1 / 18

The Finnish Haka Federation

The Finnish Haka Federation. Mikael Linden mikael.linden@csc.fi 16th May, 2005. Outline. Status of the Federation Organisation of the Federation Data protection directive and how it is followed in Haka Quality of institutional identity management. Background. The Finnish higher education

raymond-conrad
Download Presentation

The Finnish Haka Federation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AEB/Yleisesittely The Finnish Haka Federation Mikael Linden mikael.linden@csc.fi 16th May, 2005

  2. AEB/Yleisesittely Outline • Status of the Federation • Organisation of the Federation • Data protection directive and how it is followed in Haka • Quality of institutional identity management

  3. AEB/Yleisesittely Background • The Finnish higher education • 20 universities, 29 polytechnics (all are public institutions) • 300 000 students, 40 000 employees • CSC, the Finnish IT Center for Science • Non-profit company owned by the ministry of education • Mission: centralised IT infrastructure for higher education • Funet network, high performance computing • CSC and user administration • Users and services are in higher education institutions (HEI) • Role of CSC: coordinate and support HEIs

  4. AEB/Yleisesittely Status of the Haka Federation • pilot federation operational 12/2003 • 5 IdPs, 7 SPs • production level federation 5/2005 • Federation agreement was drafted last winter • Currently (status on Friday) 3 universities have signed the agreement, waiting for some more before the official launch…

  5. AEB/Yleisesittely Service Providers • Libraries • national library portal Nelli (Ex Libris: Metalib) • under work: library management system (Endeavour: Voyager) • shown interest: content providers (Elsevier) • eLearning • Learning management systems (Moodle, WebCT, others…) • service for applying as a visiting student in another university • National Services • under work: Academy of Finland: applying for research funding • shown interest: student health service foundation • ASP in the administration of the universities • Electronic circulation of invoices and travel expense reports

  6. AEB/Yleisesittely Outline • Status of the Federation • Organisation of the Federation • Data protection directive and how it is followed in Haka • Quality of institutional identity management

  7. AEB/Yleisesittely Organisation of a federationAlternative 1: Federation as a consortium Federation HEI1 HEI7 HEI2 CSC (operator) Outsourcing HEI3 HEI6 HEI4 HEI5 A federation as a consortium that outsources operations of the AAI to some external organisation(s).

  8. AEB/Yleisesittely Organisation of a federationAlternative 2: Federation as a service Federation HEI1 HEI8 HEI2 CSC (operator) HEI7 HEI3 HEI4 HEI6 HEI5 Federation as a service provided by an operator. The way chosen by InCommon, SWITCHaai and Haka.

  9. AEB/Yleisesittely Organisation of the Haka infrastructure is similar to SWITCHaai Operator CSC – scientific computing ltd Central AAI services Federation members Federation partners Advisory comm. Operations comm. IdP Palvelu IdP Palvelu Palvelu IdP Palvelu Palvelu SP SP Palvelu SP SP SP SP

  10. AEB/Yleisesittely Outline • Status of the Federation • Organisation of the Federation • Data protection directive and how it is followed in Haka • Quality of institutional identity management

  11. AEB/Yleisesittely Data protection directive:Definitions (Article 2) • Personal data: any information relating to an identified or identifiable natural person • Personal data: ”he is Bob Smith” • Not personal data: ”he is a medicine student” • Processing of personal data: any operation on personal data, such as collection, storage, retrieval, dissemination etc… • for an Identity Provider, release of attributes is processing of personal data… • for an Service Provider, collecting attributes can be processing of personal data…

  12. AEB/Yleisesittely Data protection directiveRequirement 1: Which SPs may join the federation • Article 6: Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. • Purpose for processing personal data in HEIs: roughly ”To support research and education” • Release of personal data to a Service Provider shall not be incompatible with the purpose • IdPs may release personal data only to SPs who are processing data ”to support research and education” Haka: only Service Providers that are supporting research and education are accepted to the federation

  13. AEB/Yleisesittely Data protection directive Requirement 2: What attributes may be released • Article 6: Personal data must be adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. • only relevant attributes may be released from IdP to SPs • both IdP and SP have to consider, what are actually the relevant attributes from the service point of view Haka: administrational contact person of the federation member checks a new SP and the relevance of the attributes claimed before CSC adds the SP to the federation metadata. CSC maintains and distributes Site ARPs to IdPs.

  14. AEB/Yleisesittely Data protection directiveRequirement 3: User consent • Article 7: Personal data may be processed only ifa) the data subject has unambiguously given his consent; orb) processing is necessary for the performance of a contract to which the data subject is party… etc… • Article 11: Where the data have not been obtained from the data subject, … controller or his representative must at the time of undertaking the recording of personal data or if a disclosure to a third party is envisaged, no later than the time when the data are first disclosed provide the data subject with at least the following information... • Haka: Finnish data protection ombudsman: • Always ask user consent before first attribute release (Article 7) • When you do that, the user will be informed (Article 11)

  15. AEB/Yleisesittely Outline • Status of the Federation • Organisation of the Federation • Data protection directive and how it is followed in Haka • Quality of institutional identity management

  16. AEB/Yleisesittely Institutional idenitity management as a requirement • Can’t do inter-institutional identity management if intra-institutional IdM is not taken care of properly! • Many institutions have problems with data quality in the institutional enterprise directory • Reason: links between student registy, HR registry and the directory are missing • SPs expect that the attributes released are of high quality • Haka: having up-to-date data in the enterprise directory is a requirement for an IdP joining the federation • Self-audit for IdPs joining the federation • Based on the self-audit, operator makes the decision

  17. AEB/Yleisesittely ”School in user administration”:Supporting HEIs in improving institutional IdM • set of 3 one-day-workshops for staff in IT departments in HEIs • organised by CSC • 1st day 1/2005 • Theory, best practices, commercial/open source products… • First homework: evaluate your current institutional IdM • 2nd day 5/2005 • homeworks gone through • The concept of an identity federation introduced • Second homework: set target for your institutional IdM • 3rd day 12/2005 • Again, homeworks gone through • More best practices and products…

  18. AEB/Yleisesittely More information • http://www.csc.fi/suomi/funet/middleware/english/ • TNC’05 conference paper “Organising Federated Identity in Finnish Higher Education”, available: http://www.terena.nl/conferences/tnc2005/programme/presentations/show.php?pres_id=77

More Related