I’ve just submitted a response to the Intellectual Property Office on their proposed amendments to the education exemptions to UK copyright law. These aim to extend the same permissions for distance learning as currently apply to the premises of an educational establishment. From Janet’s point of view as operator of a network and an access management […]
Tag: Access Management
Posts about Federated Access Management, which allows service providers and identity providers to work together to minimise data flows while granting users access to protected resources
I’ve been looking at the Intellectual Property Office’s proposals to update copyright exemptions for education, to see if there’s anything I need to comment on. My initial observations are as follows, but I’d be very grateful for comments if I’ve missed something. I’m not an expert on copyright exemptions or education licensing, but I am […]
It’s interesting to read the Information Commissioner’s comments on the draft European Data Protection Regulation, which have just been published. A number of the comments address issues we’ve been struggling with in providing Internet services such as incident response and federated access management. These are widely recognised as benefitting privacy, but they don’t fit easily […]
A paper on “Economic Tussles in Federated Identity Management” provides some interesting insights into which FIM systems succeed and which fail. A simplistic summary would be that success requires a win-win outcome, where every party (Identity Provider, Service Provider and User) gains some benefit from adopting a federated approach. Viewing federations as a two-sided market […]
One of the big challenges in designing policies and architectures for federated access management is to reconcile the competing demands that the system must be both “privacy-respecting” and “just work”. For an international access management system to “just work” requires information about users to be passed to service providers, sometimes overseas. The information may be […]
Categories
Federations: next challenges
Last week’s REFEDs and VAMP meetings in Utrecht invited identity federations to move on to the next series of technical and policy challenges. Current federations within research and education were mostly designed to provide access to large commercial publishers and other services procured by universities and colleges for their individual members. Services and arrangements are […]
Categories
MoJ Summary of Data Protection Responses
The Ministry of Justice have published a summary of the responses to their consultation on European Data Protection proposals. On the issues we raised around Internet Identifiers, Breach Notification and Cloud Computing there seems to be general agreement with our concerns. No one else seems to have mentioned Incident Response specifically, but there was a […]
The Government Data Service have published draft identity and privacy principles for federated access management (FAM) systems. It’s interesting to compare these with the approach that has been taken by Research and Education Federations to see whether we have identified the same issues and solutions. The first thing that caught my eye was that the authors seem […]
Statewatch have published what appears to be a document from the Council of (European) Ministers containing comments on the proposed Data Protection Regulation. It’s interesting to see that there seems at last to be a recognition that the current legal treatment of indirectly linked identifiers is unsatisfactory. At the moment European law has been interpreted […]
One definition of a “hacker”, according to Wikipedia, is someone “who makes innovative customizations or combinations of retail electronic and computer equipment”. I was recently asked by TERENA to have a think about the legal issues around using federated access management to control access to resources in eResearch. This has quickly come to feel like […]