Access Management

13 August 2012 at 10:59am
The Ministry of Justice have published a summary of the responses to their consultation on European Data Protection proposals. On the issues we raised around Internet Identifiers, Breach Notification and Cloud Computing there seems to be general agreement with our concerns.
2 July 2012 at 2:58pm
The Information Commissioner’s consultation on an Anonymisation Code of Practice is mainly concerned with the exchange or publication of datasets derived from personal data. However it once again highlights the long-standing confusion around the treatment of pseudonyms under Data Protection law.
24 October 2013 at 3:16pm
The NHS in England, Scotland and Wales use OpenAthens for access management for electronic journal and kowledge base resources e.g. It was announced on 19th February 2013 that NICE have contracted with Eduserv for 2 years for the NHS in England to use OpenAthens:
12 June 2012 at 9:30am
The European Commission have proposed a draft eIdentity Regulation, to replace the current eSignatures Directive (99/93/EC). While the proposal is mostly concerned with inter-operability of national electronic IDs and improving the legal significance of digital signatures, timestamps, documents, etc.
6 June 2012 at 1:42pm
In discussing a legal framework for federated access management we’ve concluded that the right approach to use as a basis for exchanging attributes is that a particular attribute is “necessary” to provide a service. That implies both that service providers shouldn’t ask for attributes they don’t need, and also that where there is a choice of attributes that could be used they should choose the one that includes the smallest amount of unnecessary information.
13 August 2012 at 10:57am
The Government Data Service have published draft identity and privacy principles for federated access management (FAM) systems. It’s interesting to compare these with the approach that has been taken by Research and Education Federations to see whether we have identified the same issues and solutions.
6 June 2012 at 11:48am
I did a presentation at the EEMA eID Interoperability conference last month on alternatives to "consent" in federated access management. At the moment consent seems to be the most often cited justification for processing personal data – websites frequently say that "by using this site you consent to...".
6 June 2012 at 11:20am
The Information Commissioner has published his initial analysis of the EU Data Protection proposals.
4 July 2012 at 5:02pm
I've just sent in a Janet submission to the Ministry of Justice's Call for Evidence on the EU Data Protection proposals. Our response mentions the good and bad things about the proposal, as discussed here previously, for
6 June 2012 at 11:14am
The European Commission’s proposed Data Protection Regulation supports recent thinking in moving away from using consent as a basis for federated access management systems.
Subscribe to Access Management