[IUCC-GDPR] Eduroam and GDPR

Ariel Biener ariel at aristo.tau.ac.il
Mon Dec 18 20:38:11 IST 2017


This is not the use IP address, it is the NAS IP address,
usually the wireless controller.

בברכה,
 

אריאל בינר
מנהל יחידת תשתיות ותפעול , אגף מחשוב וטכנולוגיות מידע
משרד: 03-6406086 | פקס: 03-6405158
דוא"ל: ariel at aristo.tau.ac.il   | אתר:  http://www.tau.ac.il

> On 18 Dec 2017, at 11:22, Eli Beker <eli.beker at iucc.ac.il> wrote:
> 
> The visited site knows the user's account, which in most cases is the email and user name, and the IP of the users logged through.
> See real example from the eduroam server below.
> My believe a pseudoanonymization can be easily achieved by providing the users a unique identifier for eduroam and other federated services, which contains no personal data, where only the home institute will be able to identify the user, authenticate and authorize him/her. some already do that..
>  
>         User-Name = "XXXX at win.tu-berlin.de"
>         NAS-IP-Address = 132.72.207.2
>         NAS-Identifier = "WLC_4404_BGU"
>         User-Name = "YYYY at uibk.ac.at"
>         NAS-IP-Address = 132.72.207.2
>         NAS-Identifier = "WLC_4404_BGU"
>         User-Name = "ZZZZ at uibk.ac.at"
>         NAS-IP-Address = 132.72.207.2
>         NAS-Identifier = "WLC_4404_BGU
>         User-Name = "AAAA at unipv.it"
>         NAS-IP-Address = 132.72.207.9
>         NAS-Identifier = "eduroam"
>       User-Name = "BBBB at uni-wh.de"
>         NAS-IP-Address = 132.64.1.222
>         NAS-Identifier = "wlc-a"
>  
> -eli
>  
> From: gdpr-bounces at noc.ilan.net.il [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Roy Shapira
> Sent: Monday, December 18, 2017 9:00 AM
> To: Hank Nussbacher <Hank at mail.iucc.ac.il>; GDPR <gdpr at iucc.ac.il>
> Subject: Re: [IUCC-GDPR] Eduroam and GDPR
>  
>  
> So the Geist of it is that supposedly  :
>  
>> The visited site only knows where a roaming user comes from, not who they are, and sees no username, e-mail address or other information that would allow them to contact the user directly.
>>  
>  
> בברכה,
>  
> <image002.jpg>
> רועי שפירא | CISO
> מנהל אבטחת מידע
> 
> הרשות למחשוב, תקשורת ומידע
> האוניברסיטה העברית בירושלים
> T +972-2-549-4969 | M +972-50-699-2414
> roy.shapira at savion.huji.ac.il
>  
> “There are known knowns; … there are known unknowns… But there are also unknown unknowns…  it is the latter category that tend to be the difficult ones.”
> Donald Rumsfeld, 12 February 2002.
>  
>  
>  
> From: gdpr-bounces at noc.ilan.net.il [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Hank Nussbacher
> Sent: Friday, December 15, 2017 12:27
> To: GDPR <gdpr at iucc.ac.il>
> Subject: [IUCC-GDPR] Eduroam and GDPR
>  
> בסדנא שלנו ביום רביעי נשאלה השאלה בנושא EDUROAM + GDPR. 
> ראה בלוג של ה- NREN באנגליה:
> https://community.jisc.ac.uk/blogs/regulatory-developments/article/gdpr-wifi-access
>  
> בברכה,
> הנק
> _______________________________________________
> GDPR mailing list
> GDPR at noc.ilan.net.il
> http://noc.ilan.net.il/mailman/listinfo/gdpr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://noc.ilan.net.il/pipermail/gdpr/attachments/20171218/6725e21a/attachment-0001.html>


More information about the GDPR mailing list