1 / 10

Data Protection Code of Conduct (DP CoC )

Data Protection Code of Conduct (DP CoC ). REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science Mikael.Linden@csc.fi. The Issue. Federated Identity Management for Research Collaborations Date of this version: 23rd April 2012

jada
Télécharger la présentation

Data Protection Code of Conduct (DP CoC )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data ProtectionCode of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science Mikael.Linden@csc.fi

  2. The Issue Federated Identity Management for Research Collaborations Date of this version: 23rd April 2012 • “Flexible and scalable IdP attribute release policy. Different communities and indeed SPs within a community are likely to require a different set of attributes from the IdPs. The IdP policy related to the release of user attributes and the negotiation mechanism needs to be able to provide this flexibility. Bilateral negotiations between all SPs and all IdPs is not a scalable solution.” • “Attributes must be able to cross national borders. Data protection considerations must allow this to happen.”

  3. Data ProtectionCode of Conductapproach GEANT Data protection Code of Conduct Goal is to increase trust between Home Organisations and Service Providers and thus faciliate attribute release For moreinformation on the DP Code of Conduct: • https://refeds.terena.org/index.php/Data_protection_coc • TNC speak: https://tnc2013.terena.org/core/presentation/8 • TNC fullpaper: http://tnc2013.terena.org/getfile/871 LearnSP’scommitment Commit to HO SP LearnSP’scommitment Commit to HO SP LearnSP’scommitment Commit to HO SP

  4. Federations & GÉANT Data protection Code of Conduct • European Union • European Economic Area • countries with adequate data protection pursuant to Article 25.6 of the directive 95/46/EC • e.g. Switzerland • e.g. the US safe harbour 25 EEA Data Protection 5 EEA Compatible DP 1 Safe Harbor (USA) 13 Federation outside GÉANT CoC (4 in or joining)

  5. Data ProtectionCode of Conduct is approved and ready for deployment Normativedocuments: • Data ProtectionCode of Conduct for SPs in EU/EEA • SAML2 profile for the DP CoC • Entitycategoryattribute definition for the DP CoC Non-normative, informationaldocuments: • Introduction • Introduction to the DP directive • Risk management • Privacypolicyguidelines • Whatattributes SP canrequest • Goodpractice for Home Organisations • Federation operatorguideines • Handlingnon-compliance • IdP GUI guidelines https://refeds.terena.org/index.php/Data_protection_coc

  6. New: Data protectionCode of Conductcookbook • Recipe for Service Providers • Recipe for Home Organisations • Recipe for Federation Operators • https://wiki.edugain.org/Data_Protection_Code_of_Conduct_Cookbook

  7. eduGAIN recommendedattributes to bepopulatedby the IdPs • displayName • cn • mail • eduPersonAffiliation, eduPersonScopedAffiliation, • eduPersonPrincipalName, • SAML2 Persistent NameID (eduPersonTargetedID), • schacHomeOrganization • schacHomeOrganizationType

  8. Nextsteps • Deployment • Togetherwithresearchcommunities? • WP29 consultation • To get an endorsementfrom the EU data protectionauthorities • AnotherCoC for non-EU /EEA attribute release • To supportattribute release from a Home Organisation in EU/EEA to a Service Provider outside EU/EEA

  9. International Code of ConductFor attribute release out of EU/EEA GEANT Data protection Code of Conduct Commit to SP Commit to SP Commit to HO Commit to SP Commit to HO Commit to + HO EC Contractual Clauses [1] In EU/EEA Outside EU/EEA [1] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:385:0074:0084:EN:PDF

  10. Questions?

More Related