© Australian Access Federation Inc.

PRIVACY AND THE AUSTRALIAN ACCESS FEDERATION

Presented by: Terry Smith

1st June 2010

Supported by the Australian Government through the Department of Innovation,

Industry, Science and Research

THE AAF A BRIEF HISTORY

o Federation for Higher Education and Researcho Replaces the MAMS Test bed federation o Shibboleth, SAML2, based on SWITCHaai modelo AAF Incorporated mid 2009o 50% of AU and NZ Universities and growingo Mini Grant program to encourage service providerso Federally funded until the end of 2010o Self sustaining from 2011 thru subscriptionsoThree streams of activities

oPolicyoTechnologyoMarketing

Visit us online: www.aaf.edu.au

© Australian Access Federation Inc. www.aaf.edu.au

PRIVACY IN AUSTRALIA

o Australian Privacy Lawo Framework and Guidelines for Privacy

o State Privacy Lawso AAF Rules for participantso Requirements from our participants

© Australian Access Federation Inc. www.aaf.edu.au

o Project underway to meet Australian legal requirementso Must ensure we continue with standard solutiono Must be simple, useable and non-intrusive

Australia's national privacy regulator,protecting personal information

http://www.privacy.gov.au/index.php

AAF SOLUTION

AAF REQUIREMENTS

INFORMATION PRIVACY PRINCIPLES

Summary of the eleven Information Privacy Principles IPP 1: manner and purpose of collectionIPP 2: collecting information directly from individualsIPP 3: collecting information generallyIPP 4: storage and securityIPPs 5 - 7: access and amendmentIPPs 8 - 10: information useIPP 11: disclosure

© Australian Access Federation Inc. www.aaf.edu.au

Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

WHERE TO BEGIN

The AU privacy guidelines inform us to do...oThreshold Assessment – are there privacy risks that need to be addressed?

oYES

oPrivacy Impact Assessment

© Australian Access Federation Inc. www.aaf.edu.au

•Project description

•Mapping information flows and privacy framework

•Privacy impact analysis

•Privacy management

• Recommendations

• After the assessment --- what then?

PROJECT DESCRIPTION

The Big picture – Building a Higher Education and Research Federation

© Australian Access Federation Inc. www.aaf.edu.au

INFORMATION FLOWS, CORE ATTRIBUTES

Identity Providers assert user information to Service Providers as attributes. Full attribute specification at : https://wiki.caudit.edu.au/confluence/display/aafaueduperson/Home.

© Australian Access Federation Inc. www.aaf.edu.au © Australian Access Federation Inc. www.aaf.edu.au

• auEduPersonSharedToken – unique, persistent ID• eduPersonTargetedID – privacy-preserving ID targeted to a

particular SP• eduPersonAffiliation and eduPersonScopedAffiliation – e.g.

student or staff• eduPersonEntitlement – string arranged with SP to grant a

particular entitlement• eduPersonAssurance – URN indicating one of 4 levels of

identity assurance• AuthenticationMethod – URN indicating one of 4 levels of

authentication assurance• displayName and cn – contain the user’s name• mail – the user’s email address• o – the name of the organisation

IMPACT ANALYSIS & MANAGEMENT

o Risk analysis and management of privacy information...

© Australian Access Federation Inc. www.aaf.edu.au

How information flows affect individuals’ choices

in the way personal information about them is

handled

The degree of intrusiveness into individuals’ lives

Compliance with privacy

law

How the project fits into community

expectations.

RECOMMENDATIONS

© Australian Access Federation Inc. www.aaf.edu.au

REQUIREMENTS

© Australian Access Federation Inc. www.aaf.edu.au

Terms of Use

Information that is necessary, minimal disclosure

Purpose for use of information

Review claim sent to SP’s

User friendly and easy to incorporate, standards based.

OTHER FACTORS TO CONSIDER

Do we show users privacy preserving attributes or do we assume they are outside the privacy regime?

What does the AAF and its members consider “Personal Information”?

Are there any legal requirements on how long claim records should be kept by identity providers?

© Australian Access Federation Inc. www.aaf.edu.au

OTHER FACTORS TO CONSIDER CONT

What levels of access should be defined for report generation and what information should be available to administrators at each level?

