Supported by the Australian Government
through the Department of Innovation,
Industry, Science and Research
PRIVACY AND THE AUSTRALIAN
ACCESS FEDERATION
Presented by: Terry Smith
1st June 2010
© Australian Access Federation Inc.
THE AAF A BRIEF HISTORY
o Federation for Higher Education and Research
o Replaces the MAMS Test bed federation
o Shibboleth, SAML2, based on SWITCHaai model
o AAF Incorporated mid 2009
o 50% of AU and NZ Universities and growing
o Mini Grant program to encourage service providers
o Federally funded until the end of 2010
o Self sustaining from 2011 thru subscriptions
oThree streams of activities
oPolicy
oTechnology
oMarketing
Visit us online: www.aaf.edu.au
© Australian Access Federation Inc. www.aaf.edu.au
PRIVACY IN AUSTRALIA
AAF REQUIREMENTS
o Australian Privacy Law
o Framework and Guidelines for Privacy
o State Privacy Laws
o AAF Rules for participants
o Requirements from our participants
Australia's national privacy regulator,
protecting personal information
http://www.privacy.gov.au/index.php
AAF SOLUTION
o Project underway to meet Australian legal requirements
o Must ensure we continue with standard solution
o Must be simple, useable and non-intrusive
© Australian Access Federation Inc. www.aaf.edu.au
INFORMATION PRIVACY PRINCIPLES
Personal Information
means information or an opinion (including information or an opinion forming part of a database),
whether true or not, and whether recorded in a material form or not, about an individual whose identity
is apparent, or can reasonably be ascertained, from the information or opinion.
Summary of the eleven Information Privacy Principles
IPP 1: manner and purpose of collection
IPP 2: collecting information directly from individuals
IPP 3: collecting information generally
IPP 4: storage and security
IPPs 5 - 7: access and amendment
IPPs 8 - 10: information use
IPP 11: disclosure
© Australian Access Federation Inc. www.aaf.edu.au
WHERE TO BEGIN
The AU privacy guidelines inform us to do...
oThreshold Assessment – are there privacy risks that need to be addressed?
oYES
oPrivacy Impact Assessment
• Project description
• Mapping information flows and privacy framework
• Privacy impact analysis
• Privacy management
• Recommendations
• After the assessment --- what then?
© Australian Access Federation Inc. www.aaf.edu.au
PROJECT DESCRIPTION
The Big picture – Building a Higher Education and Research Federation
© Australian Access Federation Inc. www.aaf.edu.au
INFORMATION FLOWS, CORE ATTRIBUTES
Identity Providers assert user information to Service Providers as attributes.
Full attribute specification at :
https://wiki.caudit.edu.au/confluence/display/aafaueduperson/Home.
• auEduPersonSharedToken – unique, persistent ID
• eduPersonTargetedID – privacy-preserving ID targeted to a
particular SP
• eduPersonAffiliation and eduPersonScopedAffiliation –
e.g. student or staff
• eduPersonEntitlement – string arranged with SP to grant a
particular entitlement
• eduPersonAssurance – URN indicating one of 4 levels of
identity assurance
• AuthenticationMethod – URN indicating one of 4 levels of
authentication assurance
• displayName and cn – contain the user’s name
• mail – the user’s email address
• o – the name of the organisation
© Australian Access Federation Inc. www.aaf.edu.au
IMPACT ANALYSIS & MANAGEMENT
o Risk analysis and management of privacy information...
How information flows
affect individuals’
choices in the way
personal information
about them is handled
The degree of
intrusiveness into
individuals’ lives
Compliance with
privacy law
How the project fits
into community
expectations.
© Australian Access Federation Inc. www.aaf.edu.au
RECOMMENDATIONS
AAF Privacy Requirement document
Technical architecture
Review existing options against the requirements
Develop and deploy solution
© Australian Access Federation Inc. www.aaf.edu.au
REQUIREMENTS
Review claim
sent to SP’s
Terms of
Use
Information
that is
necessary,
minimal
disclosure
Purpose for
use of
information
User friendly
and easy to
incorporate,
standards
based.
© Australian Access Federation Inc. www.aaf.edu.au
OTHER FACTORS TO CONSIDER
Do we show users privacy preserving attributes or do we assume they are
outside the privacy regime?
What does the AAF and its members consider “Personal Information”?
Are there any legal requirements on how long claim records should be
kept by identity providers?
