...
eduGAIN Attribute Release Check is a suite of test services for system administrators of identity providers Identity Providers registered in the eduGAIN Participant Federations.
The test services determine if an identity provider Identity Provider releases attributes according to the relevant Entity Category defined by REFEDS.
The purpose of the test services are is to evaluate which attributes are released by the identity provider Identity Provider depending on entity categories and requested attributes in the metadata of the respective test service.
The eduGAIN Rellease Attribute Release Check contains the following test services:
...
Processing of personal data
Transfer of personal data
Personal data are transferred from the identity provider (your login service) Identity Provider used for login to the relevant test services to ensure that the identity provider complies service in order to verify whether the Identity Provider releases attributes in accordance with the relevant REFEDS Entity Category defined by REFEDS.
When logging in to the respective a test service, a unique specific subset of personal data are may be requested from the list below from the identity provider you are testingIdentity Provider being tested. Each test service stores the set of attributes that information about which attributes have been transferred from the identity provider to the service released by the Identity Provider in order to be able to give a summarised result after provide a summary of the test result once the test suite has been completed. The attribute values, that contains Attribute values containing personal data , are not stored as part of the test results.
When logging in to these test services, the following personal data are may be requested from the identity provider you useIdentity Provider:
| Unique identifiers | To verify that the attributes are released by the |
| Identity Provider and to display the values to the user performing the tests. Please note that SAML NameIDs might be transmitted by the Identity Provider, but they are not requested and they will not be processed nor stored. | subject-id |
| Researcher and contributor identifier | To verify that the attribute is released by the |
| Identity Provider and to display the value to the user performing the tests. | eduPersonOrcid |
| Name | To verify that the attributes are released by the |
| Identity Provider and to display the values to the user performing the tests. | cn displayName givenName sn |
| E-mail address | To verify that the attribute is released by the |
| Identity Provider and to display the value to the user performing the tests. | mailLocalAddress |
| Affiliation | To verify that the attribute is released by the |
| Identity Provider and to display the value to the user performing the tests. | eduPersonAffiliation eduPersonScopedAffiliation |
| Assurance level | To verify that the attribute is released by the |
| Identity Provider and to display the value to the user performing the tests. | eduPersonAssurance |
| Organisational data | To verify that the attributes are released by the |
| Identity Provider and to display the values to the user performing the tests. | schacHomeOrganization |
In addition to direct personal data, indirect personal data
...
may also be transferred, such as the organisation to which
...
the user belongs
...
and the Identity Provider used for authentication. In combination with the above personal data, these
...
data may enable the identification of a natural person.
Other processing of personal data within the service
All The test services also store technical logs for debugging purposes and security , operational maintenance, and the handling of security-related incidents. These technical logs may contain information regarding all relating to authentications made to the test services and the , including personal data transferred during authentication.
...
Disclosure of personal data to third parties
No personal data are transferred to third parties.
Where personal data are processed by service providers acting on behalf of GÉANT Association, such processing is carried out under appropriate contractual safeguards and only to the extent necessary for the provision, maintenance, and security of the service.
International transfers of personal data
As a rule, personal data are processed within the European Economic Area.
If personal data are transferred to a recipient outside the European Economic Area in a country not covered by an adequacy decision of the European Commission, GÉANT Association will ensure that appropriate safeguards are implemented in accordance with Chapter V GDPR, including, where relevant, the European Commission’s Standard Contractual Clauses, supported by an assessment of the legal framework of the destination country and any supplementary technical, contractual, or organisational measures required.
Lawful basis
Personal data are processed on the basis of public interest. Personal data must be transferred in order for system administrators of identity providers to be+ able to verify that personal data is transferred in accordance with the recommendations of relevant REFEDS's Entity Categories.
Right of access, right of rectification and right of erasure of personal data
No personal data are stored in the service except in technical logs for debugging purposes and security related incidents.
For access and erasure of your personal data, contact the Personal data controller.
...
Article 6(1)(f) GDPR, namely the legitimate interests of GÉANT Association, which manages the eduGAIN service, in providing, maintaining, and securing a test service that enables administrators of Identity Providers registered in eduGAIN to verify whether their Identity Providers release attributes in accordance with REFEDS specifications and best practices.
GÉANT Association considers that these legitimate interests are not overridden by the interests, rights, or freedoms of the individuals concerned, in particular because the processing is limited to what is necessary for the verification function of the service, attribute values are not stored as part of the test results, personal data are retained only in technical logs for a short period, the processing is transparent and takes place in the context of federated authentication testing, and no automated individual decision-making takes place.
Automated decision-making
No automated individual decision-making, including profiling within the meaning of Article 22 GDPR, takes place in connection with the use of this service.
Data subject rights
You may have the right to request access to, rectification or erasure of, restriction of processing of, and objection to the processing of your personal data, subject to the conditions laid down in applicable data protection law.
You also have the right to lodge a complaint with a competent supervisory authority.
As the service does not store attribute values as part of the test results and only retains personal data in technical logs for a limited period, the exercise of certain rights may be limited in practice.
For requests relating to your personal data, or if you wish to contact the Data Protection Officer, please use the contact details below.
Retention of personal data
No personal data are stored in the service except as part of the test results.
Personal data may be contained in technical logs. The technical Such logs are automatically purged within a week.
Personal data controller
deleted after no more than 7 days.
Controller and Data Protection Officer
The Personal data controller for the processing of personal data is the :
GÉANT Association,
Hoekenrode 3
1102 BR Amsterdam – -Zuidoost
The Netherlands,
Telephone number: +31 20 530 4488, email:
GÉANT Association has appointed a Data Protection Officer. For data protection matters, including the exercise of your rights, you may contact the Data Protection Officer at: gdpr@geant.org.
GÉANT Data Protection Code of Conduct
This service complies with the international framework REFEDS Data Protection Code of Conduct (https://refeds.org/category/code-of-conduct) for the transfer of personal data from identity providers Identity Providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.