University IdP Terms and Conditions: Difference between revisions

From RavenWiki
Jump to navigationJump to search
(Further tweaks - perhaps complete?)
(Document moved to it's new, official home)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{shib-project}}
See http://www.cam.ac.uk/cs/raven/shib-terms.html
 
: ''This is a draft (as at 2007-07-20) of the 'Terms and Conditions' that will be displayed to each user the first time they use the Shibboleth service and at least annually thereafter. As well as generally keeping users informed, it provides a critical element in the service's compliance with the Data Protection Act.''
 
----
 
The web site that you wish to access uses the Raven-Shibboleth service to identify you and to find out some information about you. Before accessing this site, or any others operating in the same way, you must read this document and confirm that you accept that your information will be processed and released in this way. The information released may be used by the site for various purposes - you should consult its privacy policy for further details.
 
Each time you access a site that works in this way for the first time you will be told what information will be released and asked to approve this release. You can always withhold you approval but this may prevent you from accessing the site. If you wish to withhold you approval but access to the site is necessary for your employment or studies you should seek advice, perhaps from your manager, supervisor, lecturer, tutor or director of studies.
 
For web sites operated by organisations other than the University (for example other Universities, commercial database providers, etc.) the Raven-Shibboleth service will by default release your identity (in the form of an 'eduPerson Principle Name'), your status within the University ('member', 'staff', 'student', etc.) and an 'Anonymous Identifier' which is unique to you and the particular site you are visiting. In some cases Raven may release additional information, but only when doing so is required by the site before it will grant you access.
 
For sites that are operated by the University, additional information derived from lookup may be released if those sites could obtain the same information directly from lookup, but only subject to your choice of suppression.
 
You should be aware that any site, operated by the University or otherwise, may be located outside the European Economic Area where laws protecting personal data may be weak or non-existent.
 
Whatever information is released, Raven maintains logs from which your real-world identity can be established. This information may be used to investigate misuse of Raven or services accessed through it, or for fault finding. Your identity, when established in this way, will not be divulged to third parties except as required by law.
 
Some sites may themselves invite or require you to provide additional information about yourself, over and above that provided by Raven. Such requests, and the site's subsequent use of this information, are outside the University's control and you must use your own judgement about how to respond. The site should inform you at the time of collection of the purposes for which the data is required.
 
This service may be used to grant you access to resources provided to the University by third parties. You must familiarise yourself with the terms and conditions under which such resources are available and abide by them. In extreme cases, misuse of resources controlled by Raven may result in the suspension of your Raven account.
 
You will be asked to confirm your understanding of this document and the process that it describes annually and whenever this document changes. The current version of this document can be consulted at any time at http://www.cam.ac.uk/cs/raven/shib-terms.html
 
General questions about this service should be emailed to help-desk@ucs.cam.ac.uk. The processing of personal data by this service is subject to the UK Data Protection Act 1998. The 'Data Controller' for the processing of such data is the University of Cambridge (contact The University Data Protection Officer, The Old Schools, Trinity Lane, Cambridge CB2 1TN; Email: data.protection@admin.cam.ac.uk).

Latest revision as of 09:46, 13 September 2007