Versions Compared

Old Version 44

changes.mady.by.user Stefan Winter

Saved on

compared with

New Version 45

changes.mady.by.user Stefan Winter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

xx

Data itemIs personal data (DPO fills in)
1

administrator authentication - supplied from eduroam SP proxy

  • eduPersonTargetedId or equivalent
  • real name
  • email address
x
2

administrator authorisation

  • is user an NRO administrator, and for which country - supplied from eduroam SP proxy
  • initial email address of new institution administrators during signup (supplied from NRO administrator)
  • is user institution administrator, and for which institution - information gathered from NRO administrators and with email voucher verification process

3

general institution information - supplied by institution administrator input

  • institution name, multi-language
  • geographical coordinates of institution
  • institution logo
  • whether institution also exists in eduroam database (institution information), and the ID in that database

4

eduroam media deployment information - supplied by institution administrator input

  • SSIDs and encryption levels
  • whether or not eduroam is on wired ports
  • onboarding SSIDs which should be removed upon installation
  • Passpoint consortia identifiers
x

5

support contacts of institution - supplied by institution administrator input

  • helpdesk email, multi-language
  • information web page, multi-language
  • Acceptable Use Policy, multi-language
  • telephone contact
x

6

RADIUS/EAP details - supplied by institution administrator input

  • name of deployment profile, multi-language
  • description of deployment profile, multi-language
  • production-readiness state of deployment profile
  • domain name ("realm") for deployment profile
  • anonymous outer ID to be used in installers
  • supported EAP types
  • CA certificates that identify EAP server
  • names of EAP servers
  • redirection URLs for external installer handling, multi-language
  • custom text accompanying installer downloads, , multi-language
  • EAP-TLS username handling directives (does not contain actual user names)
x

eduroam Managed IdP



Dataset description:eduroam Managed IdP is a derivative of eduroam CAT (see above), which additionally produces per-user personalised installation programs and maintains a database of these end users. It also authenticates the end users based on the installed programs
Purpose of processing:allowing administrators to upload and maintain the information needed to manage their end user base to the end of creating eduroam installation programs ("installers") within their country / institution, and to authenticate their users in eduroam
Data source:eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above), administrator input, produces web server and application logs (cat-pilot.eduroam.org / auth-test.hosted.eduroam.org / auth-test-2.hosted.eduroam.org / ocsp-test.hosted.eduroam.org)
Data storage and access:
  • this needs to be filled in by the sys admins of the servers
Data transfer:None
Data retention:
  • The authorisation status of administrators who ever logged in is retained permanently.
  • Most of the installer-relevant information is kept until the administrator chooses to delete it (then deleted immediately), with the exception of ...
  • ... end user authentication data, which is retained (indefinitely?) even after deletion of users to enable prosecution
Personal data processed: authentication and authorisation data of NRO and institution administrators, pseudonyms of individuals (institutions' end users), authentication logs of end users including indication of location, frequency and timestamps of use

...