OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] SAML deployments that use consent step?


Hmm..well I'm no lawyer either but it strikes me that unless you really understand the context in which the consent is taking place it's real easy to misinterpret this stuff.

The context of Legal information matching for the purposes of reducing fraud, is a completely different context to a user seeking to get a service that requires, say, attributes X and Y to be pushed to the service, with the consent of the user, before it can be delivered to the user.

Just like a police search warrant can override pretty much anyone's privacy rights, the law enforcement context of the first context above, differs greatly from the second context. 

And I would contend that SAML deployments are primarily focussed at the second.

Cheers
Colin  

-----Original Message-----
From: Paul Madsen [mailto:paulmadsen@rogers.com] 
Sent: Thursday, 12 November 2009 11:17 a.m.
To: Josh Howlett
Cc: RL 'Bob' Morgan; oasis sstc
Subject: Re: [security-services] SAML deployments that use consent step?

Albeit outdated, this paper from the UK ICO would seem to support the 
consent model described by Josh

http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/sharing_personal_information_v1.1.pdf

Josh Howlett wrote:
> I previously wrote that:
>> There is certainly a place for consent, but it needs to be used 
>> judiciously. It is certainly not (in the EU context, at least) the 
>> silver bullet or "best practice" that proponents of "user centric" 
>> approaches sometimes suggest.
>
> One of my colleagues who specialises in DP law (and understands this 
> stuff, unlike me) informed me today that the UK Information 
> Commissioner's Office (the body charged with "upholding information 
> rights in the public interest") has issued a statement to the effect 
> that consent should be considered the cause-of-last-resort for 
> releasing PII.
>
> josh.
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

====
CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]