SlideShare a Scribd company logo

Privacy and Consent

Download as PPT, PDF
EDINA, University of Edinburgh
EDINA, University of Edinburgh

This document summarizes a presentation on access management and privacy/consent within federated access management systems. It discusses the types of attributes typically disclosed by identity providers, challenges around personal data disclosure, the need for better representation from service providers and identity providers in standards setting forums, and alternatives to consent such as legitimate interest for personal data processing in accordance with the UK Data Protection Act. It calls on identity providers to participate in proposed identity provider forums to help determine feasibility and implement attribute release policies to better meet service provider needs.

Related slideshows

EDINA National Datacentre Activity Update to GWG
EDINA National Datacentre Activity Update to GWGEDINA National Datacentre Activity Update to GWG
EDINA National Datacentre Activity Update to GWG
 
Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...
Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...
Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...
 
Open Access Repository Junction
Open Access Repository JunctionOpen Access Repository Junction
Open Access Repository Junction
 
1 of 32
Access Management Privacy and Consent Fiona Culloch, EDINA FAM09, Cardiff, 24 November 2009
FAM09, Cardiff Copyright © EDINA, 2009 2 Access Management UK federation privacy Catastrophic Success
FAM09, Cardiff Copyright © EDINA, 2009 3 Access Management Available attributes • Most IdPs give out only: – Organisational affiliation (ePSA) – Service-specific, opaque ID (ePTI)
FAM09, Cardiff Copyright © EDINA, 2009 4 Access Management FAM infrastructure allows any attributes Photo: Library of Virginia / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 5 Access Management Personal data has stayed on the old road Photo: State Library of Queensland / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 6 Access Management Most SPs don’t ask for personal data • Many don’t personalise • Those that do: – Had to create own accounts for IP authentication – User enters own data into form – Many have kept same system for FAM
FAM09, Cardiff Copyright © EDINA, 2009 7 Access Management What if an SP does want personal data?
FAM09, Cardiff Copyright © EDINA, 2009 8 Access Management Institutional directory •Holds personal data •Disclosure subject to DPA •So it’s treated like a safe Photo: New York Public Library / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 9 Access Management Directory guarded by administrators Photo: New York Public Library / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 10 Access Management There’s not just one IdP either… 238 IdPs +243 virt.
FAM09, Cardiff Copyright © EDINA, 2009 11 Access Management Will they be friendly? Photo: Library of Congress, Bain Collection / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 12 Access Management “No one really asks us much for ARP changes” IdP administrator
FAM09, Cardiff Copyright © EDINA, 2009 13 Access Management Stable deadlock Too hard to ask, so SPs don’t IdPs get no requests, think all is well
FAM09, Cardiff Copyright © EDINA, 2009 14 Access Management Can’t federation coordinate top-down? Resolving MxN policies was original rationale for federations
FAM09, Cardiff Copyright © EDINA, 2009 15 Access Management What voices feed into UK federation standard-setting?
FAM09, Cardiff Copyright © EDINA, 2009 16 Access Management Voices(1): Technical Architect • If you have an aspiration… • “Show me the spec.!” • Demonstrate: – Necessity – Deployability – Widespread need Photo: Library of Congress, Bain Collection / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 17 Access Management Voices(2): Legal • Enshrine DPA principles • Avoid liability • Agrees with architect: – SP will ask for too much Photo: Library of Congress, Bain Collection / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 18 Access Management Voices(3): missing in action • No IdP, SP representatives! • Fed. tries to think “if I were an IdP/SP…” – Works for “horizontal” requirements – Not so good for app- specific, “vertical” requirements Photo: State Library of New South Wales / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 19 Access Management Hard to deal with everyone Trad. answer is representative forums
FAM09, Cardiff Copyright © EDINA, 2009 20 Access Management SP forums • Representative SPs to broker requirements • SPs know what attributes they want • “Vertical” forums: – Divorce apps from infrastructure – Can cross national boundaries
FAM09, Cardiff Copyright © EDINA, 2009 21 Access Management IdP forums • IdPs: – Determine feasibility – Implement • Had to be invented for Eduserv • Now generalise
FAM09, Cardiff Copyright © EDINA, 2009 22 Access Management Joint forums allow bottom-up progress • App-specific forums • Experiment, agree, deploy, not theorise: – Small scale (10s not 100s) – Scale up success • IETF style
FAM09, Cardiff Copyright © EDINA, 2009 23 Access Management How to disclose data but not go to jail Photo: State Library of New South Wales / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 24 Access Management Technical fix: user consent at run time
FAM09, Cardiff Copyright © EDINA, 2009 25 Access Management Technical fix: problems • Additional user interface complexity: – Extra screen: what is being asked? • IdP must still: – Create (default) ARP – Confront quasi-legal questions • SP must: – Handle revocation
FAM09, Cardiff Copyright © EDINA, 2009 26 Access Management DPA permits disclosure on grounds other than consent, including necessity for purpose
FAM09, Cardiff Copyright © EDINA, 2009 27 Access Management ICO Legal Guidance 3.1.5 … “The Commissioner’s view is that consent is not particularly easy to achieve and that data controllers should consider other conditions in Schedule 2 (and Schedule 3 if processing sensitive personal data) before looking at consent. No condition carries greater weight than any other. All the conditions provide an equally valid basis for processing. Merely because consent is the first condition to appear in both Schedules 2 and 3, does not mean that data controllers should consider consent first.” …
FAM09, Cardiff Copyright © EDINA, 2009 28 Access Management Alternative for processing personal data 3.1.1 … “The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed… The Commissioner takes a wide view of the legitimate interests condition…”
FAM09, Cardiff Copyright © EDINA, 2009 29 Access Management Data processor agreements • Commercial SPs have licences anyway • Add some DPA clauses: – You have a data processor agreement – IdP covered against SP misbehaviour Photo: Library of Congress, Bain Collection / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 30 Access Management Opportunities in JISC model licence? • Add standard DPA terms for SPs • Define recommended ARP for each SP: – Move per-SP, quasi-legal thinking from IdP to IdP forum + JISC Collections – JISC Collections doing legal anyway (licence negotiation), IdP forum informs on feasibility – Simplify by banding?
FAM09, Cardiff Copyright © EDINA, 2009 31 Access Management Computing regulations • Add DPA “Purposes” • Serve as user notification (“fair processing”) • In practice, vague is good – c.f. all commercial privacy policiesPhoto: Library of Congress, Bain Collection / Flickr
FAM09, Cardiff Copyright © EDINA, 2009 32 Access Management Call to action Are you willing to be active in an IdP forum? Names please!

