GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019 Mikael Linden, mikael.linden@csc.fi CSC – IT Center for Science GN4-3 project
The attribute release problem Release my attributes to SP X, I need it to do my job! Home Organisation (HO): User (researcher) Sorry, to protect your privacy, we cannot release your attributes. IdP admin Authenticates Attributes ? Service Provider organisation IdP SP X
GEANT CoCo status and next steps In February 2019, authorities (EDPB) published draft guidelines for codes of conduct Effective oversight mechanisms Monitoring body GEANT Association and GEANT project now studying these Then contact Dutch authorities for submission https://wiki.refeds.org/x/N4MY
Monitoring the GEANT CoCo New to everyone, out first approach: Technical conformance Can be fully automated Behavioural conformance Based on self-assessments Complaints Who is proposed as the monitoring body? for SPs in eduGAIN, GEANT Association? for SPs in national federations, ??? SP IdP Participant Federation eduGAIN service
Other open issues How do we call it (GEANT data protection code of conduct for federated IdM?) Making international organisations confident to commit to it Authorities have not published guidelines for CoCos for international transfers