Transcript Slide 1
Supported by the Australian Government through the Department of Innovation, Industry, Science and Research P
RIVACY AND
T
HE
A
USTRALIAN
A
CCESS
F
EDERATION
Presented by: Terry Smith 1 st June 2010 © Australian Access Federation Inc.
T
HE
AAF
A BRIEF HISTORY
o Federation for Higher Education and Research o Replaces the MAMS Test bed federation o Shibboleth, SAML2, based on SWITCHaai model o AAF Incorporated mid 2009 o 50% of AU and NZ Universities and growing o Mini Grant program to encourage service providers o Federally funded until the end of 2010 o Self sustaining from 2011 thru subscriptions o Three streams of activities o Policy o Technology o Marketing Visit us online: www.aaf.edu.au
© Australian Access Federation Inc. www.aaf.edu.au
P
RIVACY IN
A
USTRALIA
o AAF R EQUIREMENTS Australian Privacy Law o Framework and Guidelines for Privacy o State Privacy Laws o AAF Rules for participants o Requirements from our participants Australia's national privacy regulator, protecting personal information http://www.privacy.gov.au/index.php
AAF SOLUTION o o o Project underway to meet Australian legal requirements Must ensure we continue with standard solution Must be simple, useable and non-intrusive © Australian Access Federation Inc. www.aaf.edu.au
I
NFORMATION
P
RIVACY
P
RINCIPLES
Personal Information
means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Summary of the eleven Information Privacy Principles
IPP 1: manner and purpose of collection IPP 2: collecting information directly from individuals IPP 3: collecting information generally IPP 4: storage and security IPPs 5 - 7: access and amendment IPPs 8 - 10: information use IPP 11: disclosure
© Australian Access Federation Inc. www.aaf.edu.au
W
HERE TO
B
EGIN
The AU privacy guidelines inform us to do...
o Threshold Assessment – are there privacy risks that need to be addressed?
o YES o Privacy Impact Assessment • Project description • Mapping information flows and privacy framework • Privacy impact analysis • Privacy management • Recommendations • After the assessment --- what then?
© Australian Access Federation Inc. www.aaf.edu.au
P
ROJECT
D
ESCRIPTION
The Big picture – Building a Higher Education and Research Federation © Australian Access Federation Inc. www.aaf.edu.au
I
NFORMATION FLOWS
, C
ORE
A
TTRIBUTES
Identity Providers assert user information to Service Providers as attributes. Full attribute specification at :
https://wiki.caudit.edu.au/confluence/display/aafaueduperson/Home.
• auEduPersonSharedToken – unique, persistent ID • eduPersonTargetedID – privacy-preserving ID targeted to a particular SP • • eduPersonAffiliation and eduPersonScopedAffiliation – e.g. student or staff eduPersonEntitlement – string arranged with SP to grant a • • particular entitlement eduPersonAssurance – URN indicating one of 4 levels of identity assurance • • AuthenticationMethod – URN indicating one of 4 levels of authentication assurance displayName and cn – contain the user’s name mail – the user’s email address • o – the name of the organisation
I
MPACT
A
NALYSIS
& M
ANAGEMENT
o Risk analysis and management of privacy information... How information flows affect individuals’ choices in the way personal information about them is handled The degree of intrusiveness into individuals’ lives Compliance with privacy law How the project fits into community expectations.
© Australian Access Federation Inc. www.aaf.edu.au
R
ECOMMENDATIONS
AAF Privacy Requirement document Technical architecture Review existing options against the requirements Develop and deploy solution © Australian Access Federation Inc. www.aaf.edu.au
R
EQUIREMENTS
Terms of Use Information that is necessary, minimal disclosure Purpose for use of information Review claim sent to SP’s User friendly and easy to incorporate, standards based.
© Australian Access Federation Inc. www.aaf.edu.au
OTHER FACTORS TO CONSIDER
Do we show users privacy preserving attributes or do we assume they are outside the privacy regime?
What does the AAF and its members consider “Personal Information”? Are there any legal requirements on how long claim records should be kept by identity providers?
