Posts about Federated Access Management, which allows service providers and identity providers to work together to minimise data flows while granting users access to protected resources
While some e-infrastructures included accounting in their design and operations from the start, others are now being asked or required to add accounting support to their existing systems. Typically accounting forms part of a relationship between the infrastructure and some other organisation – perhaps a funder, host or customer – rather than the infrastructure’s relationship […]
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text] When individuals register to access a website or other on-line service, it’s common to have to provide a significant amount of personal data. Some of this […]
The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission’s “lawyer-linguists” to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the […]
A helpful comment on page 3 of the Information Commissioner’s discussion of the latest (Council) draft of the General Data Protection Regulation: We reiterate our view that there must be realistic alternatives to consent – for example ‘legitimate interests’ where the data processing is necessary to provide the goods or services that an individual has […]
A question that comes up from time to time when discussing federated access management is “how can I rely on another organisation to manage accounts for me?”. Federation saves services the trouble of managing user accounts by instead delegating the job to an external identity provider, but it’s entirely reasonable to think carefully about that. […]
After more than three years of discussion, all three components of the European law making process have now produced their proposed texts for a General Data Protection Regulation should look like. The Council of Ministers’ version published last week adds to the Commission’s 2012 original and the Parliament text (unofficial consolidated version) agreed last March. […]
A distinctive feature of e-infrastructures is that most individuals’ authorisation to access a particular service does not come from their home organisation (as it does for site-licensed journals, for example) nor from the operator of the service (as in traditional, non-federated, access). Instead, authorisation is largely devolved by service owners to individuals who act as […]
A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended users, that users can be held accountable for any misuse, and that accounts are disabled when users are no longer entitled to use them. Users face a similar challenge in managing […]
A couple of sessions at the VAMP2013 workshop in Helsinki related to complexity and how best to express it to users. Bob Cowles pointed out that current access management systems can involve a lot of complexity even to reach the binary decision whether or not to allow a user to access a resource. This might, […]
A recent discussion got me thinking about what might be the right number of passwords. There are plenty of references that still say you should have a different password for every service, and breaches such as Adobe’s last year show why. If you use the same password on two different websites and one of those […]