Hi Jon
At JISC we are certainly interested in the need for user's to give
explicit consent with regards to the release of personal data and we are
looking at several different models including end-user attribute release
management, continued registration with Service Provider and the scope
for model DPA agreements and processes between IdPs and SPs (which would
clearly need to tie in to IdP getting consensus for use from all users).
I think we are moving quickly towards a world where end-users are going
to need to be able to better understand and manage their identity and
how it is exposed.
There is an interesting primer on sharing personal data and user consent
on the JISC Legal website if anyone is interested in the more thorny
issues: http://www.jisclegal.ac.uk/publications/datasharing.htm.
I'd be interested in hearing anyone else's take on this issue.
Nicole
Jon Warbrick wrote:
> Is anyone in the UK using, or considering using, ArpViewer[1] or
> Autograph[2] as a way of informing users about the information that an
> IdP is about to disclose on their behalf and giving them some control
> over it?
>
> Jon.
>
> [1] http://www.switch.ch/aai/support/tools/arpviewer.html
> [2] http://www.federation.org.au/twiki/bin/view/Federation/AutographView
>
--
Nicole Harris
Senior Services Transition Manager
JISC Executive
Brettenham House (South Entrance)
5, Lancaster Place
London WC2E 7EN
Tel: 02030066035
Mob: 07734058308
----------------------------------------------------------------------
Anything in this message which does not clearly relate to the official
work of the sender's organisation shall be understood as neither given
nor endorsed by that organisation.
----------------------------------------------------------------------
|