More Related Content

Privacy and Consent

  • 1. Access Management Privacy and Consent Fiona Culloch, EDINA FAM09, Cardiff, 24 November 2009
  • 2. FAM09, Cardiff Copyright © EDINA, 2009 2 Access Management UK federation privacy Catastrophic Success
  • 3. FAM09, Cardiff Copyright © EDINA, 2009 3 Access Management Available attributes • Most IdPs give out only: – Organisational affiliation (ePSA) – Service-specific, opaque ID (ePTI)
  • 4. FAM09, Cardiff Copyright © EDINA, 2009 4 Access Management FAM infrastructure allows any attributes Photo: Library of Virginia / Flickr
  • 5. FAM09, Cardiff Copyright © EDINA, 2009 5 Access Management Personal data has stayed on the old road Photo: State Library of Queensland / Flickr
  • 6. FAM09, Cardiff Copyright © EDINA, 2009 6 Access Management Most SPs don’t ask for personal data • Many don’t personalise • Those that do: – Had to create own accounts for IP authentication – User enters own data into form – Many have kept same system for FAM
  • 7. FAM09, Cardiff Copyright © EDINA, 2009 7 Access Management What if an SP does want personal data?
  • 8. FAM09, Cardiff Copyright © EDINA, 2009 8 Access Management Institutional directory •Holds personal data •Disclosure subject to DPA •So it’s treated like a safe Photo: New York Public Library / Flickr
  • 9. FAM09, Cardiff Copyright © EDINA, 2009 9 Access Management Directory guarded by administrators Photo: New York Public Library / Flickr
  • 10. FAM09, Cardiff Copyright © EDINA, 2009 10 Access Management There’s not just one IdP either… 238 IdPs +243 virt.
  • 11. FAM09, Cardiff Copyright © EDINA, 2009 11 Access Management Will they be friendly? Photo: Library of Congress, Bain Collection / Flickr
  • 12. FAM09, Cardiff Copyright © EDINA, 2009 12 Access Management “No one really asks us much for ARP changes” IdP administrator
  • 13. FAM09, Cardiff Copyright © EDINA, 2009 13 Access Management Stable deadlock Too hard to ask, so SPs don’t IdPs get no requests, think all is well
  • 14. FAM09, Cardiff Copyright © EDINA, 2009 14 Access Management Can’t federation coordinate top-down? Resolving MxN policies was original rationale for federations
  • 15. FAM09, Cardiff Copyright © EDINA, 2009 15 Access Management What voices feed into UK federation standard-setting?
  • 16. FAM09, Cardiff Copyright © EDINA, 2009 16 Access Management Voices(1): Technical Architect • If you have an aspiration… • “Show me the spec.!” • Demonstrate: – Necessity – Deployability – Widespread need Photo: Library of Congress, Bain Collection / Flickr
  • 17. FAM09, Cardiff Copyright © EDINA, 2009 17 Access Management Voices(2): Legal • Enshrine DPA principles • Avoid liability • Agrees with architect: – SP will ask for too much Photo: Library of Congress, Bain Collection / Flickr
  • 18. FAM09, Cardiff Copyright © EDINA, 2009 18 Access Management Voices(3): missing in action • No IdP, SP representatives! • Fed. tries to think “if I were an IdP/SP…” – Works for “horizontal” requirements – Not so good for app- specific, “vertical” requirements Photo: State Library of New South Wales / Flickr
  • 19. FAM09, Cardiff Copyright © EDINA, 2009 19 Access Management Hard to deal with everyone Trad. answer is representative forums
