Privacy Framework for Attribute Release in an (Inter)Federation
Time 04/23/12 01:15PM-02:30PM
Session Abstract
As the federations grow and get interconnected, a Service Provider has end users coming potentially from thousands of Identity Providers in several countries. For an Identity Provider administrator, this imposes a difficult requirement of being able to assess the Service Provider abroad and decide whether to release attributes to it. Scalability becomes an issue, if the Identity Provider administrator needs to evaluate the Service Providers one-by-one.
A major reason for Identity Providers' reluctance to release attributes are the privacy laws. The Identity Provider hesitates to take any legal risks when it releases user attributes to the SP without knowledge of the SP's specific practices. On the other hand, collaborations are often very spontaneous and the users are not willing to wait. Researchers collaborate and use shared research tools and datasets in an international community.
eduGAIN, the European project for interconnecting the academic identity federations, has studied ways to satisfy the European data protection directive in attribute release. REFEDS, the global organisation for academic identity federations, has established a workgroup to facilitate easy sharing of user. In 2011, the two workgroups joined their forces to establish common Code of Conduct for privacy issues in an (inter)federation. The proposed session presents the approach adopted in the Code of Conduct.
Speakers
Speaker Steven Carmody Brown University
Speaker Mikael Linden CSC, the Finnish IT Center for Science
Speaker Valter Nordh University of Gothenburg
Presentation Media

Speaker Mikael Linden CSC, the Finnish IT Center for Science

Speaker Valter Nordh University of Gothenburg
Secondary tracks The Future: What's Next for the Net? Security National/Regional Collaboration Middleware Internet2 NET+ Services International Industry Partnership Development and Engagement Industry Global Reach and Leadership Focus on Federations Cyberinfrastructure Cloud Services Advanced Network Services and Leadership