In the future how do we deal with attribute release for minors? Are users who are under 18 able to accept release of their personal information?

Should the federation support user modification and choice for attributes that certain service providers consider ‘optional’?

© Australian Access Federation Inc. www.aaf.edu.au

ARCHITECTURE

© Australian Access Federation Inc. www.aaf.edu.au

HolisticApproach

User

Identity Provider

ServiceProvider

Federation

AVAILABLE OPTIONS, USER CONSENT

o AAF could build it own solution from the ground upo Use MAMS Autograph + SHARPe

o Shibboleth 1.3.x onlyo Not production qualityo Difficult to install / configure

o uApproveo Good fit – need some extensionso Moving into Shibboleth core with V3.0

o simpleSAMLphp + consento Good fit – may need some extensions o Not currently used any IdP’s, but some are considering

o The trusted third party model (TTP)o Still being investigatedo Possible User privacy concerns, in particular the centralized recording off all federation user attributes (used to determine if there have been value changes)o Change in from current hybrid model to Hub-and-spoke

o Other options...

© Australian Access Federation Inc. www.aaf.edu.au

UAPPROVE EXTENDED + …

uApprove extensionso Regular retrieval Federation Terms of Service from central pointo Provide two Terms of Service agree buttons (Local & Federation)o Store user attributes to enable re-approval if values changeo Retrieve SP Statements of Attribute requirement from central pointo Store history for attribute release consent and agreement to ToS

© Australian Access Federation Inc. www.aaf.edu.au

… ADDITIONAL SUPPORT COMPONENTS

Federation Toolso Record SP Attribute requirements and related information including attribute value sets, e.g. List of accepted entitlementso Approval process for SP Attribute requiremento Record IdP Attribute release policieso Metadata generator to include SP Attributes and valueso Attribute-Filter generator that filters based on SP Attributes and Values + IdP release policyo Attribute-Map generator that filters based on SP Attributes and Values + IdP release policyo End point for SP Attribute requirements statement oEnd point for Federation ToS

© Australian Access Federation Inc. www.aaf.edu.au

Local Tools for IdPso Review Attribute release consento Review agreement to ToSo Local Administrators able to view

… ADDITIONAL SUPPORT COMPONENTS

Identity Providers (Shibboleth only)o Inclusion and configuration of extended uApproveo Recording Attribute release policies with the federation o Use the generated Attribute-Filter from federation

© Australian Access Federation Inc. www.aaf.edu.au

Service Providerso Recording of Attribute requirements with the federationo Optional use of generated Attribute-Policy from federation

POLICY AND MARKETING

Technology is not enough, it needs to be backed by POLICY and well Publicised

IdPs and SPs mustDeploy the technical solutionRegister information centrally

and be informedKnow their responsibilities w.r.t privacy laws

Be aware of the risks and how they can be mitigated

User must be aware of the rights and responsibilities

© Australian Access Federation Inc. www.aaf.edu.au

TIME FRAMES

© Australian Access Federation Inc. www.aaf.edu.au

Deployment and testing against the AAF Test environment during Q3 2010

Early adopters begin using in production AAF environment during Q4 2010

Expect major take up by from the start of 2011

OTHER ISSUES

o Co-federationo Non web protocols and applications – Project Moonshoto Other Federation stacks

o simpleSAMLo ORACLE Access Managero Novell Access Manager

o Future versionso Changes to Requirements

o Australian Lawso Participant requirements

o Federation Group attributes and other attributes from secondary IdPso Attribute release via data-mining, e.g. De-provisioningo Computed Attributes (Age > 18: True/False)o Utilization reporting – accuracy

© Australian Access Federation Inc. www.aaf.edu.au

Visit us online www.aaf.edu.auHeath Marks

Project ManagerHeath.Marks@aaf.edu.au

Patricia McMillanPolicy, Strategy and Process

Patricia.McMillan@uq.edu.au

More Information?enquiries@aaf.edu.au

© Australian Access Federation Inc. www.aaf.edu.au

QUESTIONS?

Terry SmithTechnical Program

ManagerT.Smith@aaf.edu.au