B2ACCESS - Data Privacy Statement

Version: 1.0
Date: 20 Oct 2015

Privacy statement for End Users to be authenticated and authorised by the B2ACCESS service operated by Division "Federated Systems and Data" in Jülich Supercomputing Centre, Forschungszentrum Jülich GmbH (B2ACCESS Service Provider).

DEFINITIONS

following the GÉANT Data Protection Code of Conduct

Identity Provider (IdP): The system component to which End Users authenticate. IdPs issue Attribute assertions on behalf of End Users who use them to access the services of Service Providers. IdPs can use different kinds of secured protocols which can include X.509, SAML and OpenID.

Service Provider (SP): An organisation that is responsible for offering the End User the service he or she intends to use.

Downstream Service Provider (DSP): A service provider that is registered by the B2ACCESS Service Provider as a potential consumer of the End User's Personal Information.

Home Organisation: The organisation to which an End User is affiliated, operating the Identity Provider by itself or through an Agent. It is responsible for managing End Users' identity data and authenticating them.

Agent: The organisation operating the Identity Provider on behalf of the Home Organisation, if applicable, or on behalf of a community or project.

Attributes: The End User's personal data as managed by the Home Organisation or its Agent, such as (but not limited to) name, e-mail and role in the Home Organisation.

End User: any natural person possibly affiliated with a Home Organisation, e.g. as a researcher or student, making use of the service of a Service Provider.

Personal Data: any information relating to an identified or identifiable natural or legal person, if applicable.

Principles

1. About the B2ACCESS service

The B2ACCESS service is arbitrating access to other registered Service Providers (in this context called Downstream Service Providers). These Downstream Service Providers consume Attribute assertions provided by the B2ACCESS service when the End User accesses these services.

The role of the B2ACCESS service is to allow these Downstream Service Providers to make the authentication and the authorisation decisions, and other processing required by the Downstream Service Providers, when the End User accesses these services. In turn, B2ACCESS may make use and store the Attributes provided by the IdP for a certain span of time. Furthermore, B2ACCESS itself can act as an Identity Provider to authenticate the End Users that have registered directly with the B2ACCESS service. In those cases, the B2ACCESS assigns a dedicated username and the End User defines his/her password. The End User is affected by this privacy statement if he/she uses the B2ACCESS service directly and in connection with the Downstream Service Providers (when logging into the downstream services), regardless of which IdP is primarily used.

The B2ACCESS Service Provider makes sure that the End User's Attributes is only forwarded to Downstream Service Providers which the End User wants to access and that have declared to the B2ACCESS SP that they comply with the GÉANT Data Protection Code of Conduct. The latter implies that these DSPs will only use Personal Information that is relevant to provide the service to the user.

By registration to the B2ACCESS service, the End User declares his/her consent to the use of the data as described in this statement. This registration to B2ACCESS happens the first time the End User accesses one of the services of the Downstream Service Providers which requires authentication and when the End User's request has been redirected from this service to the B2ACCESS service. The redirected End User can then directly register to the B2ACCESS service by creating a user name and password, or he/she uses the identity provided by the IdP of his Home Organisation or Agent.

2. Personal Information collected, their usage and disclosure

Relevant Personal Information is collected at registration time and stored by the B2ACCESS SP to ensure that requested attributes can be released to Downstream Service Providers when the End Users triggers such a request. Information may be provided by the End User on the registration form (if he registered himself) or by the IdP, and are then stored by B2ACCESS. In order to provide seamless services for previously registered users, the Personal Information may be made available to (registered) Downstream Service Providers other than the one for which the End User has initially registered to the B2ACCESS service. The data obtained from the registration process includes: name (a given name and a surname); email address; Home Organization, if available; non-personal information about IdP. B2ACCESS SP will use this information to derive the appropriate level of assurance. Other details such as session identifiers, memberships of communities and roles within communities can be requested upon registration but will need to be approved by service administrators and/or community managers. Personal Information that is obtained from a Home Organization is subject to the regulations concerning the transfer of personal data and may be only a subset of that mentioned. In the latter case, the End User will be asked to provide the missing information. B2ACCESS administrators reserve the right to verify such information.

By registration, the End User authorises the processing of the provided data by any Downstream Service Provider that he/she will access. If End User were registered by a Home Organisation, the consent is assumed to have been given (implicitly or explicitly) for the transfer of End User details. In any case, Downstream Service Providers will request and process only Personal Information which is required for accessing the service.

Information stored in B2ACCESS will not be divulged to third parties with the following exceptions:

  1. the duly authorised support unit or help desk;
  2. duly authorised bodies, on a case by case basis, e.g. if required by a federation of which the IdP used by the End User is a member, or if required by law.
B2ACCESS neither sees nor stores the passwords (or any other credentials) used by the End User to authenticate to the IdPs of their Home Institutions or Agents. Passwords are only stored in irreversible form if B2ACCESS itself acts as primary IdP for the End User. For statistical purposes or provisioning of the service, e.g. troubleshooting or in case of security incidents, the service administrators can view all of the data pertaining to a particular End User. According to the Code of Conduct, the activities of identities on B2ACCESS are not traced.

3. Safeguard of the stored information

The B2ACCESS SP stores your personal information in databases secured using best practices for database security and your information can only be accessed by authorised persons and authorised internal service. System administrators and infrastructure operators must comply with suitable system administrators' code of ethics (e.g. Usenix LISA code of ethics or similar) and information technology policies as required by their organisations.

The B2ACCESS SP reserves the right to replicate the databases, again using secure methods, and to partner organisation(s) complying with the same levels of protection. No personal data will leave the EEC without the End User's consent except data which can be considered public.

4. Modify and delete information

End User can verify, modify or delete the information provided via the registration form. The attributes provided by IdPs cannot be modified by the End User and will not be modified by the B2ACCESS administrators. By logging into the B2ACCESS, it is possible to modify or remove an account but not the logging data associated with the use of the Downstream Service Providers that instead follows a separate retention schedule.

5. Data Preservation Policy

The B2ACCESS keeps End User data for as long as the End User is registered. If the deletion of the End User's account has been requested, the End User's data is removed after the period selected by the End User. Data stored in the B2ACCESS database is backed up regularly by the Service Provider to ensure a correct system restore, and backups may be retained for longer than three months.

B2ACCESS is monitored and all sensitive actions on the system are logged, including each authentication request. These logs (log files) are rotated regularly and removed from the active system after a maximum of 3 months. Log files and data may be kept longer if they were backed up to tape: in this case, they will not be removed from back-up tapes until those tapes are recycled.

6. Contact Information

If you wish to ask questions or post complaints about the service with respect to the use of your personal information, you should follow the contact link that is shown on B2ACCESS service page or write to the following address:

Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Forschungszentrum Jülich GmbH
52425 Jülich
Germany