  • 20. FAM09, Cardiff Copyright © EDINA, 2009 20 Access Management SP forums • Representative SPs to broker requirements • SPs know what attributes they want • “Vertical” forums: – Divorce apps from infrastructure – Can cross national boundaries
  • 21. FAM09, Cardiff Copyright © EDINA, 2009 21 Access Management IdP forums • IdPs: – Determine feasibility – Implement • Had to be invented for Eduserv • Now generalise
  • 22. FAM09, Cardiff Copyright © EDINA, 2009 22 Access Management Joint forums allow bottom-up progress • App-specific forums • Experiment, agree, deploy, not theorise: – Small scale (10s not 100s) – Scale up success • IETF style
  • 23. FAM09, Cardiff Copyright © EDINA, 2009 23 Access Management How to disclose data but not go to jail Photo: State Library of New South Wales / Flickr
  • 24. FAM09, Cardiff Copyright © EDINA, 2009 24 Access Management Technical fix: user consent at run time
  • 25. FAM09, Cardiff Copyright © EDINA, 2009 25 Access Management Technical fix: problems • Additional user interface complexity: – Extra screen: what is being asked? • IdP must still: – Create (default) ARP – Confront quasi-legal questions • SP must: – Handle revocation
  • 26. FAM09, Cardiff Copyright © EDINA, 2009 26 Access Management DPA permits disclosure on grounds other than consent, including necessity for purpose
  • 27. FAM09, Cardiff Copyright © EDINA, 2009 27 Access Management ICO Legal Guidance 3.1.5 … “The Commissioner’s view is that consent is not particularly easy to achieve and that data controllers should consider other conditions in Schedule 2 (and Schedule 3 if processing sensitive personal data) before looking at consent. No condition carries greater weight than any other. All the conditions provide an equally valid basis for processing. Merely because consent is the first condition to appear in both Schedules 2 and 3, does not mean that data controllers should consider consent first.” …
  • 28. FAM09, Cardiff Copyright © EDINA, 2009 28 Access Management Alternative for processing personal data 3.1.1 … “The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed… The Commissioner takes a wide view of the legitimate interests condition…”
  • 29. FAM09, Cardiff Copyright © EDINA, 2009 29 Access Management Data processor agreements • Commercial SPs have licences anyway • Add some DPA clauses: – You have a data processor agreement – IdP covered against SP misbehaviour Photo: Library of Congress, Bain Collection / Flickr
  • 30. FAM09, Cardiff Copyright © EDINA, 2009 30 Access Management Opportunities in JISC model licence? • Add standard DPA terms for SPs • Define recommended ARP for each SP: – Move per-SP, quasi-legal thinking from IdP to IdP forum + JISC Collections – JISC Collections doing legal anyway (licence negotiation), IdP forum informs on feasibility – Simplify by banding?
  • 31. FAM09, Cardiff Copyright © EDINA, 2009 31 Access Management Computing regulations • Add DPA “Purposes” • Serve as user notification (“fair processing”) • In practice, vague is good – c.f. all commercial privacy policiesPhoto: Library of Congress, Bain Collection / Flickr
  • 32. FAM09, Cardiff Copyright © EDINA, 2009 32 Access Management Call to action Are you willing to be active in an IdP forum? Names please!