CSP-Innovazione nelle ICT is going to join IDEM/GARR, the Italian Identity Federation of University and Research institutions for authentication and authorization.
IDEM’s objectives are to create, setup and support an environment for shared management of access to online resources. That means that CSP users can access services provided by the members/partners IDEM, with the same credentials used internally.
More info about IDEM/GARR at the web site: http://www.idem.garr.it
An up-to-date list of available SP in IDEM Federation is available at https://www.idem.garr.it/servizi/sp
CSP provides the following services for entities of the Federation IDEM:
– WiFi network access (ssid: tower)
Attributes released
A basic set of user account information must be released to IDEM Services Providers to access to Federation Services.
Here below you will find a list of attributes that MUST be released to Service Providers:
- eduPersonTargetedID (a unique “opaque” identity code)
- eduPersonScopedAffiliation (a type of relationship between CSP and the user)
Here below you will find a list of attributes that COULD be released to requesting Service Providers:
- commonName (name and surname)
- surname (last name)
- givenName (name)
- email (email address)
- eduPersonPrincipalName (persistent user identifier)
- eduPersonOrgDN (the home organization with which the user is associated)
- eduPersonAffiliation (affiliation of the user with the home organization)
- eduPersonEntitlement (URI indication a set of rights to specific resources)
For support and information, please contact info-idem@csp.it
Privacy Policy
(Privacy Policy pursuant to Articles 13 and 14 of the (EU) Regulation No. 679/2016 – from now on GDPR)
Definitions
-
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
-
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The Processor carries out the instructions of the Owner and accepts the supervision thereof, in particular on the effective adoption of adequate measures regarding the protection of personal data (correspond to the Legal Person who manages the “Resource”).
-
Identity Provider: a computer system that provides the federated authentication service for Users of a specific Organization.
-
Resources: third party or Controller services to which the User of the federated authentication service intends to access.
-
Identity Federation: a group of federated authentication service providers and resource access service providers that agree to interoperate according to a common set of rules.
-
User: natural person who uses the service.
-
Subject: natural person whose personal data are subject to processing by the Owner and any third parties (correspond to the User).
Service Name |
Identity Provider (IdP) |
Service Description |
The federated authentication service that allows the Users of the CSP – Innovazione nelle ICT to access federated Resources using their institutional credentials. |
Controller |
Name: CSP – Innovazione nelle ICT Email: info@csp.it Address: strada Lionetto 6, Torino – 10146 CSP – Innovazione nelle ICT is the Controller of the personal data managed through the Service. |
Data Protection Officer (GDPR Section 4) (if applicable) |
NOT APPLICABLE |
Jurisdiction and supervisory authority |
IT-IT Italian Data Protection Authority |
Categories of direct and indirect personal data processed and legal basis for processing |
Any collected personal data is stored in Italy, in accordance with the GDPR. The data processing purpose is the provisioning of the authentication service. The legal basis for data processing is the fulfillment of contractual obligations (through the provisioning of the authentication service) and the legitimate interest of the Controller. |
Purposes of personal data processing |
To provide the federated authentication service in order to access the Resources requested by the User. To verify and monitor the proper functioning of the service and ensure its security (legitimate interest). To fulfil any legal obligations or requests from the judicial authorities. |
Third parties to whom the data are communicated |
The Controller, in order to provide the service correctly, communicates to the Resources providers to which the User intends to access proof of authentication and only the personal data (attributes) requested, in full compliance with the principle of minimization. |
Exercise of Subjects’ rights |
To request access to your personal data and their correction or deletion or to object to their processing, or to exercise the right to data portability (Articles 15 to 22 of the GDPR), contact the Controller at the above mentioned contact details. |
Revocation of the consent of the interested party |
The only data collected with the consent of the subject are preferences about the visualization of the attribute transmitted to the Resources. The preferences are collected at the time of the first access to the Resource and may be changed afterwards by starting over again the access procedure. |
Data Portability |
The Interested Party may request the portability of their data concerning the federated authentication service, including preferences regarding the visualization of the attributes transmitted to the Resources, which will be provided in open format and in accordance with Art. 20 of the GDPR. The data portability service is free of charge. |
Duration of Data Storage |
All personal data collected to provide the federated authentication service will be stored for the entire time it will be necessary to provide the service itself. After 3 months after deactivation, all personal data collected or generated by the use of the service will be deleted. |