© Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by:...
-
Upload
kristina-chase -
Category
Documents
-
view
216 -
download
0
Transcript of © Australian Access Federation Inc. P RIVACY AND T HE A USTRALIAN A CCESS F EDERATION Presented by:...
© Australian Access Federation Inc.
PRIVACY AND THE AUSTRALIAN ACCESS FEDERATION
Presented by: Terry Smith
1st June 2010
Supported by the Australian Government through the Department of Innovation,
Industry, Science and Research
THE AAF A BRIEF HISTORY
o Federation for Higher Education and Researcho Replaces the MAMS Test bed federation o Shibboleth, SAML2, based on SWITCHaai modelo AAF Incorporated mid 2009o 50% of AU and NZ Universities and growingo Mini Grant program to encourage service providerso Federally funded until the end of 2010o Self sustaining from 2011 thru subscriptionsoThree streams of activities
oPolicyoTechnologyoMarketing
Visit us online: www.aaf.edu.au
© Australian Access Federation Inc. www.aaf.edu.au
PRIVACY IN AUSTRALIA
o Australian Privacy Lawo Framework and Guidelines for Privacy
o State Privacy Lawso AAF Rules for participantso Requirements from our participants
© Australian Access Federation Inc. www.aaf.edu.au
o Project underway to meet Australian legal requirementso Must ensure we continue with standard solutiono Must be simple, useable and non-intrusive
Australia's national privacy regulator,protecting personal information
http://www.privacy.gov.au/index.php
AAF SOLUTION
AAF REQUIREMENTS
INFORMATION PRIVACY PRINCIPLES
Summary of the eleven Information Privacy Principles IPP 1: manner and purpose of collectionIPP 2: collecting information directly from individualsIPP 3: collecting information generallyIPP 4: storage and securityIPPs 5 - 7: access and amendmentIPPs 8 - 10: information useIPP 11: disclosure
© Australian Access Federation Inc. www.aaf.edu.au
Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
WHERE TO BEGIN
The AU privacy guidelines inform us to do...oThreshold Assessment – are there privacy risks that need to be addressed?
oYES
oPrivacy Impact Assessment
© Australian Access Federation Inc. www.aaf.edu.au
•Project description
•Mapping information flows and privacy framework
•Privacy impact analysis
•Privacy management
• Recommendations
• After the assessment --- what then?
PROJECT DESCRIPTION
The Big picture – Building a Higher Education and Research Federation
© Australian Access Federation Inc. www.aaf.edu.au
INFORMATION FLOWS, CORE ATTRIBUTES
Identity Providers assert user information to Service Providers as attributes. Full attribute specification at : https://wiki.caudit.edu.au/confluence/display/aafaueduperson/Home.
© Australian Access Federation Inc. www.aaf.edu.au © Australian Access Federation Inc. www.aaf.edu.au
• auEduPersonSharedToken – unique, persistent ID• eduPersonTargetedID – privacy-preserving ID targeted to a
particular SP• eduPersonAffiliation and eduPersonScopedAffiliation – e.g.
student or staff• eduPersonEntitlement – string arranged with SP to grant a
particular entitlement• eduPersonAssurance – URN indicating one of 4 levels of
identity assurance• AuthenticationMethod – URN indicating one of 4 levels of
authentication assurance• displayName and cn – contain the user’s name• mail – the user’s email address• o – the name of the organisation
IMPACT ANALYSIS & MANAGEMENT
o Risk analysis and management of privacy information...
© Australian Access Federation Inc. www.aaf.edu.au
How information flows affect individuals’ choices
in the way personal information about them is
handled
The degree of intrusiveness into individuals’ lives
Compliance with privacy
law
How the project fits into community
expectations.
RECOMMENDATIONS
© Australian Access Federation Inc. www.aaf.edu.au
REQUIREMENTS
© Australian Access Federation Inc. www.aaf.edu.au
Terms of Use
Information that is necessary, minimal disclosure
Purpose for use of information
Review claim sent to SP’s
User friendly and easy to incorporate, standards based.
OTHER FACTORS TO CONSIDER
Do we show users privacy preserving attributes or do we assume they are outside the privacy regime?
What does the AAF and its members consider “Personal Information”?
