[WG-P3] Fwd: [WG-eGov] Another NZ request: Consent Services

John Bradley ve7jtb at ve7jtb.com
Thu Mar 31 08:04:44 EDT 2011

This may be a useful input about how federations in Europe are dealing with some of the attribute release issues.

> In the eduGAIN project (which is "the STORK for European higher education and research"), we have recently studied the EU data protection directive's implications to federated identity management, including user consent for attribute release from SAML IdP to SP:
> http://www.edugain.org/policy/edugain_policy_build20110124/data_protection_profile_20101215.pdf
> In short, according to the EU DP directive, attribute release is based either on user's informed consent or necessity. National interpretations vary; in some countries consent seems to be the primary way, in others consent is used as the last resort and attribute release should be based on necessity, whenever possible.
> In research and higher education, the consent is typically given not to the SP but to the IdP before it releases any attributes to the SP. In the front-channel binding of the SAML2 Authentication request protocol, it is easy to implement.
> Cheers,
> mikael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-p3/attachments/20110331/ef2bcd3f/attachment.bin 

More information about the WG-P3 mailing list