REFEDs - Privacy and Data Protection
Work Item Leader: Andrew Cormack, JANET(UK)
Description of work
This work item aims to develop suggested good practice for identity
federation operators and participants to use federated technologies to
reduce the transfer of personal data while supporting accurate access
management decisions.
This will be informed by European law on personal
data, in particular Directive 95/46/EC and the Opinions of the Article
29 Working Party.
Documents
The list below contains the documents that have been produced by the REFEDs group.
- Federated Access Management [Dec 2008]
The document provides an overview and recommendations on how to implement Federated Access Management Systems in order to reduce the amount of personally identifiable data that is exchanged, in accordance with the Directive 95/46/EC. - Pseudonymous Identifiers [Dec 2008]
This paper suggests measures by which the status of pseudonymous identifiers - whether they are personal data or not - under the European Personal Data Directive (95/46/EC) may be able to be controlled by the issuers and users of those identifiers. - Good Practice for Federated Access Management [Dec 2008]
This paper summarises the good practice recommendations contained in two papers on Federated Access Management and Pseudonymous Identifiers.
Presentations
- Federations and Data Protection [Dec 2008]
This presentation explains how European privacy law applies to access management, and how federated access management tools, properly used, can improve compliance with both privacy expectations and the law.