Skip to content

Identity Management and Personal Data

Aim: Clarify release of your personal information and attribute release to federation partners

Target Audience: everyone

Introduction

Your Nikhef account is used to authenticate you to various services inside and outside of Nikhef, and you will have several groups membership and roles assigned to your account. In addition, your account has identity and 'assurance' information: who you are, your name, your email address, affiliation station, and whether or not you have been identity vetted by our P&O department.

Your account details are stored in the NikIdM ("Nikhef Identity Management system"), that consists of a central directory service and a series of workflows that interlink the directory to the Nikhef/NWO-I HR system, and to the federated services providers and 'local' logins (like ssh, email, and 'TimeTell' time recording)

Release of attributes

When you authenticate to a service, some of your personal data may be released to the service provider. We on purpose facilitate the use of your Nikhef account to securely authenticate to many research and scholarship services in the world, and you are actively informed of what attributes about you are released to external service providers.

Some services are typically required to work effectively for Nikhef: we review those services and take specific care that these provide a security and privacy benefit to you, rather than a risk. Release of attributes to any other service (not so qualified) is entirely up to you - you are asked for consent before your attributes are released.

Identity Management Directory

The NikIDM system is the authoritative source of authentication, attributes, and roles for all user entities for managed ICT services, and is a source system for other ICT entity types at Nikhef. Any user data and assertions provided by other managed ICT systems at Nikhef will not be in conflict with this Policy and the NikIDM source systems. The NikIDM also provides authentication, attribute management, and authorization capabilities for the Nikhef collaboration and the Institute when interacting with third- party service providers and educational and research federations.

The policy governing the identity management system (version 1.1) governs the management of the NikIdM.