Refeds


Subject Re: draft charge, refeds working group on attribute release
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Fri, 01 Jul 2011 18:09:58 +0100

this is a different use case. The exams service is conceptually internal to the university and necessary for it to do its business. So the university if free to move user attributes between its own systems as necessary in order to perform its essential business. This is allowed under DP legislation. So no consent is needed for this use case

regards

David


On 01/07/2011 10:04, Leif Johansson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


the user is not compelled to take the service. He decides he wants it
and consents to his attributes in exchange. What is wrong with that?
Surely this then removes all risk and liability from the IdP, which
appears to be one of your concerns


Of course the user may be compelled to use a service!

Several universities use online service to register for
exams for instance.

You can't possibly argue that "Then don't get a degree,
see if we care!" is a reasonable alternative to consenting
to attribute release for that service.

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4NjZMACgkQ8Jx8FtbMZndc6QCguP6bJtGOET5EdWPjry4rNilc
CXsAoJ7TWZgdHJyEs7KhBum1MimZr75z
=PrxF
-----END PGP SIGNATURE-----


--

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************