Identity Management and Personal Data
Aim: Clarify release of your personal information and attribute release to federation partners
Target Audience: everyone
Your Nikhef account is used to authenticate you to various services inside and outside of Nikhef, and you will have several groups membership and roles assigned to your account. In addition, your account has identity and 'assurance' information: who you are, your name, your email address, affiliation station, and whether or not you have been identity vetted by our P&O department.
Your account details are stored in the NikIdM ("Nikhef Identity Management system"), that consists of a central directory service and a series of workflows that interlink the directory to the Nikhef/NWO-I HR system, and to the federated services providers and 'local' logins (like ssh, email, and 'TimeTell' time recording)
Release of attributes
When you authenticate to a service, some of your personal data may be released to the service provider. We on purpose facilitate the use of your Nikhef account to securely authenticate to many research and scholarship services in the world, and you are actively informed of what attributes about you are released to external service providers.
Some services are typically required to work effectively for Nikhef: we review those services and take specific care that these provide a security and privacy benefit to you, rather than a risk. Release of attributes to any other service (not so qualified) is entirely up to you - you are asked for consent before your attributes are released.
- List of required and recommended services (inside Nikhef)
Identity Management Directory
The NikIDM system is the authoritative source of authentication, attributes, and roles for all user entities for managed ICT services, and is a source system for other ICT entity types at Nikhef. Any user data and assertions provided by other managed ICT systems at Nikhef will not be in conflict with this Policy and the NikIDM source systems. The NikIDM also provides authentication, attribute management, and authorization capabilities for the Nikhef collaboration and the Institute when interacting with third- party service providers and educational and research federations.
The policy governing the identity management system (version 1.1) governs the management of the NikIdM.