„Federation Policy” változatai közötti eltérés

Innen: KIFÜ Wiki
(Operational rules)
(Import from AboutEduID.hu)
1. sor: 1. sor:
== Federation principles ==
+
== About eduID ==
 +
Hungarian Research and Educational Federation (HREF) is a SAML2-based Identity Federation of Hungarian higher education and research institutions, public collections and other content providers. For the end-users, the federation aims to be transparent, therefore the login procedure is communicated as '''''eduID login'''''.
 +
== Contacts ==
 +
The Federation is operated by [http://www.niif.hu NIIF Institute] as a Federation Operator. Questions, concerns or any kind of requests about the Federation should be directed to any of the following addresses:
 +
* '''aai@niif.hu'''
 +
* '''Kristof Bajnok''', ''NIIF Institute''
 +
:18-22 Victor H. str
 +
:H-1132 Budapest
 +
:Hungary
 +
 
 +
News and information about the federation is published at http://eduid.hu (Hungarian only)
 +
== Policy and principles of interoperation ==
 +
=== Basic principles ===
 
# The aim of the Federation is to allow the use of services of its Members and Partners, where authorisation is based on the user information originating from the users' Home Institutions.
 
# The aim of the Federation is to allow the use of services of its Members and Partners, where authorisation is based on the user information originating from the users' Home Institutions.
 
# Home Institutions must only authenticate users having a known affiliation to them.
 
# Home Institutions must only authenticate users having a known affiliation to them.
10. sor: 22. sor:
 
# IdPs and SPs must cooperate in the investigation of possible abuse/fraud.
 
# IdPs and SPs must cooperate in the investigation of possible abuse/fraud.
 
# IT systems running IdPs and SPs must be operated with due diligence.
 
# IT systems running IdPs and SPs must be operated with due diligence.
 +
=== Data protection ===
 +
* Prior joining the federation, every entity needs to publish the Data Protection Policy under which it operates. This policy must be kept up-to-date.
 +
* Whenever the Data Protection Policy changes, the Federation Operator must be notified.
 +
* Transfer of personal data is only allowed when either
 +
** authorised by law, or
 +
** the user expressed his or her consent on the data transfer.
  
== Rules ==
+
=== Rules of membership ===
=== Data protection rules ===
+
The Federation is operated by the Federation Operator, that also operates the national research network. Further participants are ''Members'' and ''Partners'' that must have a signed contract with the Operator.
# Members and Partners must ensure that processing personal data satisfies the requirements of the applicable laws. Therefore personal data of the users may be processed only if either authorised by law or, if the user expressed his or her consent. Users must be able to receive all the needed background information before their permission could be asked.
 
# All Members and Partners must have their own Data Protection (Privacy) Policy which must include
 
#* description of the collected personal data;
 
#* purpose of the data processing;
 
#* period of time of keeping collected personal data;
 
#* procedures of expressing complaint about data processing.
 
# All Partners and Members must publish their up to date Data Protection (Privacy) Policy.
 
=== Operational rules ===
 
# Operational rules are described in separate documents: [[HREFIdPReq|IdP requirements]], [[HREFSPReq|SP requirements]].
 
# The Federation Operator is authorised to verify conformance to the operational rules.
 
# Members and Partners must insure that their metadata handling and modification procedures adhere to the [[HREFMetadataSpecEN|metadata specification]], thus:
 
#* Members maintain their data in the Resource Registry in order keep the Federation's metadata files up to date.
 
#* metadata must be updated and verified according to the schedule included into the specification.
 
# Both IdP and SP follows the [[HREFAttributeSpecEN|Attribute Specification]] when transferring attributes of a user.
 
 
 
=== Data management rules ===
 
# All Identity Providers must document their user registration procedures.
 
# Only users having a defined affiliation with the institution might be authenticated by that institution.
 
# Quality of data
 
#* Data storage procedures must support that an individual can be back-traced only for the time what it is necessary for the purpose of the data processing.
 
#* It is recommended to build the database of the IdP based on an authoritative database. Regular update of the data ensures its timeliness and accuracy.
 
#* If the database of the IdP would not be based on an authoritative database then procedures must take place to maintain the quality of data.
 
# The Identity Provider should aim to make its services available to all of its affiliated users.
 
# The Identity Provider implements the attributes what are ''required'' by the [[HREFAttributeSpecEN|Attribute Specification]].
 
=== Rules of Membership ===  
 
The HREF Federation is operated by the Federation Operator, that also operates the national research network. Further participants are Members and Partners that must have a signed contract with the Operator.
 
 
# The following institutions may be '''Members''' of the federation:
 
# The following institutions may be '''Members''' of the federation:
 
#* Institutions of the higher education;
 
#* Institutions of the higher education;
44. sor: 36. sor:
 
#* Institutions of secondary education;
 
#* Institutions of secondary education;
 
#* Public collections.  
 
