Sam, Here are some good starting points:
The UK federation's "Recommendations for Use of Personal Data", which provides a high-level overview: http://www.ukfederation.org.uk/library/uploads/Documents/recommendations-for-use-of-personal-data.pdf A set of more general papers discussing the implications of privacy and data protection in the context of federated identity: http://www.terena.org/activities/refeds/data-protection.html The directive itself: http://europa.eu/legislation_summaries/information_society/l14012_en.htm And its UK implementation, by way of an English-language example: http://www.legislation.gov.uk/ukpga/1998/29/contents The good news is that the principles are very simple, and can be explained in minutes. Unfortunately, although the national implementations are based on the same directive, there is sufficient variation in interpretation, enforcement and culture that can cause some surprises when operating across borders. For example, in the UK we don't have any formal proof of identity (our passport is just a proof of nationality) and tend to take a skeptical view of such things (the fledging national identity register was actually destroyed last month), whereas those crazy Swedes use a single ID to link a number of different public and private services. The directive was established in 1995, and it's definitely showing its age. There is an on-going effort to update the directive. It's a bit late for Prague, but perhaps we could consider a workshop around ABFAB & Privacy in Quebec City? Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
