with architect: – SP will ask for too much Photo: Library of Congress, Bain Collection / Flickr
  18. 18. FAM09, Cardiff Copyright © EDINA, 2009 18 Access Management Voices(3): missing in action • No IdP, SP representatives! • Fed. tries to think “if I were an IdP/SP…” – Works for “horizontal” requirements – Not so good for app- specific, “vertical” requirements Photo: State Library of New South Wales / Flickr
  19. 19. FAM09, Cardiff Copyright © EDINA, 2009 19 Access Management Hard to deal with everyone Trad. answer is representative forums
  20. 20. FAM09, Cardiff Copyright © EDINA, 2009 20 Access Management SP forums • Representative SPs to broker requirements • SPs know what attributes they want • “Vertical” forums: – Divorce apps from infrastructure – Can cross national boundaries
  21. 21. FAM09, Cardiff Copyright © EDINA, 2009 21 Access Management IdP forums • IdPs: – Determine feasibility – Implement • Had to be invented for Eduserv • Now generalise
  22. 22. FAM09, Cardiff Copyright © EDINA, 2009 22 Access Management Joint forums allow bottom-up progress • App-specific forums • Experiment, agree, deploy, not theorise: – Small scale (10s not 100s) – Scale up success • IETF style
  23. 23. FAM09, Cardiff Copyright © EDINA, 2009 23 Access Management How to disclose data but not go to jail Photo: State Library of New South Wales / Flickr
  24. 24. FAM09, Cardiff Copyright © EDINA, 2009 24 Access Management Technical fix: user consent at run time
  25. 25. FAM09, Cardiff Copyright © EDINA, 2009 25 Access Management Technical fix: problems • Additional user interface complexity: – Extra screen: what is being asked? • IdP must still: – Create (default) ARP – Confront quasi-legal questions • SP must: – Handle revocation
  26. 26. FAM09, Cardiff Copyright © EDINA, 2009 26 Access Management DPA permits disclosure on grounds other than consent, including necessity for purpose
  27. 27. FAM09, Cardiff Copyright © EDINA, 2009 27 Access Management ICO Legal Guidance 3.1.5 … “The Commissioner’s view is that consent is not particularly easy to achieve and that data controllers should consider other conditions in Schedule 2 (and Schedule 3 if processing sensitive personal data) before looking at consent. No condition carries greater weight than any other. All the conditions provide an equally valid basis for processing. Merely because consent is the first condition to appear in both Schedules 2 and 3, does not mean that data controllers should consider consent first.” …
  28. 28. FAM09, Cardiff Copyright © EDINA, 2009 28 Access Management Alternative for processing personal data 3.1.1 … “The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed… The Commissioner takes a wide view of the legitimate interests condition…”
  29. 29. FAM09, Cardiff Copyright © EDINA, 2009 29 Access Management Data processor agreements • Commercial SPs have licences anyway • Add some DPA clauses: – You have a data processor agreement – IdP covered against SP misbehaviour Photo: Library of Congress, Bain Collection / Flickr
  30. 30. FAM09, Cardiff Copyright © EDINA, 2009 30 Access Management Opportunities in JISC model licence? • Add standard DPA terms for SPs • Define recommended ARP for each SP: – Move per-SP, quasi-legal thinking from IdP to IdP forum + JISC Collections – JISC Collections doing legal anyway (licence negotiation), IdP forum informs on feasibility – Simplify by banding?
  31. 31. FAM09, Cardiff Copyright © EDINA, 2009 31 Access Management Computing regulations • Add DPA “Purposes” • Serve as user notification (“fair processing”) • In practice, vague is good – c.f. all commercial privacy policiesPhoto: Library of Congress, Bain Collection / Flickr
  32. 32. FAM09, Cardiff Copyright © EDINA, 2009 32 Access Management Call to action Are you willing to be active in an IdP forum? Names please!

    Be the first to comment

    Login to see the comments

Presented by Fiona Culloch at FAM09, Cardiff, 24 November 2009

Views

Total views

474

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

4

Shares

0

Comments

0

Likes

0

×