Presentation is loading. Please wait.

Presentation is loading. Please wait.

7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport TERENA Code of Conduct B.Abt PSI 1 Björn Abt.

Published byKory Miles Modified over 8 years ago

Similar presentations

Presentation on theme: "7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport TERENA Code of Conduct B.Abt PSI 1 Björn Abt."— Presentation transcript:

1 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport TERENA Code of Conduct B.Abt PSI 1 Björn Abt

2 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 2 What is the TERENA Data Protection Code of Conduct? ● The Data protection Code of Conduct describes an approach to meet the requirements of the EU Data Protection Directive in federated identity management. ● The Data protection Code of Conduct defines behavioral rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations.

3 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 3 What does it contain? ● Ensure that the SAML 2.0 elements conform to the SAML 2 Profile for the Code of Conduct. ● Remind the Service Provider to check that the Service Provider's mdui:Description and mdui:DisplayName elements are understandable and useful for common end users. ● Check that the Service Provider's Privacy Policy document is available and indicates commitment to the Code of Conduct. ● Remind the Service Provider to make sure that the list of requested attributes is consistent with the Privacy Policy document.

4 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 4 SAML2 Profile: CoC <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion” Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> http://www.geant.net/uri/dataprotection- code-of-conduct/v1

5 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 5 SAML2 Profile: mdui FileSender FileSender tarjoaa helpon tavan jakaa suuria tiedostoja. FileSender offers an easy way to share large files with anyone. https://filesender.example.org/privacy- fi.html https://filesender.example.org/privacy- en.html

6 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 6 SAML2 Profile: Attributes <RequestedAttribute FriendlyName="EAAHash" Name="urn:oid:1.3.6.1.4.1.9999.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <RequestedAttribute FriendlyName="EAAKey" Name="urn:oid:1.3.6.1.4.1.9999.1.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <RequestedAttribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>

7 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 7 Privacy Policy AttributeDescription Service NameSHOULD be the same as mdui:DisplayName Service DescriptionSHOULD be the same as mdui:Description Data ControllerInstitute name storing data and a contact person JurisdictionThe country in which the Service Provider is established and whose laws are applied. Personal data processedShow the user which of his data is processed

8 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 8 Privacy Policy AttributeDescription Purpose of the processing of personal data What is the purpose of collecting personal data. Third parties to whom personal data is disclosed Is personal data given to third parties? How to access, rectify and delete personal data Contact the contact person. Data retentionWhen is the user record going to be deleted or anonymised? Data protection code of conduct Show the reference to the Terena code of conduct for service providers.

9 7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport B.Abt, PSI 9 Next steps: ● Shall we implement this Code of Conduct? ● Service Providers must provide the neccessary information ● The information must be evaluted and integrated into the existing system.

10 PaNdata Meeting 9.-10.9.2013 ALBA Thank you for your attention! B.Abt PSI 10

Download ppt "7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport TERENA Code of Conduct B.Abt PSI 1 Björn Abt."

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
 Q. Should we keep electronic records  Q. Do you purchase a software package  Q. Do you develop your own package  Q. What solution would be most cost.

 Q. Should we keep electronic records  Q. Do you purchase a software package  Q. Do you develop your own package  Q. What solution would be most cost.
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) 21.6.2012 FIM for research collaboration workshop Mikael Linden,

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
National Science Foundation Division of Science Resources Statistics May 15 2008 The Confidential Information Protection and Statistical Efficiency Act.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012
Professional Behaviour

Professional Behaviour
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
EduGAIN Code of Conduct Workshop, 2012-02-09, Brussels GEANT eduGAIN Data Protection Code of Conduct Workshop Dieter Van Uytvanck

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Professional Ethics in Computing Dr. David Sinclair L253

Professional Ethics in Computing Dr. David Sinclair L253
2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

Similar presentations

Ads by Google