Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Privacy with Federated AA

Published byKelley Davis Modified over 5 years ago

Similar presentations

Presentation on theme: "Protecting Privacy with Federated AA"— Presentation transcript:

1 Protecting Privacy with Federated AA
Andrew Cormack Chief Regulatory Adviser, UKERNA

2 I’m “JSmith/T,t<*?I1”
“AuthZ & AuthN” Today Are you a licensed user? I’m “JSmith/T,t<*?I1” ? Site Licence User’s identity and personal data are known to all Publisher knows more than it wants and less than it needs Organisation’s precious credentials given to all publishers

3 Federated AuthZ & AuthN
I’m “JSmith/T,t<*?I1”, am I? Are you a licensed user? Yes, you’re licensed They say I’m licensed OK! Site Licence User’s identity and personal data are protected Publisher knows exactly what it needs Distribution of credentials is reduced

4 Fine-Grained A&A Needed for less-than-site licenses
Publisher can ask for more detail, e.g. User’s relationship with organisation (staff, pupil,…) Unique persistent ‘handle’ for user Well-known identifier (e.g. username) for user Other attributes of user These may reveal personal or sensitive details Publisher must only ask for what it needs Organisation must only tell what user permits

5 Benefits for Users Much less need to disclose your identity
Personal data kept between you and your home organisation Publishers can tailor services better (At least) one less password to remember

6 Benefits for Organisations
Better service offered to users Uses existing access management systems And protects the data in them Can use same access control for all resources Both internal and external Fewer support problems Easier to comply with regulatory requirements Data Protection Act 1998, etc.

7 Benefits for Publishers
No need to maintain your own user database Authentication is done for you by home organisation Can authorise per institution, role, and/or entitlement Reduced user support requirements Reduced compliance burden Less storage/processing of personal data Accurate implementation of licence conditions Users take better care of credentials Organisations take better care of assertions

8 What is the Federation? A set of Rules that binds members:
Make accurate statements to other members If you say you can hold users accountable, do so Keep federation systems and data secure Use personal data correctly (inc. DPA1998) Resolve problems within the Federation Not by legal action Assist Federation Operator and other members

9 There must be more to it…
There is  Guidance, examples, support How to comply with the Rules How to inter-work with other members Common definitions, etc. Help in planning the transition Experiences of early adopters Software to implement Federation services Gateways for transition or outsourcing All this is advisory, not prescriptive Can use as much or as little as you need

Download ppt "Protecting Privacy with Federated AA"

Similar presentations

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG.

Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.

Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.

Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.
National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.

Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.

Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.

Shibboleth in Finnish Higher Education Organisations E-ICOLC 2005 Poznan, Poland.

Similar presentations

Ads by Google