[IUCC-GDPR] Eduroam and GDPR

Ariel Biener ariel at aristo.tau.ac.il
Mon Dec 18 20:56:22 IST 2017


Yup.

This data can be anonymized after a month or so.

This requirement, amongst others, steers us towards 
centralizing logs using ELK like infrastructure, allowing
to perform anonymizing after a set period a lot easier
than by going over text files.

בברכה,
 

אריאל בינר
מנהל יחידת תשתיות ותפעול , אגף מחשוב וטכנולוגיות מידע
משרד: 03-6406086 | פקס: 03-6405158
דוא"ל: ariel at aristo.tau.ac.il   | אתר:  http://www.tau.ac.il

> On 18 Dec 2017, at 20:46, Eli Beker <eli.beker at iucc.ac.il> wrote:
> 
> Which leads to the user location...
> 
> On Dec 18, 2017 20:38, Ariel Biener <ariel at aristo.tau.ac.il> wrote:
> This is not the use IP address, it is the NAS IP address,
> usually the wireless controller.
> 
> בברכה,
>  
> 
> אריאל בינר
> מנהל יחידת תשתיות ותפעול , אגף מחשוב וטכנולוגיות מידע
> משרד: 03-6406086 | פקס: 03-6405158
> דוא"ל: ariel at aristo.tau.ac.il   | אתר:  http://www.tau.ac.il
> 
> On 18 Dec 2017, at 11:22, Eli Beker <eli.beker at iucc.ac.il> wrote:
> 
> The visited site knows the user's account, which in most cases is the email and user name, and the IP of the users logged through.
> 
> See real example from the eduroam server below.
> 
> My believe a pseudoanonymization can be easily achieved by providing the users a unique identifier for eduroam and other federated services, which contains no personal data, where only the home institute will be able to identify the user, authenticate and authorize him/her. some already do that..
> 
>  
> 
>         User-Name = "XXXX at win.tu-berlin.de"
> 
>         NAS-IP-Address = 132.72.207.2
> 
>         NAS-Identifier = "WLC_4404_BGU"
> 
>         User-Name = "YYYY at uibk.ac.at"
> 
>         NAS-IP-Address = 132.72.207.2
> 
>         NAS-Identifier = "WLC_4404_BGU"
> 
>         User-Name = "ZZZZ at uibk.ac.at"
> 
>         NAS-IP-Address = 132.72.207.2
> 
>         NAS-Identifier = "WLC_4404_BGU
> 
>         User-Name = "AAAA at unipv.it"
> 
>         NAS-IP-Address = 132.72.207.9
> 
>         NAS-Identifier = "eduroam"
> 
>       User-Name = "BBBB at uni-wh.de"
> 
>         NAS-IP-Address = 132.64.1.222
> 
>         NAS-Identifier = "wlc-a"
> 
>  
> 
> -eli
> 
>  
> 
> From: gdpr-bounces at noc.ilan.net.il [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Roy Shapira
> Sent: Monday, December 18, 2017 9:00 AM
> To: Hank Nussbacher <Hank at mail.iucc.ac.il>; GDPR <gdpr at iucc.ac.il>
> Subject: Re: [IUCC-GDPR] Eduroam and GDPR
> 
>  
> 
>  
> 
> So the Geist of it is that supposedly  :
> 
>  
> 
>> 
> The visited site only knows where a roaming user comes from, not who they are, and sees no username, e-mail address or other information that would allow them to contact the user directly.
> 
>> 
>  
> 
>  
> 
> בברכה,
> 
>  
> 
> <image002.jpg>
> 
> רועי שפירא | CISO
> מנהל אבטחת מידע
> 
> הרשות למחשוב, תקשורת ומידע
> האוניברסיטה העברית בירושלים
> T +972-2-549-4969 | M +972-50-699-2414
> roy.shapira at savion.huji.ac.il
> 
>  
> 
> “There are known knowns; … there are known unknowns… But there are also unknown unknowns…  it is the latter category that tend to be the difficult ones.”
> 
> Donald Rumsfeld, 12 February 2002.
> 
>  
> 
>  
> 
>  
> 
> From: gdpr-bounces at noc.ilan.net.il [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Hank Nussbacher
> Sent: Friday, December 15, 2017 12:27
> To: GDPR <gdpr at iucc.ac.il>
> Subject: [IUCC-GDPR] Eduroam and GDPR
> 
>  
> 
> בסדנא שלנו ביום רביעי נשאלה השאלה בנושא EDUROAM + GDPR. 
> 
> ראה בלוג של ה- NREN באנגליה:
> 
> https://community.jisc.ac.uk/blogs/regulatory-developments/article/gdpr-wifi-access
> 
>  
> 
> בברכה,
> 
> הנק
> 
> _______________________________________________
> GDPR mailing list
> GDPR at noc.ilan.net.il
> http://noc.ilan.net.il/mailman/listinfo/gdpr
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://noc.ilan.net.il/pipermail/gdpr/attachments/20171218/3c6fda7c/attachment-0001.html>


More information about the GDPR mailing list