Access Management

23 March 2018 at 1:24pm

Federated Authentication and the GDPR Principles

Andrew Cormack
Data Protection Regulation
GDPRtopics
Access Management
The General Data Protection Regulation's Article 4(1) establishes six principles for any processing of personal data. It's interesting to compare how federated authentication – where a student authenticates to their university/college, which then provides relevant assurances to the website they want to access – performs against those principles when compared with traditional direct logins to websites.
Read more
28 February 2018 at 8:30am

GDPR Exports and Federated Authentication

Andrew Cormack
Data Protection Regulation
GDPRtopics
Access Management
Although the Article 29 Working Party seem to have had applications such as incident response in mind when drafting their guidance on exports, that guidance could also be helpful in the field of federated authentication.
Read more
19 April 2017 at 9:51am

Federated Access Management and the GDPR

Andrew Cormack
Data Protection Regulation
Access Management
GDPRtopics
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
Read more
3 March 2016 at 3:42pm

GDPR - the final text?

Andrew Cormack
Data Protection Regulation
incident response
Access Management
Cloud computing
Breach Notification
ePrivacy Directive
The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission's "lawyer-linguists" to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the resulting text should be adopted by the respective full bodies at meetings in the next couple of months.
Read more
7 September 2015 at 9:42am

Information Commissioner on Alternatives to Consent

Andrew Cormack
Data Protection Regulation
Access Management
A helpful comment on page 3 of the Information Commissioner’s discussion of the latest (Council) draft of the General Data Protection Regulation: We reiterate our view that there must be realistic alternatives to consent – for example 'legitimate interests' where the data processing is necessary to provide the goods or services that an individual has requested.
Read more
21 August 2015 at 10:08am

A Question of Trust?

Andrew Cormack
Access Management
federation
A question that comes up from time to time when discussing federated access management is "how can I rely on another organisation to manage accounts for me?". Federation saves services the trouble of managing user accounts by instead delegating the job to an external identity provider, but it's entirely reasonable to think carefully about that. Why should any service trust someone else to manage the keys to its valuable content?
Read more
25 June 2015 at 5:31pm

Data Protection Regulation - now there are three

Andrew Cormack
Data Protection Regulation
incident response
Access Management
Cloud computing
After more than three years of discussion, all three components of the European law making process have now produced their proposed texts for a General Data Protection Regulation should look like.
Read more
29 August 2014 at 11:50am

How Many Passwords?

Andrew Cormack
security
passwords
Access Management
A recent discussion got me thinking about what might be the right number of passwords. There are plenty of references that still say you should have a different password for every service, and breaches such as Adobe’s last year show why. If you use the same password on two different websites and one of those gets compromised, either by phishing or loss and cracking of a password file, then both accounts are put at risk.
Read more
20 June 2014 at 11:44am

User Interfaces for Federated Login

Andrew Cormack
Access Management
Privacy
user interface
#TNC2014
It’s often said that technical people are bad at designing user interfaces. Ken Klingenstein’s presentation at the TERENA Networking Conference reported (and demonstrated) the results when user interface experts looked at the problem of explaining federated login to users.
Read more
Subscribe to Access Management