Page tree
Skip to end of metadata
Go to start of metadata

List of datasets


This is a draft but mostly complete

eduGAIN Database - Participant Federation Information

Dataset description:Participant Federation Information (technically part of the main eduGAIN database)
Purpose of processing:Data concerning participation in the eduGAIN confederation required for contacting federation operators and also technical information required for the metadata aggregation process
Data source:Data provided by participant federation operators
Data storage and access:Data is stored in the SQL database that is operated in the infrastructure provided by PSNC. The raw data is accessible only by the personnel of eduGAIN operations team. Data can be accessed directory by the information pages of eduGAIN and via the network API calls at https://technical.edugain.org
Data transfer:Data is transferred to the development system to serve as the basis of system development
Data retention:Data is keep for the period of membership of the delegates in the eduGAIN SG. 
Personal data processed:Yes

Dataset content


Data itemIs personal data (DPO fills in)Comment
1contact_name - given name; last nameYesFederation SG delegate and deputy/ies name
2contact_emailYesFederation SG delegate and deputy/ies e-mail
3contact_email_publicYesfederations may request that access to this attibute for a given person is restricted
4metadata_urlNoFederation metadata location, used by eduGAIN aggregator to download metadata
5signing_certNoCarrier of the signing key, crucial for validation of federation metadata
6otherNocombination of membership related federation data

eduGAIN metadata aggregate


Dataset description:single XML file - an aggregate of metadata provided by participating federations
Purpose of processing:Creation of a trasted metadata exchange point
Data source:data collected form participating federations via HTTP GET operations
Data storage and access:Data is is held as a single file, openly accesible vie HTTP and HTTPS
Data transfer:Data is accesible without restrictions and can be reprocessed by any party for any purpose, in particylar data is reprocessed to feed the eduGAIN entity database
Data retention:Data is refreshed daily.  A copy of the metadata aggregate is kept for statistical information with personal data removed.
Personal data processed: Possibly if entity contact information contains such


The description of the structure is defined by the SAML2 specification, see below for a more detailed description


eduGAIN entity Database - entity information

Dataset description:entity information (IdP, SP or AA) (technically part of the main eduGAIN database)
Purpose of processing:Entity information browsing and filtering
Data source:data collected form participating federations via HTTP GET operations
Data storage and access:Data is stored in the SQL database that is operated in the infrastructure provided by PSNC. The raw data is accessible only by the personnel of eduroam operations team.
Data transfer:Data is not transferred to any other party or system.
Data retention:Data is refreshed daily.  A copy of the metadata aggregate is kept for statistical information with personal data removed.
Personal data processed: Yes

Dataset content


Data itemIs personal data (DPO fills in)Comment
1entityId - identifier of the entityNo
2contact_person_givennameYesnot required
3contact_person_surnameYesnot required
4contact_person_telephone_numberYesnot required
5contact_person_emailYesnot required
6contact_person_typeYes
7collection of deta describing the service or IdentityProviderNo

According to the eduGAIN service specification, the aggregator is required to collect data from federations and republish it "as is", it must be therefoe assumed thhat the system processes personal data that has been made publickly available by other parties. eduGAIN does not require that any personal data be present in metadata.


eduGAIN Connectivity Check Database

Dataset description:entity (IdP) information and participant Federation information
Purpose of processing:Identify eduGAIN Identity Providers (IdP) that are not properly configured and data concerning participation in the eduGAIN confederation required for contacting federation or services' operators
Data source:Data is collected form eduGAIN entities Database via the network API calls provided.
Data storage and access:Data is stored in the SQL database that is operated in the infrastructure provided by PSNC. The raw data is accessible only by the personnel of eduGAIN operations team. Data can be accessed and via the network API calls at https://technical.edugain.org/eccs/services/json_api.php
Data transfer:Data is not transferred to any other party or system.
Data retention:Data is refreshed daily. 
Personal data processed: Yes

Dataset content


Data itemIs personal data (DPO fills in)Comment
1entityIDNoIdentifier of the entity (IDP)
2federationNameNoFederation Name
3emailAddressNoFederation e-mail (it has to be not a personal address)
4registrationAuthorityNoFederation Registration Authority
5sgDelegateNameYesFederation SG delegate name
6sgDelegateSurnameYesFederation SG delegate surname
7sgDelegateEmailYesFederation SG delegate e-mail
8sgDeputyNameYesFederation SG deputy name
9sgDeputySurnameYesFederation SG deputy surname
10sgDeputyEmailYesFederation SG deputy e-mail
11displayNameNoDisplay Name of an entity
12technicalContactsYesIdP Technical Contact e-mail
13supportContactsYesIdP Support Contact e-mail
14collection of data describing the service or IdentityProviderNothe first "SingleSignOnService" URL with binding "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" in SAML metadata for the IdP


eduGAIN Connectivity Check Database

Dataset description:entity (IdP) information and participant Federation information
Purpose of processing:Identify eduGAIN Identity Providers (IdP) that are not properly configured and data concerning participation in the eduGAIN confederation required for contacting federation or services' operators
Data source:Data is collected form eduGAIN entities Database via the network API calls provided.
Data storage and access:Data is stored in the SQL database that is operated in the infrastructure provided by PSNC. The raw data is accessible only by the personnel of eduGAIN operations team. Data can be accessed and via the network API calls at https://technical.edugain.org/eccs/services/json_api.php
Data transfer:Data is not transferred to any other party or system.
Data retention:Data is refreshed daily. 
Personal data processed: Yes

