Access Management

17 June 2014 at 4:22pm

Managing Federated Authorisation for Research

Andrew Cormack
Access Management
#TNC2014
Research, and particularly the on-line collaborative research referred to as e-science, creates a new challenge for federated access management systems. In teaching, the authoritative statement whether an individual is entitled to access an on-line resource comes from their home organisation: are they a member of that course? are they covered by that institutional licence? Thus it is natural to provide a source of authorisation attributes alongside, or even as part of, the home organisation's authentication systems.
Read more
24 April 2014 at 1:59pm

Legitimate Interests and Federated Access Management

Andrew Cormack
Access Management
Data Protection Directive
Data Protection Regulation
I only wish the Article 29 Working Party had published their Opinion on Legitimate Interests several years ago, as it could have saved us a lot of discussion in the federated access management community.
Read more

E-Infrastructure supporting Virtual Organisations

Stephen Booth
20 March 2014 at 10:03pm
AAAI
Access Management
eIWG discussion
Some thoughts on the e-Infrastructure requirements for supporting VirtualOrganisations.  A Virtual Organisation (VO) is one that intersects with multiple realorganisation.  It is comprised of users from multiple homeinstitutions. Many of which may be entirely unaware of the existenceof the VO at all.  This means that the Virtual Organisation needs tobe self-organising and must be provided with the tools to manage itsown membership.
Read more
11 March 2014 at 2:03pm

Level of Assurance: are we approaching a limit?

Andrew Cormack
Access Management
passwords
eIWG discussion
I've had several conversations this week that related to what's commonly referred to as "level of assurance": how confident we can be that an account or other information about an on-line user actually relates to the person currently sitting at the keyboard. Governments may be concerned with multiple forms of documentary proof but I suspect that for most common uses in the education sector that may be over-complicating things.
Read more

Federated Authentication Policies

Andrew Cormack
28 February 2014 at 9:02am
eIWG discussion
Access Management
In discussions with e-Infrastructures we’ve spoken quite a bit about federated authentication, so I thought it was worth a quick summary of the federated authentication schemes already available on Janet. And, in particular, what the policies of those federations already offer to Service Providers by way of guarantees.
Read more

Papers on e-infrastructure access management

Andrew Cormack
16 October 2014 at 5:03pm
Access Management
eIWG references
Papers examining the access management requirements for European e-infrastructures:
Read more
14 February 2014 at 2:07pm

Low-risk identifiers in Access Management

Andrew Cormack
Data Protection Regulation
Access Management
The Information Commissioner’s analysis of the European Parliament’s amendments to the draft Data Protection Regulation discusses the wide range of information that falls within the definition of "personal data" and gives examples that seem particularly relevant to identity federations.
Read more
10 January 2014 at 11:44am

Everything by consent?

Andrew Cormack
Data Protection Regulation
Access Management
As a privacy-sensitive person, I'm concerned that the trend in European Data Protection law seems to be to place more and more weight on my consent as justification for processing my personal data. In theory that sounds fine – given full information and a free choice, I can decide whether or not I'm willing for the processing to take place.
Read more
19 November 2013 at 9:07am

Life-long identifiers in Research and Education

Andrew Cormack
ORCID
#VAMP2013
Access Management
There are several situations when it would be useful to have a life-long identifier that doesn’t change when we move house, employer or even country. Most of us already have life-long identifiers to link together all our interactions with the health service and the tax office; in research and education linking together our achievements would also be useful when preparing a CV or research proposal. However these applications have very different consequences if the link between individual and identifier fails; they also need to resist different types of threat.
Read more
8 October 2013 at 9:31pm

Federated Access Management: Legal Developments

Andrew Cormack
#VAMP2013
Access Management
Data Protection Regulation
Privacy
data protection
At the VAMP workshop last week I was asked to review legal developments that might affect access management federations. On the legislative side the new European Data Protection Regulation seems to be increasingly mired in politics.
Read more
Subscribe to Access Management