© Australian Access Federation Inc. www.aaf.edu.au
OTHER FACTORS TO CONSIDER
CONT
What levels of access should be defined for report generation and what
information should be available to administrators at each level?
In the future how do we deal with attribute release for minors? Are users
who are under 18 able to accept release of their personal information?
Should the federation support user modification and choice for attributes
that certain service providers consider ‘optional’?
© Australian Access Federation Inc. www.aaf.edu.au
ARCHITECTURE
User
Federation
Holistic
Approach
Identity
Provider
Service
Provider
© Australian Access Federation Inc. www.aaf.edu.au
AVAILABLE OPTIONS, USER CONSENT
o AAF could build it own solution from the ground up
o Use MAMS Autograph + SHARPe
o Shibboleth 1.3.x only
o Not production quality
o Difficult to install / configure
o uApprove
o Good fit – need some extensions
o Moving into Shibboleth core with V3.0
o simpleSAMLphp + consent
o Good fit – may need some extensions
o Not currently used any IdP’s, but some are considering
o The trusted third party model (TTP)
o Still being investigated
o Possible User privacy concerns, in particular the centralized recording off all federation user
attributes (used to determine if there have been value changes)
o Change in from current hybrid model to Hub-and-spoke
o Other options...
© Australian Access Federation Inc. www.aaf.edu.au
UAPPROVE EXTENDED
+…
uApprove extensions
o Regular retrieval Federation Terms of Service from central point
o Provide two Terms of Service agree buttons (Local & Federation)
o Store user attributes to enable re-approval if values change
o Retrieve SP Statements of Attribute requirement from central point
o Store history for attribute release consent and agreement to ToS
© Australian Access Federation Inc. www.aaf.edu.au
… ADDITIONAL SUPPORT COMPONENTS
Federation Tools
o Record SP Attribute requirements and related information including attribute value sets, e.g. List of
accepted entitlements
o Approval process for SP Attribute requirement
o Record IdP Attribute release policies
o Metadata generator to include SP Attributes and values
o Attribute-Filter generator that filters based on SP Attributes and Values + IdP release policy
o Attribute-Map generator that filters based on SP Attributes and Values + IdP release policy
o End point for SP Attribute requirements statement
oEnd point for Federation ToS
Local Tools for IdPs
o Review Attribute release consent
o Review agreement to ToS
o Local Administrators able to view
© Australian Access Federation Inc. www.aaf.edu.au
… ADDITIONAL SUPPORT COMPONENTS
Identity Providers (Shibboleth only)
o Inclusion and configuration of extended uApprove
o Recording Attribute release policies with the federation
o Use the generated Attribute-Filter from federation
Service Providers
o Recording of Attribute requirements with the federation
o Optional use of generated Attribute-Policy from federation
© Australian Access Federation Inc. www.aaf.edu.au
POLICY AND MARKETING
Technology is not enough, it needs to be backed
by POLICY and well Publicised
IdPs and SPs must
Deploy the technical solution
Register information centrally
and be informed
Know their responsibilities w.r.t privacy laws
Be aware of the risks and how they can be mitigated
User must be aware of the rights and responsibilities
© Australian Access Federation Inc. www.aaf.edu.au
TIME FRAMES
Deployment and testing against
the AAF Test environment
during Q3 2010
Early adopters begin using in
production AAF environment
during Q4 2010
Expect major take up by from
the start of 2011
© Australian Access Federation Inc. www.aaf.edu.au
OTHER ISSUES
o Co-federation
o Non web protocols and applications – Project Moonshot
o Other Federation stacks
o simpleSAML
o ORACLE Access Manager
o Novell Access Manager
o Future versions
o Changes to Requirements
o Australian Laws
o Participant requirements
o Federation Group attributes and other attributes from secondary IdPs
o Attribute release via data-mining, e.g. De-provisioning
o Computed Attributes (Age > 18: True/False)
o Utilization reporting – accuracy
© Australian Access Federation Inc. www.aaf.edu.au
QUESTIONS?
Visit us online www.aaf.edu.au
Patricia McMillan
Policy, Strategy and Process
Patricia.McMillan@uq.edu.au
Heath Marks
Project Manager
Heath.Marks@aaf.edu.au
Terry Smith
Technical Program Manager
T.Smith@aaf.edu.au
More Information?
enquiries@aaf.edu.au
© Australian Access Federation Inc. www.aaf.edu.au