#* Public collections.  
# Any organisation might join as '''Partners'''.
+
# Any organisation might join as a '''Partner'''.
 
# All Members and Partners of the Federation might provide services.
 
# All Members and Partners of the Federation might provide services.
 
# A Partner might participate in the meeting of the Members' Board as an observer, without having rights to vote.
 
# A Partner might participate in the meeting of the Members' Board as an observer, without having rights to vote.
 
# Only Members are entitled to
 
# Only Members are entitled to
#* supply user information to the federation
+
#* supply user identity information to the federation
 
#* send representatives into the Members' Board with a right to vote.
 
#* send representatives into the Members' Board with a right to vote.
 +
 +
== Governance ==
 +
The governance body of the federation is the '''Members' Board (MB)'''. Every Federation Member may send one representative person to the Members' Board, who has one vote.
 +
 +
The working language of the MB is Hungarian. The Board publishes its decisions and guidelines at http://eduid.hu/dokumentumok in Hungarian, although whenever the topic is of interest of any international Partner, it shall be translated to English and the administrative contacts shall be notified.
 +
 +
MB is authorised to
 +
* accept new Federation documents or modify existing ones,
 +
* accept application of new Members and Partners
 +
 +
Partners may also send representatives for MB meetings, without voting rights.
 +
 +
== Legal ==
 +
The Federation itself is not a legal entity, Members and Partners establish a legal connection to the Federation Operator. Any legal claims between Members and/or Partners shall be directed to the organisation operating the Identity Provider or the Service Provider.

A lap 2012. március 30., 13:56-kori változata

About eduID

Hungarian Research and Educational Federation (HREF) is a SAML2-based Identity Federation of Hungarian higher education and research institutions, public collections and other content providers. For the end-users, the federation aims to be transparent, therefore the login procedure is communicated as eduID login.

Contacts

The Federation is operated by NIIF Institute as a Federation Operator. Questions, concerns or any kind of requests about the Federation should be directed to any of the following addresses:

  • aai@niif.hu
  • Kristof Bajnok, NIIF Institute
18-22 Victor H. str
H-1132 Budapest
Hungary

News and information about the federation is published at http://eduid.hu (Hungarian only)

Policy and principles of interoperation

Basic principles

  1. The aim of the Federation is to allow the use of services of its Members and Partners, where authorisation is based on the user information originating from the users' Home Institutions.
  2. Home Institutions must only authenticate users having a known affiliation to them.
  3. IdPs and SPs must not give false or misleading information about themselves.
  4. User information provided by IdPs should be as accurate as possible. SPs must take into account that parts of the received information may be at the discretion of the user.
  5. User credentials (i.e. passwords) stored by IdPs must be protected and verified only through secure procedures.
  6. SPs must request only the user attributes which are absolutely necessary for their operation.
  7. SPs must not ask users for their federation passwords.
  8. SPs must handle personal data according to the local privacy laws.
  9. IdPs and SPs must cooperate in the investigation of possible abuse/fraud.
  10. IT systems running IdPs and SPs must be operated with due diligence.

Data protection

  • Prior joining the federation, every entity needs to publish the Data Protection Policy under which it operates. This policy must be kept up-to-date.
  • Whenever the Data Protection Policy changes, the Federation Operator must be notified.
  • Transfer of personal data is only allowed when either
    • authorised by law, or
    • the user expressed his or her consent on the data transfer.

Rules of membership

The Federation is operated by the Federation Operator, that also operates the national research network. Further participants are Members and Partners that must have a signed contract with the Operator.

  1. The following institutions may be Members of the federation:
    • Institutions of the higher education;
    • Institutions of the Hungarian Research Academy and other research institutions;
    • Institutions of secondary education;
    • Public collections.
  2. Any organisation might join as a Partner.
  3. All Members and Partners of the Federation might provide services.
  4. A Partner might participate in the meeting of the Members' Board as an observer, without having rights to vote.
  5. Only Members are entitled to
    • supply user identity information to the federation
    • send representatives into the Members' Board with a right to vote.

Governance

The governance body of the federation is the Members' Board (MB). Every Federation Member may send one representative person to the Members' Board, who has one vote.

The working language of the MB is Hungarian. The Board publishes its decisions and guidelines at http://eduid.hu/dokumentumok in Hungarian, although whenever the topic is of interest of any international Partner, it shall be translated to English and the administrative contacts shall be notified.

MB is authorised to

  • accept new Federation documents or modify existing ones,
  • accept application of new Members and Partners

Partners may also send representatives for MB meetings, without voting rights.

Legal

The Federation itself is not a legal entity, Members and Partners establish a legal connection to the Federation Operator. Any legal claims between Members and/or Partners shall be directed to the organisation operating the Identity Provider or the Service Provider.