Dataset content


Data itemIs personal data (DPO fills in)Comment
1entityIDNoIdentifier of the entity (IDP)
2federationNameNoFederation Name
3emailAddressNoFederation e-mail (it has to be not a personal address)
4registrationAuthorityNoFederation Registration Authority
5sgDelegateNameYesFederation SG delegate name
6sgDelegateSurnameYesFederation SG delegate surname
7sgDelegateEmailYesFederation SG delegate e-mail
8sgDeputyNameYesFederation SG deputy name
9sgDeputySurnameYesFederation SG deputy surname
10sgDeputyEmailYesFederation SG deputy e-mail
11displayNameNoDisplay Name of an entity
12technicalContactsYesIdP Technical Contact e-mail
13supportContactsYesIdP Support Contact e-mail
14collection of data describing the service or IdentityProviderNothe first "SingleSignOnService" URL with binding "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" in SAML metadata for the IdP


eduGAIN F-ticks

Dataset description:Usage log messages for each international and national authentication request.
Purpose of processing:Log data provides basic statistical information about service usage. It provides statistics about the number of logins for national and international roaming. The data is used for generation of usage statistics that are publicly available at https://f-ticks.edugain.org/ and for reporting to EC and other stakeholders.
Data source:Organisations operating Identity Providers that are members of eduGAIN Identity Federations.
Data storage and access:Data is stored in the a database that is operated in the infrastructure provided by fill in . The raw data is accessible only by the personnel of eduGAIN operations team
Data transfer:F-ticks data are not transferred to any other party or system.
Data retention:F-ticks data are kept indefinitely.
Personal data processed: Yes

Dataset content


Data itemIs personal data (DPO fills in)Comment
1

VISCOUNTRY


The ISO country code of the entity that generated the log messages.

2

AP


Asserting party identifier - often an identity provider. A string uniquely identifying the party making the claim towards the relying party. For an authentication event this is the identity provider. This is typically a URI and will often be technology-dependent

3

RP


Relying Party identifier. A string uniquely identifying the relying party involved in the authentication event. This is typically a URI and will often be technology-dependent. 

4

RESULT


The success-state of the event - either 'OK' or 'FAIL'. For identity providers, this implies that a successful authentication request was returned to a relying party. For relying parties it means a successful authentication response was received from an identity provider.

5

CSI


The Calling Station ID of the subject associated with the authentication event. The presence of this attribute implies that the message was generated by an AAA-based identity provider. In this case, SAML-session-id-hash is being sent. 

6

PN


A unique identifier for the subject involved in the event. In this case, depersonalised-ePTID is being sent

7

TS


A timestamp (seconds since the epoch) associated with the authentication event

Description of fields

The details of service related datasets (data collections) should be filled with a list of all kinds of data which is collected or processed by this service. The table should be filled by the Service Manager and afterwards reconciled with the GEANT Data Protection Officer in order to address GDPR requirements. One service often incorporates several datasets.

<dataset_name> - name of dataset (collection of data processed in similar way).

Dataset description: brief explanation of the kind of information or entities the dataset contains.

Purpose of processing: what is purpose of data collecting and processing.

Data source: what are source(s) of data - list of services, systems, applications, databases or similar source components, including user's input, from which data are being received. E.g. RIPE database, service ABC, organisation LDAP directory...

Data storage and access: describe where the data are stored, backup-ed etc. and who has access to the data.

Data transfer: list of other services, systems, applications, databases or similar destinations to which data are being sent. E.g. RIPE database, service ABC, GÉANT's database XYZ...

Data retention: describe data retention policy ie. for how long data are stored before being deleted. E.g. 1 year, 2 years after contract ending, forever...

Dataset content

  • Data item: a specific dataset item. It may be an attribute, component or structure within a dataset that can be clearly described in terms of content. If attribute, it is usually described with the formally assigned name and corresponding explanation of meaning, purpose, expected content or allowed values. Property values characterise all or some items (records, members...) within the dataset.
  • Is personal data (DPO fills in): whether this item is (a part of) personal data. Decided and entered by the GÉANT Data Protection Officer while analysing the GDPR requirements. Answer Yes of No.


Document ID


Version of document


Date of approval
Approved by
Status (draft, approved, obsolete)draft
Document owner (Service Manager?)
Contact person


Date of resubmission


Intervall of resubmission
Type of document (policy, procedure, Information)