Notes on Call
Susan Blair
John Krienke
Chris Holmes
Von Welch
Warren Anderson
Donald Beck
Craig Jackson
Bill Yock
Steven Carmody
Tracy Mitrano
Ann West
Timing.
The deadline for our work is November 1 and looming. Ann proposed that the committee finish up discussing the topics we have on our list and draft a white paper that outlines our intent for eduGAIN support. Part of that will be the charter of the next group to 1) work with the attorneys on PA/FOPP language and 2) Develop a communication and rollout plan for rolling out eduGAIN to the committee. This committee will continue until this intent paper and charter are finished.
Privacy Overview
EU has comprehensive view on data privacy
Identify any number of data elements and insist that they be treat in the same way.
Individual must actively assert participation
Canada is a hybrid but US is the outlier
US sectarian – stove pipe in manage information by sector (Health, HE, Banking, etc)
Info about people is vital to the market.
Cultural differences that filter into different frameworks
But also driven legally
Most other cultural is opt-in
Increasingly problems in apps to mobile, deep in privacy, and folks don’t realize what they are agreeing too.
Any legal constraints for us re: opt-in/opt-out?
Not yet. Dan Solove published about this issue. No proposed legislation aware of. But privacy activists feel that people are being coerced into giving up data/privacy because of the attractiveness of the service
Opt in and opt out
How does this relate to individual opt-in/opt-out?
Why opt-in is not a good idea: Slow Adoption – the entity making the decision for opt-in is Central IT, but those benefit are the research, faculty, students. Gap between IT and researchers is very wide. Research universities don’t care about supporting research. LIGO approached entities in UK. Attributes release to the US, no UK university would do it. Decision to make those attributes overseas, IT won’t feel comfortable doing it and don’t’ want to make the call and go up the food change. Central IT will be a blocker and many different concerns. Central IT can’s make decision and don’t’ have good access to right people.
Legal opt-out
Institutions are seeing more and more terms of use. Not as hesitant to do it as long there’s a level of trust with InCommon Steering. Well thought out and benefit the Federation at large.
US idPs Exported Off-shore
Will have additional tag categories in future
Number of tags in each category will grow in the future.
US IdPs using Global Sps in the metadata
Could InC tags come from countries coming from the EU (under privacy directive and equivalent – EU, canada, Brazil) Is that directive sufficiently close to section 9. John prefers schools to pick and choose. But how do you keep up with which privacy laws should be treated as equivalent? Should be a service
What if we had a standard configuration? Mistakenly research attributes to the wrong SP.
Next Call: October 22