Protecting Privacy with Federated AA

Slides:



Advertisements
Similar presentations
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Advertisements

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
Using Digital Credentials On The World-Wide Web M. Winslett.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.
National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
Project Moonshot Daniel Kouřil EGI Technical Forum
Authentication and Authorisation for Research and Collaboration TeSS Service Provider Training, Manchester Authentication and Authorisation.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
The FederID project The First Identity Management and Federation Free Software.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Acting as a Responsible Financial Caregiver 1. What a financial caregiver does Types of financial caregiving Financial caregiver challenges 2 What We’ll.
PRACE user authentication and vetting Vincent RIBAILLIER, 29 th EUGridPMA meeting, Bucharest, September 9 th, 2013.
Identity and Access Management
Learning objective Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.
Bring the WLCG federation Home
Open Science Grid Consortium Meeting
e-Infrastructure Workshop 28th March 2006, University of Leeds
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
6 Principles of the GDPR and SQL Provision
MyHR and Data Protection
TNC - 22nd May 2007 Mark Tysom, UKERNA
D3 Confidentiality.
UK Access Management Federation
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Moving forward with assurance
WG 1.5 b Summary Statement: Qualitative e-Government-services and effective front-office are conditioned by a good back-office Presentation of Emmanuel.
Shibboleth 2.0 IdP Training: Introduction
The Attribute and the ecosystem
Access and Use Policies
KC-ROLO Project Kidderminster College – Repository Of Learning Objects
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Protecting Privacy with Federated AA Andrew Cormack Chief Regulatory Adviser, UKERNA A.Cormack@ukerna.ac.uk

I’m “JSmith/T,t<*?I1” “AuthZ & AuthN” Today Are you a licensed user? I’m “JSmith/T,t<*?I1” ? Site Licence User’s identity and personal data are known to all Publisher knows more than it wants and less than it needs Organisation’s precious credentials given to all publishers

Federated AuthZ & AuthN I’m “JSmith/T,t<*?I1”, am I? Are you a licensed user? Yes, you’re licensed They say I’m licensed OK! Site Licence User’s identity and personal data are protected Publisher knows exactly what it needs Distribution of credentials is reduced

Fine-Grained A&A Needed for less-than-site licenses Publisher can ask for more detail, e.g. User’s relationship with organisation (staff, pupil,…) Unique persistent ‘handle’ for user Well-known identifier (e.g. username) for user Other attributes of user These may reveal personal or sensitive details Publisher must only ask for what it needs Organisation must only tell what user permits

Benefits for Users Much less need to disclose your identity Personal data kept between you and your home organisation Publishers can tailor services better (At least) one less password to remember …

Benefits for Organisations Better service offered to users Uses existing access management systems And protects the data in them Can use same access control for all resources Both internal and external Fewer support problems Easier to comply with regulatory requirements Data Protection Act 1998, etc. …

Benefits for Publishers No need to maintain your own user database Authentication is done for you by home organisation Can authorise per institution, role, and/or entitlement Reduced user support requirements Reduced compliance burden Less storage/processing of personal data Accurate implementation of licence conditions Users take better care of credentials Organisations take better care of assertions …

What is the Federation? A set of Rules that binds members: Make accurate statements to other members If you say you can hold users accountable, do so Keep federation systems and data secure Use personal data correctly (inc. DPA1998) Resolve problems within the Federation Not by legal action Assist Federation Operator and other members

There must be more to it… There is  Guidance, examples, support How to comply with the Rules How to inter-work with other members Common definitions, etc. Help in planning the transition Experiences of early adopters Software to implement Federation services Gateways for transition or outsourcing All this is advisory, not prescriptive Can use as much or as little as you need

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.