[IUCC-GDPR] Eduroam and GDPR

Eli Beker eli.beker at iucc.ac.il
Mon Dec 18 11:22:29 IST 2017


The visited site knows the user's account, which in most cases is the email and user name, and the IP of the users logged through.
See real example from the eduroam server below.
My believe a pseudoanonymization can be easily achieved by providing the users a unique identifier for eduroam and other federated services, which contains no personal data, where only the home institute will be able to identify the user, authenticate and authorize him/her. some already do that..

        User-Name = "XXXX at win.tu-berlin.de"
        NAS-IP-Address = 132.72.207.2
        NAS-Identifier = "WLC_4404_BGU"
        User-Name = "YYYY at uibk.ac.at"
        NAS-IP-Address = 132.72.207.2
        NAS-Identifier = "WLC_4404_BGU"
        User-Name = "ZZZZ at uibk.ac.at"
        NAS-IP-Address = 132.72.207.2
        NAS-Identifier = "WLC_4404_BGU
        User-Name = "AAAA at unipv.it"
        NAS-IP-Address = 132.72.207.9
        NAS-Identifier = "eduroam"
      User-Name = "BBBB at uni-wh.de"
        NAS-IP-Address = 132.64.1.222
        NAS-Identifier = "wlc-a"

-eli

From: gdpr-bounces at noc.ilan.net.il [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Roy Shapira
Sent: Monday, December 18, 2017 9:00 AM
To: Hank Nussbacher <Hank at mail.iucc.ac.il>; GDPR <gdpr at iucc.ac.il>
Subject: Re: [IUCC-GDPR] Eduroam and GDPR


So the Geist of it is that supposedly  :

“
The visited site only knows where a roaming user comes from, not who they are, and sees no username, e-mail address or other information that would allow them to contact the user directly.
”


בברכה,

[cid:image001.jpg at 01D3384B.9D964510]

רועי שפירא | CISO
מנהל אבטחת מידע
הרשות למחשוב, תקשורת ומידע
האוניברסיטה העברית בירושלים
T +972-2-549-4969 | M +972-50-699-2414
roy.shapira at savion.huji.ac.il<mailto:roy.shapira at savion.huji.ac.il>


“There are known knowns; … there are known unknowns… But there are also unknown unknowns…  it is the latter category that tend to be the difficult ones.”
Donald Rumsfeld, 12 February 2002.



From: gdpr-bounces at noc.ilan.net.il<mailto:gdpr-bounces at noc.ilan.net.il> [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Hank Nussbacher
Sent: Friday, December 15, 2017 12:27
To: GDPR <gdpr at iucc.ac.il<mailto:gdpr at iucc.ac.il>>
Subject: [IUCC-GDPR] Eduroam and GDPR

בסדנא שלנו ביום רביעי נשאלה השאלה בנושא EDUROAM + GDPR.
ראה בלוג של ה- NREN באנגליה:
https://community.jisc.ac.uk/blogs/regulatory-developments/article/gdpr-wifi-access

בברכה,
הנק
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://noc.ilan.net.il/pipermail/gdpr/attachments/20171218/eef56417/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2249 bytes
Desc: image002.jpg
URL: <http://noc.ilan.net.il/pipermail/gdpr/attachments/20171218/eef56417/attachment-0001.jpg>


More information about the GDPR mailing list