Are there any legal requirements on how long claim records should be kept by identity providers?
© Australian Access Federation Inc. www.aaf.edu.au
OTHER FACTORS TO CONSIDER CONT
What levels of access should be defined for report generation and what information should be available to administrators at each level?
In the future how do we deal with attribute release for minors? Are users who are under 18 able to accept release of their personal information?
Should the federation support user modification and choice for attributes that certain service providers consider ‘optional’?
© Australian Access Federation Inc. www.aaf.edu.au
ARCHITECTURE
© Australian Access Federation Inc. www.aaf.edu.au
HolisticApproach
User
Identity Provider
ServiceProvider
Federation
AVAILABLE OPTIONS, USER CONSENT
o AAF could build it own solution from the ground upo Use MAMS Autograph + SHARPe
o Shibboleth 1.3.x onlyo Not production qualityo Difficult to install / configure
o uApproveo Good fit – need some extensionso Moving into Shibboleth core with V3.0
o simpleSAMLphp + consento Good fit – may need some extensions o Not currently used any IdP’s, but some are considering
o The trusted third party model (TTP)o Still being investigatedo Possible User privacy concerns, in particular the centralized recording off all federation user attributes (used to determine if there have been value changes)o Change in from current hybrid model to Hub-and-spoke
o Other options...
© Australian Access Federation Inc. www.aaf.edu.au
UAPPROVE EXTENDED + …
uApprove extensionso Regular retrieval Federation Terms of Service from central pointo Provide two Terms of Service agree buttons (Local & Federation)o Store user attributes to enable re-approval if values changeo Retrieve SP Statements of Attribute requirement from central pointo Store history for attribute release consent and agreement to ToS
© Australian Access Federation Inc. www.aaf.edu.au
… ADDITIONAL SUPPORT COMPONENTS
Federation Toolso Record SP Attribute requirements and related information including attribute value sets, e.g. List of accepted entitlementso Approval process for SP Attribute requiremento Record IdP Attribute release policieso Metadata generator to include SP Attributes and valueso Attribute-Filter generator that filters based on SP Attributes and Values + IdP release policyo Attribute-Map generator that filters based on SP Attributes and Values + IdP release policyo End point for SP Attribute requirements statement oEnd point for Federation ToS
© Australian Access Federation Inc. www.aaf.edu.au
Local Tools for IdPso Review Attribute release consento Review agreement to ToSo Local Administrators able to view
… ADDITIONAL SUPPORT COMPONENTS
Identity Providers (Shibboleth only)o Inclusion and configuration of extended uApproveo Recording Attribute release policies with the federation o Use the generated Attribute-Filter from federation
© Australian Access Federation Inc. www.aaf.edu.au
Service Providerso Recording of Attribute requirements with the federationo Optional use of generated Attribute-Policy from federation
POLICY AND MARKETING
Technology is not enough, it needs to be backed by POLICY and well Publicised
IdPs and SPs mustDeploy the technical solutionRegister information centrally
and be informedKnow their responsibilities w.r.t privacy laws
Be aware of the risks and how they can be mitigated
User must be aware of the rights and responsibilities
© Australian Access Federation Inc. www.aaf.edu.au
TIME FRAMES
© Australian Access Federation Inc. www.aaf.edu.au
Deployment and testing against the AAF Test environment during Q3 2010
Early adopters begin using in production AAF environment during Q4 2010
Expect major take up by from the start of 2011
OTHER ISSUES
o Co-federationo Non web protocols and applications – Project Moonshoto Other Federation stacks
o simpleSAMLo ORACLE Access Managero Novell Access Manager
o Future versionso Changes to Requirements
o Australian Lawso Participant requirements
o Federation Group attributes and other attributes from secondary IdPso Attribute release via data-mining, e.g. De-provisioningo Computed Attributes (Age > 18: True/False)o Utilization reporting – accuracy
© Australian Access Federation Inc. www.aaf.edu.au
Visit us online www.aaf.edu.auHeath Marks
Project [email protected]
Patricia McMillanPolicy, Strategy and Process
More [email protected]
© Australian Access Federation Inc. www.aaf.edu.au
QUESTIONS?
Terry SmithTechnical Program