Users' consent - simple as SAML David Simonsen
=
FED. C FED. (USA) FØD. FED. r o Kalmar Kalmar FED. Kalmar s s f e d FED. g e e d g e w l d n o w l e K o e K n g e e d w l n o K r FED. a e n g e h a g x c a n E c h E x e n g h a x c E t FED. i o FED. n FED. i s FED. c FED. eduGAIN eduGAIN o m FED. i n FED. FED. g
EU directive • Directive 95/46/EC of the . . . l l a European Parliament and of the s u Council of s n 24 October 1995 on the r e protection of individuals with s n o regard to the processing of c t personal data and on the free I movement of such data
Principles • Transparency • Legitimate purpose • Proportionality
Privacy "Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively ." - WikiPedia
Consent
Purpose What is the service about? • Can the service justify the amount of attributes required ?
Consent • The consent must be • Volentary (no arm-twisting) • Specific (one purpose) • Informed (understandable)
Volentary • 'If you don't consent we will spank you every Monday' Do you consent to sending a personal pseudonym (non-identifiable pointer) to Microsoft?
Specific • 'All connected services may recieve your email- adress' 'BBC may recieve your email-adress'
Informed • 'If you do not consent we will not not decline from not delivering no services' 'If you do not consent you will not get access'
Consent withdrawn • You can always withdraw a consent - but where to do it? Where you gave it... But who did you give it to?
In a Shib-føderation
Central Proxy IdP
Central IdP
Duty of information Consent Consent covers both No personal data should be kept
No personal data is kept 8ds989g+sdfhkjrwk30 ! 2km4756k4l3n43j34j3
Use simpleSAMLphp How to do it?
DEMO TIME
Links • Wiki @ DK-AAI (http://wiki.dk-aai.dk) • Foodle @ FEIDE (http://foodle.feide.no) • DK-AAI website http://www.dk- aai.dk/?do=login • Consent administration @ WAYF https://wayf.wayf.dk/consent/consentAdmin. php
Recommend
More recommend