1 / 18

GÉANT Data Protection Code of Conduct (DP CoC )

GÉANT Data Protection Code of Conduct (DP CoC ). 21.6.2012 FIM for research collaboration workshop Mikael Linden, Mikael.Linden@csc.fi. The Issue. Federated Identity Management for Research Collaborations Date of this version: 23rd April 2012 Common requirements

guri
Télécharger la présentation

GÉANT Data Protection Code of Conduct (DP CoC )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GÉANT Data ProtectionCode of Conduct (DP CoC) 21.6.2012 FIM for researchcollaboration workshop Mikael Linden, Mikael.Linden@csc.fi

  2. The Issue Federated Identity Management for Research Collaborations Date of this version: 23rd April 2012 • Common requirements • “Flexible and scalable IdP attribute release policy. Different communities and indeed SPs within a community are likely to require a different set of attributes from the IdPs. The IdP policy related to the release of user attributes and the negotiation mechanism needs to be able to provide this flexibility. Bilateral negotiations between all SPs and all IdPs is not a scalable solution.” • “Attributes must be able to cross national borders. Data protection considerations must allow this to happen.”

  3. Goal of the Data ProtectionCode of Conduct • Ease the release of attributesfrom Home Organisations (HO) to Service Providers (SP) => Makeiteasier for endusers to log into SPs (in differentidentityfederations/countries/jurisdictions) • Try to makeit in a waywhich is sufficientlycompliantwith the EU data protectiondirective • Balance the risk of non-compliancewithvalue of easycollaboration • Sharingrelatedresponsibilitiesbetween the HO and SP • Remainscalablewhen the # of HOs and SPsgrows • Try to reduce Home Organisations’ hesitation to release attributes • Seek for ways to avoidHOsbecomingliable for SP’smisbehaviour

  4. The data protectionrisk(by the Data protectiondirective) • A Home organisationtakes a riskwhenitreleasesattributes to an SP • Home organisationmaybecomepartlyliableife.g. the SP is hacked and personal data is spilled to the Internet => Home Organisationshesitate to release attributes Home organisation(IdP) Service Provider (SP) Attributes =personal data(unique ID, name, mail, eduPersonAffiliation…)

  5. Managing Home Organisations’ data protectionrisk • Reduce the Home Organisationsrisks • By Data ProtectionCode of Conduct • Let the Home organisationsassess the residualrisk • Balance the risk of data protectionproblemswith the benefits of easycollaboration for researchers, teachers and students • The Home Organisationneeds to decideif the Code of Conductprovidesgoodenoughguaranteesfor attribute release

  6. Data ProtectionCode of Conductapproach SP Code of Conduct relating to personal data processing • Voluntary to SPs (butSPshaveinterest to sign to receiveattributes) • Voluntary to Home Orgs to rely on (butmayeaseIdPadmin’swork) • Nothingbinds to GEANT/eduGAIN only • couldbeusedinternally in a federation, too • It’snotsodifficult! LearnSP’scommitment Sign&publish HO SP LearnSP’scommitment Sign&publish HO SP LearnSP’scommitment Sign&publish HO SP

  7. The SP Code of Conductdetails • https://refeds.terena.org/index.php/Code_of_Conduct_for_Service_Providers

  8. Public consultationstartsnow • Target of the call for comments • Service Providers (e.g. FIM for researchcollaborations) • Home Organisations (representedby and the commentsgatheredby the identity federation operators) • Allmaterial for the publicconsultationavailable in https://refeds.terena.org/index.php/Code_of_Conduct_for_Service_Providers • Code of Conduct for the Service Providers • Short introduction/coverletter • Template for yourcomments • Deadline for comments: 12th of Aug, 2012

  9. Technicalimplementationusing SAML2 metadata • SPs MUST populate in their SAML2 metadata • Mdui:DisplayName, mdui: Description, mdui:PrivacyStatementURL • (Mdui:Logo is MAY) • Md:RequestedAttributes (withisRequired=”true”) • EntityAttribute: link to a signed copy of the Code of Conduct for SPs • EntityAttribute: identifier for the SP’sjurisdiction • SP’s Home Federation makessomesanitychecks • Linksresolve to properexistingdocumentsetc • Identityfederations just mediateSPs’ SAML2 metadata to the IdPs • IdPs SHOULD present a GUI to inform the user of the attribute release

  10. Documentationsupporting the Data protectionCode of Conduct • General documents • Introduction to Data protectiondirective • Managing data protectionrisks • GEANT Data protectionCode of Conduct • Service ProviderCode of Conduct (”the Document”) • PrivacyPolicyguidelines for Service Providers • Whatattributesarerelevant for Service Providers • Data protectiongoodpractice for Home Organisations • Federation operator’sguidelines • Handlingnon-compliance • SAML2 profilefor the Code of Conduct • Notes on implementation on the inform/consent UI

  11. Piloting the CoC • CLARIN and eduGAIN going to have a practicalpilot on the Data ProtectionCode of Conduct • Kick-off on Monday • Pilottakesplace in Autumn • Some CLARIN SPsfromseveralcountries • Some Home Organisationsfromseveralcountries

  12. Questions?

  13. Backupslides

  14. EU Data protectiondirectiveDefinitions • Personal data: ” any information relating to an identified or identifiable natural person” • Lawyer: assume any attribute (ePTID and even eduPersonAffiliation) counts as personal data • Processing of personal data: ”any operation or set of operations on personal data, such as collection, …, dissemination,… etc” • Both IdP and SP processes personal data • Data Controller: organisation which alone or jointly with others determines the purposes and means of the processing of personal data • IdP and SP (usually) are data controllers • Federation (and interfederation) may be joint data controller

  15. EU Data protectiondirectiveObligations to data controllers (1/3) Security of processing • The controllermustprotectpersonal data properly • Level of securitydependse.g. on the sensitivity of attributes => Federation policies, use of TLS and endpointauthentication, federation operator’spractices… Purpose of processing • Mustbedefinedbeforehand • Youmuststick to thatpurpose => Purpose of processing in IdPs: ~to supportresearch and education => SPs’ purpose of processingmustnotconflictwiththis

  16. EU Data protectiondirectiveObligations to data controllers (2/3) Relevance of personal data • Personal data processed must be adequate, relevant and not excessive • SPs must request and IdPs must release only relevant attributes • => md:RequestedAttribute Controller must inform the end user • when attributes are released for the first time • SP’s name and identity (=>mdui:Displayname, mdui:Logo) • SP’s purpose (=>mdui:Description) • Categories of attributes processed (=> uApprove or similar) • Any other information (mdui:PrivacyStatementURL) • Layered notice!

  17. EU Data protectiondirectiveMaking data processinglegitimate • Userconsents, or • Processing is necessary for performance of a contract to which the user is a subject, or • The controllerhas a legalobligation to processpersonal data, or • Necessary for vitalinterests of the user, or • Necessary for a taskcarried out in publicinterest, or • Necessary for the legitimateinterests of the data controller • Lawyer: Use (f): the SP has legitimate interests to provide service to the user • When the userexpresseshiswillingness to use the service (e.g. byclicking ”log in” link)

  18. Summary: EU data protectiondirective in veryshort • Processpersonal data securely • Usepersonal data only for a pre-definedpurpose • Inform the user • Data minimisation (Minimaldisclosure) • Service Provider’slegitimateinterestsas the legalgrounds • Ifattributesreleasedout of EU/EEA, somemorepaperworkneeded • Weseem to becoverging on theseinterpretations • The proposed General Data ProtectionRegulationdoesnotchange the big picture, buttherearesomeupdates

More Related