Shibboleth Attribute Release meta-Policy: Difference between revisions
mNo edit summary |
(Hacked and edited) |
||
Line 1: | Line 1: | ||
{{shib-project}} | {{shib-project}} | ||
''This document | ''This document [2007-06-25: currently a draft] sets out the policy observed by the managers of the University of Cambridge's institutional Shibboleth IdP in respect of release of attribute information. The initial policy and any subsequent ammendments have been [2007-06-25: will be] approved by the Director of the University Computing Service.'' | ||
''Transfer of attribute information is central to the operation of Shibboleth. However attribute values may represent 'personal data' under the terms of the Data Protection Act 1998 and processing and release of such data must abide by the provisions of the act - this policy | ''Transfer of attribute information is central to the operation of Shibboleth. However attribute values may represent 'personal data' under the terms of the Data Protection Act 1998 and processing and release of such data must abide by the provisions of the act - this policy ensures that the University does so.'' | ||
''See [[Shibboleth Attribute Release policy summary]] for details of the current policy.'' | |||
---- | ---- | ||
Users | 1) Users are told about the IdP, and the fact that it may disclose information about them, the first time that they use it to access a resource and at least annually thereafter. They are asked to positively confirm that they accept the terms and conditions under which the IdP operates before proceeding and a record is made of this acceptance. On first access to a particular SP, users are made aware of the information that will be disclosed to it and asked to approve this disclosure; this will be repeated at least annually and any time the list of attributes being disclosed to this SP changes. | ||
The University institutional IdP | 2) The University institutional IdP provides attribute information only to SPs operated by members of the ''UK Access Management Federation for Education and Research'' or to members of the local ''University of Cambridge Federation''. Membership of the latter is restricted to SPs operated by the University and its related institutions. | ||
''eduPersonTargetedID'' and | 3) Values for ''[[Shibboleth Attribute Usage and Derivation#eduPersonTargetedID (ePTID) | eduPersonTargetedID]]'', and the value ''member@cam.ac.uk'' for ''[[Shibboleth Attribute Usage and Derivation#eduPersonScopedAffiliation (ePSA) | eduPersonScopedAffiliation]]'', may be released to any SP authorised to use the IdP. According to UK Federation policy, this should be sufficient to enable access to the majority of resources. | ||
4) Values other than ''member@cam.ac.uk'' for ''[[Shibboleth Attribute Usage and Derivation#eduPersonScopedAffiliation (ePSA) | eduPersonScopedAffiliation]]'', and values for any other attributes (in particular ''[[Shibboleth Attribute Usage and Derivation#eduPersonEntitlement (ePE) | edPersonEntitlement]]''), may be released to any SP authorised to use the IdP that can demonstrate a reasonable need, providing the corresponding user's identity can not be derived from these attributes or other information likely to be available to the SP. Each SPs will only receive the particular attributes and values that it requires. | |||
5) ''[[Shibboleth Attribute Usage and Derivation#eduPersonPrincipalName (ePPN) | eduPersonPrincipleName]]'', and attributes from or derived from lookup, notably ''givenName,'' ''sn,'' ''cn,'' ''displayName,'' ''ou,'' ''mail,'' and ''groupID'' may be released to SPs operated on servers that can already query lookup directly for the same information, but only subject to the user's choice of suppression in lookup. | |||
Other than as mentioned above, attributes and attribute values will only be disclosed where there is a demonstrable need and only to SPs who have entered into contractual or other | 6) Other than as mentioned above, attributes and attribute values will only be disclosed where there is a demonstrable need and only to SPs who have entered into contractual or other arrangements with the University to provide what the University considers to be adequate levels of protection for the data concerned. Note that this includes ''[[Shibboleth Attribute Usage and Derivation#eduPersonPrincipalName (ePPN) | eduPersonPrincipleName]]'' other than within the University even though it is a UK Federation core attribute. Release of such information will only be permitted where there is no alternative - it is in general better from the University's point of view for SPs to obtain information direct from the user than it is for the University to supply it (even if it would be easier for the user for the University to do so). Each decision to allow or change a particular disclosure must be approved by the Director of the University Computing Service before it is implemented and will be recorded as an amendment to this policy. | ||
Attribute and attribute value disclosure approved under section 5 above: | |||
: ''None'' | |||
Revision as of 13:04, 25 June 2007
This was a working document belonging to the Computing Service's Shibboleth Development Project. This project is complete (Raven now supports Shibboleth) and this document only remains for historical and reference purposes. Be aware that it is not being maintained and may be misleading if read out of context.
This document [2007-06-25: currently a draft] sets out the policy observed by the managers of the University of Cambridge's institutional Shibboleth IdP in respect of release of attribute information. The initial policy and any subsequent ammendments have been [2007-06-25: will be] approved by the Director of the University Computing Service.
Transfer of attribute information is central to the operation of Shibboleth. However attribute values may represent 'personal data' under the terms of the Data Protection Act 1998 and processing and release of such data must abide by the provisions of the act - this policy ensures that the University does so.
See Shibboleth Attribute Release policy summary for details of the current policy.
1) Users are told about the IdP, and the fact that it may disclose information about them, the first time that they use it to access a resource and at least annually thereafter. They are asked to positively confirm that they accept the terms and conditions under which the IdP operates before proceeding and a record is made of this acceptance. On first access to a particular SP, users are made aware of the information that will be disclosed to it and asked to approve this disclosure; this will be repeated at least annually and any time the list of attributes being disclosed to this SP changes.
2) The University institutional IdP provides attribute information only to SPs operated by members of the UK Access Management Federation for Education and Research or to members of the local University of Cambridge Federation. Membership of the latter is restricted to SPs operated by the University and its related institutions.
3) Values for eduPersonTargetedID, and the value member@cam.ac.uk for eduPersonScopedAffiliation, may be released to any SP authorised to use the IdP. According to UK Federation policy, this should be sufficient to enable access to the majority of resources.
4) Values other than member@cam.ac.uk for eduPersonScopedAffiliation, and values for any other attributes (in particular edPersonEntitlement), may be released to any SP authorised to use the IdP that can demonstrate a reasonable need, providing the corresponding user's identity can not be derived from these attributes or other information likely to be available to the SP. Each SPs will only receive the particular attributes and values that it requires.
5) eduPersonPrincipleName, and attributes from or derived from lookup, notably givenName, sn, cn, displayName, ou, mail, and groupID may be released to SPs operated on servers that can already query lookup directly for the same information, but only subject to the user's choice of suppression in lookup.
6) Other than as mentioned above, attributes and attribute values will only be disclosed where there is a demonstrable need and only to SPs who have entered into contractual or other arrangements with the University to provide what the University considers to be adequate levels of protection for the data concerned. Note that this includes eduPersonPrincipleName other than within the University even though it is a UK Federation core attribute. Release of such information will only be permitted where there is no alternative - it is in general better from the University's point of view for SPs to obtain information direct from the user than it is for the University to supply it (even if it would be easier for the user for the University to do so). Each decision to allow or change a particular disclosure must be approved by the Director of the University Computing Service before it is implemented and will be recorded as an amendment to this policy.
Attribute and attribute value disclosure approved under section 5 above:
- None