Presentation is loading. Please wait.

Presentation is loading. Please wait.

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science

Similar presentations


Presentation on theme: "Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science"— Presentation transcript:

1 Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

2 Innovation through participation Federated Identity Management for Research Collaborations Date of this version: 23rd April 2012 Flexible and scalable IdP attribute release policy. Different communities and indeed SPs within a community are likely to require a different set of attributes from the IdPs. The IdP policy related to the release of user attributes and the negotiation mechanism needs to be able to provide this flexibility. Bilateral negotiations between all SPs and all IdPs is not a scalable solution. Attributes must be able to cross national borders. Data protection considerations must allow this to happen. Federated Identity Management for Research Collaborations Date of this version: 23rd April 2012 Flexible and scalable IdP attribute release policy. Different communities and indeed SPs within a community are likely to require a different set of attributes from the IdPs. The IdP policy related to the release of user attributes and the negotiation mechanism needs to be able to provide this flexibility. Bilateral negotiations between all SPs and all IdPs is not a scalable solution. Attributes must be able to cross national borders. Data protection considerations must allow this to happen. The Issue

3 Innovation through participation Data Protection Code of Conduct approach Goal is to increase trust between Home Organisations and Service Providers and thus faciliate attribute release For more information on the DP Code of Conduct: https://refeds.terena.org/index.php/Data_protection_coc TNC speak: https://tnc2013.terena.org/core/presentation/8https://tnc2013.terena.org/core/presentation/8 TNC fullpaper: SP Commit to SP Commit to SP Commit to HO Learn SPs commitment GEANT Data protection Code of Conduct

4 Innovation through participation Federations & GÉANT Data protection Code of Conduct 25 EEA Data Protection 5 EEA Compatible DP 1 Safe Harbor (USA) 13 Federation outside GÉANT CoC (4 in or joining) European Union European Economic Area countries with adequate data protection pursuant to Article 25.6 of the directive 95/46/EC e.g. Switzerland e.g. the US safe harbour European Union European Economic Area countries with adequate data protection pursuant to Article 25.6 of the directive 95/46/EC e.g. Switzerland e.g. the US safe harbour

5 Innovation through participation Data Protection Code of Conduct is approved and ready for deployment Normative documents: Data Protection Code of Conduct for SPs in EU/EEA SAML2 profile for the DP CoC Entity category attribute definition for the DP CoC Non-normative, informational documents: Introduction Introduction to the DP directive Risk management Privacy policy guidelines What attributes SP can request Good practice for Home Organisations Federation operator guideines Handling non-compliance IdP GUI guidelines https://refeds.terena.org/index.php/Data_protection_coc

6 Innovation through participation New: Data protection Code of Conduct cookbook Recipe for Service Providers Recipe for Home Organisations Recipe for Federation Operators https://wiki.edugain.org/Data_Protection_Code_of_Conduct_Cookbook

7 Innovation through participation eduGAIN recommended attributes to be populated by the IdPs displayName cn mail eduPersonAffiliation, eduPersonScopedAffiliation, eduPersonPrincipalName, SAML2 Persistent NameID (eduPersonTargetedID), schacHomeOrganization schacHomeOrganizationType

8 Innovation through participation Next steps Deployment Together with research communities? WP29 consultation To get an endorsement from the EU data protection authorities Another CoC for non-EU /EEA attribute release To support attribute release from a Home Organisation in EU/EEA to a Service Provider outside EU/EEA

9 Innovation through participation International Code of Conduct For attribute release out of EU/EEA SP Commit to SP Commit to SP Commit to HO GEANT Data protection Code of Conduct EC Contractual Clauses [1] Commit to + In EU/EEAOutside EU/EEA [1]

10 Innovation through participation Questions?


Download ppt "Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science"

Similar presentations


Ads by Google