© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by: Terry Smith 1 st June 2010 Supported by the Australian.

Slides:



Advertisements
Similar presentations
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Advertisements

Family Educational Rights and Privacy Act (FERPA) Basics For Faculty and Staff.
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.
AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
Shibboleth and uApprove at University of Michigan Luke Tracy – Ken Hammer –
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
SAML 2.0: Federation Models, Use-Cases and Standards Roadmap
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Environmental Management System Definitions
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Shibboleth: An Introduction
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Overview of schemas used for IdM community Setting up of identity provider Motonori Nakamura, National Institute of Informatics, Japan 2nd TEIN IAM Workshop.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Attribute Release and Scalable Consent \. Part of the original vision for federated identity and necessary for it to succeed Federated identity is less.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Accurate  Consistent  Compliant Contact: i4i the structured content company the structured content company.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Protection of Personal Information Act An Analysis on the impact.
Understanding Privacy An Overview of our Responsibilities.
How eduGAIN can help education: a real life story Sabita Behari Product Manager TNC14.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
Understanding Privacy An Overview of our Responsibilities.
Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science
Michael Spiegel, Esq Timothy Shimeall, Ph.D.
IT Applications Theory Slideshows
G.D.P.R General Data Protection Regulations
Shibboleth and uApprove at University of Michigan
Appropriate Access InCommon Identity Assurance Profiles
Verifying student status with
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by: Terry Smith 1 st June 2010 Supported by the Australian Government through the Department of Innovation, Industry, Science and Research

T HE AAF A BRIEF HISTORY o Federation for Higher Education and Research o Replaces the MAMS Test bed federation o Shibboleth, SAML2, based on SWITCHaai model o AAF Incorporated mid 2009 o 50% of AU and NZ Universities and growing o Mini Grant program to encourage service providers o Federally funded until the end of 2010 o Self sustaining from 2011 thru subscriptions o Three streams of activities o Policy o Technology o Marketing Visit us online: © Australian Access Federation Inc.

P RIVACY IN A USTRALIA o Australian Privacy Law o Framework and Guidelines for Privacy o State Privacy Laws o AAF Rules for participants o Requirements from our participants © Australian Access Federation Inc. o Project underway to meet Australian legal requirements o Must ensure we continue with standard solution o Must be simple, useable and non-intrusive Australia's national privacy regulator, protecting personal information AAF SOLUTION AAF R EQUIREMENTS

I NFORMATION P RIVACY P RINCIPLES Summary of the eleven Information Privacy Principles IPP 1: manner and purpose of collection IPP 2: collecting information directly from individuals IPP 3: collecting information generally IPP 4: storage and security IPPs 5 - 7: access and amendment IPPs : information use IPP 11: disclosure © Australian Access Federation Inc. Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

W HERE TO B EGIN The AU privacy guidelines inform us to do... o Threshold Assessment – are there privacy risks that need to be addressed? o YES o Privacy Impact Assessment © Australian Access Federation Inc. Project descriptionMapping information flows and privacy framework Privacy impact analysis Privacy management Recommendations After the assessment --- what then?

P ROJECT D ESCRIPTION The Big picture – Building a Higher Education and Research Federation © Australian Access Federation Inc.

I NFORMATION FLOWS, C ORE A TTRIBUTES Identity Providers assert user information to Service Providers as attributes. Full attribute specification at : © Australian Access Federation Inc. auEduPersonSharedToken – unique, persistent ID eduPersonTargetedID – privacy-preserving ID targeted to a particular SP eduPersonAffiliation and eduPersonScopedAffiliation – e.g. student or staff eduPersonEntitlement – string arranged with SP to grant a particular entitlement eduPersonAssurance – URN indicating one of 4 levels of identity assurance AuthenticationMethod – URN indicating one of 4 levels of authentication assurance displayName and cn – contain the user’s name mail – the user’s address o – the name of the organisation

I MPACT A NALYSIS & M ANAGEMENT o Risk analysis and management of privacy information... © Australian Access Federation Inc. How information flows affect individuals’ choices in the way personal information about them is handled The degree of intrusiveness into individuals’ lives Compliance with privacy law How the project fits into community expectations.

