An open discussion list for topics related to the eduGAIN interfederation service.

[Pål Axelsson <pax AT sunet.se>]

Hi,

 

Even more interesting in the legal field of federated login is that you need to understand the national law context before you can do an easy list of applicable law within a nation or less. For example we did a quick law analysis in Sweden and we found that more then 10 laws or regulations was easy enough to see that they were applicable but when we scratched even more it was overwhelming and not easy to understand the connection. So I totally concur with Niels, start with this federation frameworks.

 

Pål Axelsson

 

 

From: Niels van Dijk [mailto:niels.vandijk AT surfnet.nl]
Sent: Thursday, March 09, 2017 10:47 AM
To: Loretta Davis <loretta.davis AT aaf.edu.au>; edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] international legislation register

 

Hi Loretta,

I would think all of that information would be available publicly anyway. I do fear however actually finding the info may be challenging and that the sheer amount of info - globally - may be overwhelming.

I would suggest starting with some well understood frameworks in the R&E space like CoCo [1] en R&S [2] which describe among other things expected behavior in regard to privacy and data protection. Siritfi is also addressing privacy and data protection related aspects, but in a more operation context [3]. Benefit of these frameworks is that these also have capabilities which allow them to be used in a scalable way, as compared to having to read trough piles of documents (in a foreign language).

One thing that would be interesting I think, given that AU privacy laws are not aligned with EU ones, is to learn where this provides friction.

Finally, given the global character of your question, have you considered bringing this up at REFEDs?

Cheers,
Niels



[1] https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home
[2] https://refeds.org/category/research-and-scholarship
[3] https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf

On 09-03-17 05:10, Loretta Davis wrote:

Hi all,

 

As part of our eduGAIN implementation, we have identified a number of resources specifically related to information privacy - including Federal and State laws, Privacy Act, Information Privacy Principles,etc.

 

We anticipate some of our members may also want to better understand the laws that apply to federations and services in other countries.

 

Has anyone already raised the issue of having a central storage location for this information? A simple register of federations and links to authoritative sources for relevant laws would be ideal.

 

Kind regards,

Loretta...

 

-- 

Loretta Davis | Business Analyst |  Australian Access Federation Inc

Tel: + 61 7 3854 2353 |  Mob: 0407 370 474 | Email: loretta.davis AT aaf.edu.au | Mail: PO Box 2104 | Kelvin Grove  QLD  4059 | Australia

Web: www.aaf.edu.au | Support: support.aaf.edu.au |Twitter: twitter.com/ausaccessfed | Facebook:  facebook.com/ausaccessfed

 

-- 

Niels van Dijk        Technical Product Manager Trust & Security

Mob: +31 651347657  |   Skype: cdr-80  |  PGP Key ID: 0xDE7BB2F5

SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands

www.surfnet.nl                                www.openconext.org