© Australian Access Federation Inc. www.aaf.edu.au
OTHER FACTORS TO CONSIDER
C
ONT
What levels of access should be defined for report generation and what information should be available to administrators at each level?
In the future how do we deal with attribute release for minors? Are users who are under 18 able to accept release of their personal information?
Should the federation support user modification and choice for attributes that certain service providers consider ‘optional’?
© Australian Access Federation Inc. www.aaf.edu.au
A
RCHITECTURE
User Federation
Holistic Approach
Identity Provider Service Provider © Australian Access Federation Inc. www.aaf.edu.au
A
VAILABLE OPTIONS
, U
SER
C
ONSENT
o AAF could build it own solution from the ground up o Use MAMS Autograph + SHARPe o Shibboleth 1.3.x only o Not production quality o Difficult to install / configure o uApprove o Good fit – need some extensions o Moving into Shibboleth core with V3.0
o simpleSAMLphp + consent o Good fit – may need some extensions o Not currently used any IdP’s, but some are considering o The trusted third party model (TTP) o Still being investigated o Possible User privacy concerns, in particular the centralized recording off all federation user attributes (used to determine if there have been value changes) o Change in from current hybrid model to Hub-and-spoke o Other options...
© Australian Access Federation Inc. www.aaf.edu.au
U
A
PPROVE EXTENDED
+ …
uApprove extensions
o Regular retrieval Federation Terms of Service from central point o Provide two Terms of Service agree buttons (Local & Federation) o Store user attributes to enable re-approval if values change o Retrieve SP Statements of Attribute requirement from central point o Store history for attribute release consent and agreement to ToS © Australian Access Federation Inc. www.aaf.edu.au
… A
DDITIONAL
S
UPPORT COMPONENTS
Federation Tools
o Record SP Attribute requirements and related information including attribute value sets, e.g. List of accepted entitlements o Approval process for SP Attribute requirement o Record IdP Attribute release policies o Metadata generator to include SP Attributes and values o Attribute-Filter generator that filters based on SP Attributes and Values + IdP release policy o Attribute-Map generator that filters based on SP Attributes and Values + IdP release policy o End point for SP Attribute requirements statement o End point for Federation ToS
Local Tools for IdPs
o Review Attribute release consent o Review agreement to ToS o Local Administrators able to view © Australian Access Federation Inc. www.aaf.edu.au
… A
DDITIONAL
S
UPPORT COMPONENTS
Identity Providers (Shibboleth only) o Inclusion and configuration of extended uApprove o Recording Attribute release policies with the federation o Use the generated Attribute-Filter from federation
Service Providers
o Recording of Attribute requirements with the federation o Optional use of generated Attribute-Policy from federation © Australian Access Federation Inc. www.aaf.edu.au
P
OLICY AND
M
ARKETING
Technology is not enough, it needs to be backed by POLICY and well Publicised IdPs and SPs must
Deploy the technical solution Register information centrally
and be informed
Know their responsibilities w.r.t privacy laws Be aware of the risks and how they can be mitigated
User must be aware of the rights and responsibilities
© Australian Access Federation Inc. www.aaf.edu.au
T
IME FRAMES Deployment and testing against the AAF Test environment during Q3 2010 Early adopters begin using in production AAF environment during Q4 2010 Expect major take up by from the start of 2011
© Australian Access Federation Inc. www.aaf.edu.au
O
THER
I
SSUES
o Co-federation o Non web protocols and applications – Project Moonshot o Other Federation stacks o simpleSAML o ORACLE Access Manager o Novell Access Manager o Future versions o Changes to Requirements o Australian Laws o Participant requirements o Federation Group attributes and other attributes from secondary IdPs o Attribute release via data-mining, e.g. De-provisioning o Computed Attributes (Age > 18: True/False) o Utilization reporting – accuracy © Australian Access Federation Inc. www.aaf.edu.au
Q
UESTIONS
?
Visit us online www.aaf.edu.au
Patricia McMillan Policy, Strategy and Process
Heath Marks Project Manager
Terry Smith Technical Program Manager
More Information?
© Australian Access Federation Inc. www.aaf.edu.au