Subject RE: entity category work?
From Andrew Cormack <Andrew.Cormack@xxxxxx>
Date Fri, 26 Apr 2013 22:46:51 +0000

> -----Original Message-----
> From: smith@xxxxxxxxxxxxx [mailto:smith@xxxxxxxxxxxxx]
> Sent: 26 April 2013 17:20
> To: Andrew Cormack
> Cc: Tom Scavo; Nicole Harris; REFeds
> Subject: Re: [refeds] entity category work?
> On 26 Apr 2013, at 13:21, Andrew Cormack <Andrew.Cormack@xxxxxx> wrote:
> > I'd hope that the privacy risk of an ARP limited to those two
> attributes was seen as very low (the original UK federation
> recommendation was to have that as default). Unfortunately the European
> authorities seem rather resistant to the idea of providing regulatory
> incentives to use opaque identifiers ("it's still personal data", at
> least beyond the UK), so even for just ePTID there's still a bit of a
> selling job to do :( I'm still working on that.
> Having said that, I would suggest the vast majority of IdPs in the
> UKfed release ePTID and ePSA to any entity that it knows about...

Yup. The selling job I had in mind was to the Commission, to try to persuade them that that privacy-respecting configuration deserves some sort of reward in terms of lighter regulation. Will be testing out my proposal for how to do that with a group of fellow law students (tough audience!) tomorrow ;-)

> Rhys.
> --
> Dr Rhys Smith
> Identity, Access, and Middleware Specialist
> Cardiff University & Janet - the UK's research and education network
> email: smith@xxxxxxxxxxxxx / rhys.smith@xxxxxx
> GPG: 0xDE2F024C