eduVPN distinguishes between two main categories of usage: Institute Access and Secure Internet. Institute Access refers to accessing protected resources within an organisation – like a corporate VPN; the goal of Secure Internet is to access the public internet from a trusted server. For institute access, complying with data protection legislation is rather trivial: the VPN is managed by a single organisation, usually for their employees. However, in the case of secure internet, organisations trusting each other – NRENs – allow cross-use of their VPN services. In the attached document, we tried to describe the different roles and responsibilities regarding data protection in this specific use case of a federated VPN service in which likeminded international organisations trust each other and decide to share a VPN service to their constituency, allowing a user from one organisation to use the VPN service based in another country. We tried to make the description as generic as possible in the hope that other organisations in the future decide to use the same model.
Read more here
Add Comment