University IdP Terms and Conditions: Difference between revisions
(First cut) |
(Revised.) |
||
| Line 1: | Line 1: | ||
{{shib-project}} | {{shib-project}} | ||
: ''This is a draft of the 'Terms and Conditions' that will be displayed to each user the first time they use the Shibboleth service and at least annually thereafter. As well as generally keeping users informed, it provides a critical element in the services compliance with the Data Protection Act.'' | : ''This is a draft (as at 2007-06-27) of the 'Terms and Conditions' that will be displayed to each user the first time they use the Shibboleth service and at least annually thereafter. As well as generally keeping users informed, it provides a critical element in the services compliance with the Data Protection Act.'' | ||
---- | ---- | ||
'''The site that you wish to access requires that Raven | '''The site that you wish to access requires that Raven releases some information about you. Before accessing this site, or any others operating in the same way, you must read this document and confirm that you accept having your information processed and released in this way by selecting the 'Confirm' button below. The information released may be used by the site both to control access and to personalise your browsing experience.''' | ||
For | For sites that are operated by organisations other than the University (for example other Universities, commercial database providers, etc.), only 'anonymous' information from which the site can not establish your real-world identity will be released wherever possible. In many cases this will include only your status within the University ('member', 'staff', 'student', etc.) and an 'Anonymous Identifier' which is unique to you and the particular site you are visiting. | ||
For sites | For some sites it is necessary for Raven to release additional information from which you could be identified. This only happens when release of the data is required for access to the particular resource. Release of such information to sites outside the University is only allowed under a contract or other arrangements which provides what the University considers to be adequate levels of protection for the data concerned, but you should be aware that some of these sites could be in parts of the world with limited data protection legislation. | ||
Each time you access a new site that works this way you will be told what information will be released and asked to approve this release. You can always withhold you approval but this may prevent you from accessing the site. If you wish to do this but access to the site is necessary for your employment or studies you should seek advice, perhaps from your manager, supervisor, lecturer, tutor or director of studies. | |||
Even where only 'anonymous' information is released, Raven maintains logs from which your real-world identity can be established. This information may be used to investigate misuse of Raven or services accessed through it, or for fault finding. Your identity, when established in this way, will not be divulged to third parties except as required by law. | |||
Some sites may invite or require you to provide additional information about yourself, over and above that provided by Raven. Such requests, and the site's subsequent use of this information, are outside the University's control and you must use your own judgement about how to respond. The site should inform you at the time of collection of the purposes for which the data is required. | |||
This service is often used to grant you access to resources provided to the University by third parties. You must familiarise yourself with the terms and conditions under which such resources are available and abide by them. In extreme cases, misuse of resources controlled by Raven may result in the suspension of your Raven account. | This service is often used to grant you access to resources provided to the University by third parties. You must familiarise yourself with the terms and conditions under which such resources are available and abide by them. In extreme cases, misuse of resources controlled by Raven may result in the suspension of your Raven account. | ||
You will be asked to re-confirm your understanding of this document and the process that it describes annually and whenever this document changes. The current version of this document can be consulted at any time at <insert URL here>. | You will be asked to re-confirm your understanding of this document and the process that it describes annually and whenever this document changes. The current version of this document can be consulted at any time at <insert URL here>. | ||
General questions about this service should be emailed to help-desk@ucs.cam.ac.uk. The processing of personal data by this service is subject to the UK Data Protection Act 1998. The 'Data Controller' for the processing of such data is the University of Cambridge (contact the University Data Protection Officer, 10 Peas Hill, Cambridge CB2 3PN, tel. 01223 339888, fax 01223 331200, E-mail: data.protection@admin.cam.ac.uk). | |||
Revision as of 12:33, 27 June 2007
This was a working document belonging to the Computing Service's Shibboleth Development Project. This project is complete (Raven now supports Shibboleth) and this document only remains for historical and reference purposes. Be aware that it is not being maintained and may be misleading if read out of context.
- This is a draft (as at 2007-06-27) of the 'Terms and Conditions' that will be displayed to each user the first time they use the Shibboleth service and at least annually thereafter. As well as generally keeping users informed, it provides a critical element in the services compliance with the Data Protection Act.
The site that you wish to access requires that Raven releases some information about you. Before accessing this site, or any others operating in the same way, you must read this document and confirm that you accept having your information processed and released in this way by selecting the 'Confirm' button below. The information released may be used by the site both to control access and to personalise your browsing experience.
For sites that are operated by organisations other than the University (for example other Universities, commercial database providers, etc.), only 'anonymous' information from which the site can not establish your real-world identity will be released wherever possible. In many cases this will include only your status within the University ('member', 'staff', 'student', etc.) and an 'Anonymous Identifier' which is unique to you and the particular site you are visiting.
For some sites it is necessary for Raven to release additional information from which you could be identified. This only happens when release of the data is required for access to the particular resource. Release of such information to sites outside the University is only allowed under a contract or other arrangements which provides what the University considers to be adequate levels of protection for the data concerned, but you should be aware that some of these sites could be in parts of the world with limited data protection legislation.
Each time you access a new site that works this way you will be told what information will be released and asked to approve this release. You can always withhold you approval but this may prevent you from accessing the site. If you wish to do this but access to the site is necessary for your employment or studies you should seek advice, perhaps from your manager, supervisor, lecturer, tutor or director of studies.
Even where only 'anonymous' information is released, Raven maintains logs from which your real-world identity can be established. This information may be used to investigate misuse of Raven or services accessed through it, or for fault finding. Your identity, when established in this way, will not be divulged to third parties except as required by law.
Some sites may invite or require you to provide additional information about yourself, over and above that provided by Raven. Such requests, and the site's subsequent use of this information, are outside the University's control and you must use your own judgement about how to respond. The site should inform you at the time of collection of the purposes for which the data is required.
This service is often used to grant you access to resources provided to the University by third parties. You must familiarise yourself with the terms and conditions under which such resources are available and abide by them. In extreme cases, misuse of resources controlled by Raven may result in the suspension of your Raven account.
You will be asked to re-confirm your understanding of this document and the process that it describes annually and whenever this document changes. The current version of this document can be consulted at any time at <insert URL here>.
General questions about this service should be emailed to help-desk@ucs.cam.ac.uk. The processing of personal data by this service is subject to the UK Data Protection Act 1998. The 'Data Controller' for the processing of such data is the University of Cambridge (contact the University Data Protection Officer, 10 Peas Hill, Cambridge CB2 3PN, tel. 01223 339888, fax 01223 331200, E-mail: data.protection@admin.cam.ac.uk).