R ECOMMENDATIONS © Australian Access Federation Inc. Develop and deploy solution Review existing options against the requirements Technical architecture AAF Privacy Requirement document

R EQUIREMENTS © Australian Access Federation Inc. Terms of Use Information that is necessary, minimal disclosure Purpose for use of information Review claim sent to SP’s User friendly and easy to incorporate, standards based.

OTHER FACTORS TO CONSIDER Do we show users privacy preserving attributes or do we assume they are outside the privacy regime? What does the AAF and its members consider “Personal Information”? Are there any legal requirements on how long claim records should be kept by identity providers? © Australian Access Federation Inc.

OTHER FACTORS TO CONSIDER C ONT What levels of access should be defined for report generation and what information should be available to administrators at each level? In the future how do we deal with attribute release for minors? Are users who are under 18 able to accept release of their personal information? Should the federation support user modification and choice for attributes that certain service providers consider ‘optional’? © Australian Access Federation Inc.

A RCHITECTURE © Australian Access Federation Inc. Holistic Approach User Identity Provider Service Provider Federation

A VAILABLE OPTIONS, U SER C ONSENT o AAF could build it own solution from the ground up o Use MAMS Autograph + SHARPe o Shibboleth 1.3.x only o Not production quality o Difficult to install / configure o uApprove o Good fit – need some extensions o Moving into Shibboleth core with V3.0 o simpleSAMLphp + consent o Good fit – may need some extensions o Not currently used any IdP’s, but some are considering o The trusted third party model (TTP) o Still being investigated o Possible User privacy concerns, in particular the centralized recording off all federation user attributes (used to determine if there have been value changes) o Change in from current hybrid model to Hub-and-spoke o Other options... © Australian Access Federation Inc.

U A PPROVE EXTENDED + … uApprove extensions o Regular retrieval Federation Terms of Service from central point o Provide two Terms of Service agree buttons (Local & Federation) o Store user attributes to enable re-approval if values change o Retrieve SP Statements of Attribute requirement from central point o Store history for attribute release consent and agreement to ToS © Australian Access Federation Inc.

… A DDITIONAL S UPPORT COMPONENTS Federation Tools o Record SP Attribute requirements and related information including attribute value sets, e.g. List of accepted entitlements o Approval process for SP Attribute requirement o Record IdP Attribute release policies o Metadata generator to include SP Attributes and values o Attribute-Filter generator that filters based on SP Attributes and Values + IdP release policy o Attribute-Map generator that filters based on SP Attributes and Values + IdP release policy o End point for SP Attribute requirements statement o End point for Federation ToS © Australian Access Federation Inc. Local Tools for IdPs o Review Attribute release consent o Review agreement to ToS o Local Administrators able to view

… A DDITIONAL S UPPORT COMPONENTS Identity Providers (Shibboleth only) o Inclusion and configuration of extended uApprove o Recording Attribute release policies with the federation o Use the generated Attribute-Filter from federation © Australian Access Federation Inc. Service Providers o Recording of Attribute requirements with the federation o Optional use of generated Attribute-Policy from federation

P OLICY AND M ARKETING Technology is not enough, it needs to be backed by POLICY and well Publicised IdPs and SPs must Deploy the technical solution Register information centrally and be informed Know their responsibilities w.r.t privacy laws Be aware of the risks and how they can be mitigated User must be aware of the rights and responsibilities © Australian Access Federation Inc.

T IME FRAMES © Australian Access Federation Inc. Deployment and testing against the AAF Test environment during Q Early adopters begin using in production AAF environment during Q Expect major take up by from the start of 2011

O THER I SSUES o Co-federation o Non web protocols and applications – Project Moonshot o Other Federation stacks o simpleSAML o ORACLE Access Manager o Novell Access Manager o Future versions o Changes to Requirements o Australian Laws o Participant requirements o Federation Group attributes and other attributes from secondary IdPs o Attribute release via data-mining, e.g. De-provisioning o Computed Attributes (Age > 18: True/False) o Utilization reporting – accuracy © Australian Access Federation Inc.

Visit us online Heath Marks Project Manager Patricia McMillan Policy, Strategy and Process More Information? © Australian Access Federation Inc. Q UESTIONS ? Terry Smith Technical Program Manager

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.