Shibboleth Attribute Release meta-Policy: Difference between revisions
(Created, though only a draft ATM) |
(Revised) |
||
| Line 1: | Line 1: | ||
{{shib-project}} | {{shib-project}} | ||
''This document (2007-05-14: currently a draft) sets out the policy observed by the managers of the University of Cambridge's institutional Shibboleth IdP in respect of release of attribute information.'' | ''This document (2007-05-14: currently a draft) sets out the policy observed by the managers of the University of Cambridge's institutional Shibboleth IdP in respect of release of attribute information. The policy, and any amendments required in the future to meet changing circumstances, are formally approved by [install name of suitable body here].'' | ||
Transfer of attribute information is central to the operation of Shibboleth. However | ''Transfer of attribute information is central to the operation of Shibboleth. However attribute values may represent 'personal data' under the terms of the Data Protection Act 1998 and processing and release of such data must abide by the provisions of the act - this policy is intended to ensure that the University does so.'' | ||
---- | |||
Users will be made aware of the function of the IdP and the fact that it may disclose information about them the first time that they access | Users will be made aware of the function of the IdP and the fact that it may disclose information about them the first time that they use it to access a resource and at least annually thereafter. They will be asked to positively confirm that they accept the terms and conditions under which the IdP operates before proceeding and a record will be made of this acceptance. On first accessing a particular SP, users will be made aware of the information that will be disclosed to it and asked to approve this disclosure; this will be repeated if the information changes and otherwise at least annually. | ||
The University institutional IdP will provide attribute information only to SPs operated by members of the ''UK Access Management Federation for Education and Research'' or to members of the local ''University of Cambridge Federation''. Membership rules for the latter have yet to be defined, but it is assumed here that it will contain only SPs operated by the University and its related institutions (the colleges, Cambridge University Press, Cambridge Assessment, etc.). | |||
eduPersonScopedAffiliation with the value | ''eduPersonTargetedID'' and ''eduPersonScopedAffiliation'' with the value ''member@cam.ac.uk'' may be released to any SP authorised to use the IdP. According to UK Federation policy, this should be sufficient to enable access to the majority of resources. | ||
''eduPersonScopedAffiliation'' with the value other than ''member@cam.ac.uk'', ''edPersonEntitlement'', and any other 'privacy preserving' attributes may be released to any SP authorised use the IdP that can demonstrate a reasonable need. SPs will only receive the particular attributes and values that they require. These attributes, or values thereof, will not be considered 'privacy preserving' if there is a reasonable possibility that individuals could be identified from them (perhaps because they relate to a very small subset of users). | |||
Other than as mentioned above, attributes and attribute values will only be disclosed where there is a demonstrable need and | Attributes from or derived from lookup, notably ''eduPersonPrincipleName,'' ''givenName,'' ''sn,'' ''cn,'' ''displayName,'' ''ou,'' ''mail,'' and ''groupID'' may be released to SPs using providerIDs which match ^https://[^/]+\.cam\.ac\.uk/, but only subject to the user's choice of suppression in lookup. The restriction on SPs is broadly consistent with the group of servers that can query lookup directly for the same information. | ||
Other than as mentioned above, attributes and attribute values will only be disclosed where there is a demonstrable need and only to SPs who have entered into contractual or other suitable arrangements with the University to provide what the University considers to be adequate levels of protection for the data concerned. Note that this includes ''eduPersonPrincipleName'' even though it is a UK Federation core attribute. Each decision to allow or change a particular disclosure must be formally approved by ''[install name of suitable body here]'' before it is implimented. Release of such information will only be permitted where there is no alternative - it is in general better from the University's point of view for SPs to obtain information direct from the user than it is for the University to supply it (even if it would be easier for the user for the University to do so). | |||
==Summary of current policy== | ==Summary of current policy== | ||
Revision as of 17:01, 23 May 2007
This was a working document belonging to the Computing Service's Shibboleth Development Project. This project is complete (Raven now supports Shibboleth) and this document only remains for historical and reference purposes. Be aware that it is not being maintained and may be misleading if read out of context.
This document (2007-05-14: currently a draft) sets out the policy observed by the managers of the University of Cambridge's institutional Shibboleth IdP in respect of release of attribute information. The policy, and any amendments required in the future to meet changing circumstances, are formally approved by [install name of suitable body here].
Transfer of attribute information is central to the operation of Shibboleth. However attribute values may represent 'personal data' under the terms of the Data Protection Act 1998 and processing and release of such data must abide by the provisions of the act - this policy is intended to ensure that the University does so.
Users will be made aware of the function of the IdP and the fact that it may disclose information about them the first time that they use it to access a resource and at least annually thereafter. They will be asked to positively confirm that they accept the terms and conditions under which the IdP operates before proceeding and a record will be made of this acceptance. On first accessing a particular SP, users will be made aware of the information that will be disclosed to it and asked to approve this disclosure; this will be repeated if the information changes and otherwise at least annually.
The University institutional IdP will provide attribute information only to SPs operated by members of the UK Access Management Federation for Education and Research or to members of the local University of Cambridge Federation. Membership rules for the latter have yet to be defined, but it is assumed here that it will contain only SPs operated by the University and its related institutions (the colleges, Cambridge University Press, Cambridge Assessment, etc.).
eduPersonTargetedID and eduPersonScopedAffiliation with the value member@cam.ac.uk may be released to any SP authorised to use the IdP. According to UK Federation policy, this should be sufficient to enable access to the majority of resources.
eduPersonScopedAffiliation with the value other than member@cam.ac.uk, edPersonEntitlement, and any other 'privacy preserving' attributes may be released to any SP authorised use the IdP that can demonstrate a reasonable need. SPs will only receive the particular attributes and values that they require. These attributes, or values thereof, will not be considered 'privacy preserving' if there is a reasonable possibility that individuals could be identified from them (perhaps because they relate to a very small subset of users).
Attributes from or derived from lookup, notably eduPersonPrincipleName, givenName, sn, cn, displayName, ou, mail, and groupID may be released to SPs using providerIDs which match ^https://[^/]+\.cam\.ac\.uk/, but only subject to the user's choice of suppression in lookup. The restriction on SPs is broadly consistent with the group of servers that can query lookup directly for the same information.
Other than as mentioned above, attributes and attribute values will only be disclosed where there is a demonstrable need and only to SPs who have entered into contractual or other suitable arrangements with the University to provide what the University considers to be adequate levels of protection for the data concerned. Note that this includes eduPersonPrincipleName even though it is a UK Federation core attribute. Each decision to allow or change a particular disclosure must be formally approved by [install name of suitable body here] before it is implimented. Release of such information will only be permitted where there is no alternative - it is in general better from the University's point of view for SPs to obtain information direct from the user than it is for the University to supply it (even if it would be easier for the user for the University to do so).
Summary of current policy
- eduPersonTargetedID, and eduPersonScopedAffiliation with value member@cam.ac.uk released to any member of the UK federation or the University Federation.
- eduPersonEntitlement
- values of cam#default0 or cam#aaemo are released where appropriate to the EduServ Shibboleth to Athens gateway
- a value of urn:mace:ac.uk:sdss.ac.uk:entitlement:emol.sdss.ac.uk:restricted is released where appropriate to EDINA Film and Sound online
