Access Management

3 October 2013 at 8:32am

Managing Incident Response in Identity Federations

Andrew Cormack
Access Management
incident response
data protection
#VAMP2013
In talking with service providers at this week’s conferences on federated access management in Helsinki it’s become apparent that many of them are asking identity providers to supply not only the information that they need for normal operations, but also information that will only actually be needed if a problem occurs. For example it seems that some service providers may request every user’s real name just in case a user mis-behaves and breaks the service provider’s policy.
Read more
2 October 2013 at 8:00am

How much complexity should we see?

Andrew Cormack
#VAMP2013
Access Management
data protection
A couple of sessions at the VAMP2013 workshop in Helsinki related to complexity and how best to express it to users. Bob Cowles pointed out that current access management systems can involve a lot of complexity even to reach the binary decision whether or not to allow a user to access a resource.
Read more
27 June 2013 at 3:51pm

Proposed Copyright Amendments for Distance Learning

Andrew Cormack
Access Management
Copyright Designs and Patents Act
distance learning
I’ve been looking at the Intellectual Property Office’s proposals to update copyright exemptions for education, to see if there’s anything I need to comment on. My initial observations are as follows, but I’d be very grateful for comments if I’ve missed something.
Read more
15 February 2013 at 3:15pm

ICO on pseudonyms, consent and legitimate interests

Andrew Cormack
Access Management
Data Protection Regulation
incident response
Privacy
It’s interesting to read the Information Commissioner’s comments on the draft European Data Protection Regulation, which have just been published. A number of the comments address issues we’ve been struggling with in providing Internet services such as incident response and federated access management.
Read more
13 November 2012 at 4:36pm

How to Succeed in Federated Identity Management

Andrew Cormack
Access Management
A paper on "Economic Tussles in Federated Identity Management" provides some interesting insights into which FIM systems succeed and which fail. A simplistic summary would be that success requires a win-win outcome, where every party (Identity Provider, Service Provider and User) gains some benefit from adopting a federated approach. Viewing federations as a two-sided market provides some deeper insights and perhaps pointers to how such outcomes can be achieved.
Read more
8 October 2012 at 10:29am

Thinking about "Privacy in Context" and Access Management Federations

Andrew Cormack
Access Management
Privacy
Twitter
One of the big challenges in designing policies and architectures for federated access management is to reconcile the competing demands that the system must be both “privacy-respecting” and “just work”. For an international access management system to “just work” requires information about users to be passed to service providers, sometimes overseas.
Read more
10 September 2012 at 11:35am

Federations: next challenges

Andrew Cormack
Access Management
#Vamp2012
Last week’s REFEDs and VAMP meetings in Utrecht invited identity federations to move on to the next series of technical and policy challenges. Current federations within research and education were mostly designed to provide access to large commercial publishers and other services procured by universities and colleges for their individual members.
Read more

VO Architecure Middleware Planning (VAMP)

Andrew Cormack
25 July 2012 at 9:13am
Access Management
Data Protection Regulation
I'll be talking about the legal framework that might provide a home for complex middleware relationships. For some reason I agreed to the title "Here be VAMPires" ;-)
Read more
18 July 2012 at 5:37pm

Pseudonymous Identifiers and the DP Regulation

Andrew Cormack
Access Management
Data Protection Regulation
Statewatch have published what appears to be a document from the Council of (European) Ministers containing comments on the proposed Data Protection Regulation. It’s interesting to see that there seems at last to be a recognition that the current legal treatment of indirectly linked identifiers is unsatisfactory.
Read more
10 July 2012 at 10:06am

Hacking the law for Federated Access Management

Andrew Cormack
Access Management
Data Protection Regulation
One definition of a “hacker”, according to Wikipedia, is someone “who makes innovative customizations or combinations of retail electronic and computer equipment”. I was recently asked by TERENA to have a think about the legal issues around using federated access management to control access to resources in eResearch. This has quickly come to feel like hacking (in that sense) the law: making it do something it didn’t know it was capable of...
Read more
Subscribe to Access Management