...
| eduroam Managed SP Web Frontend | eduroam Managed SP RADIUS Servers | Local hotspot | |
| Dataset description: | Data required to manage deployment properties of eduroam Managed SP hotspots | Logs from the Managed SP RADIUS Servers | Logs from the hotspot's APs/controllers |
| Purpose of processing: | Allowing hotspot administrators to log into the system, add/edit/delete their Managed SP deployment, and to check usage logs of their hotspot | Troubleshooting issues and resolving security incidents. Recommendation by the eduroam Service Definition. | Troubleshooting issues and resolving security incidents. Requirement by the eduroam Service Definition is to keep the logs of public IP addresses assigned to users and its relation to users MAC address (no requirement imposed when using NAT). |
| Data source: | eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above) administrator input web server and application logs | Data is logged in the Managed SP RADIUS servers when a RADIUS authentication or response passes (user accesses eduroam at a hotspot connected to Managed SP) | Data is logged in the equipment when a RADIUS authentication or response passes (user accesses eduroam at that SPs location) |
| Data storage and access: |
| Data is stored in the Managed SP RADIUS servers, accessible to the eduroam operational team personnel and the registered hotspot operator | Data is stored in the equipment, accessible only to the hotspot operating personnel. |
| Data transfer: | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to end-users for credentialing, one variant to NRO personnel for general status updates) | No | No |
| Data retention: |
| ? | Depends on local the policy. |
| Personal data processed: | Yes | Yes | Yes |
Dataset content
| Data item | Component | Is personal data ? | |
|---|---|---|---|
| 1 | eduPersonTargetedId or equivalent user identifier Of NRO or SP administrator | eduroam Managed SP Web Frontend | Yes |
| 2 | First name and Last name Of NRO or SP administrator | eduroam Managed SP Web Frontend | Yes |
| 3 | Of NRO or SP administrator | eduroam Managed SP Web Frontend | Yes |
| 4 | Outer EAP-identity Users username@institution_domain, username can be anonymised but not all users do that | eduroam Managed SP RADIUS Servers | Yes |
| 5 | Calling-Station-Id Users MAC address | eduroam Managed SP RADIUS Servers | Yes |
| 6 | Chargeable-User-Identity Users anonymous ID | eduroam Managed SP RADIUS Servers | Yes |
Description of fields
The details of service related datasets (data collections) should be filled with a list of all kinds of data which is collected or processed by this service. The table should be filled by the Service Manager and afterwards reconciled with the GEANT Data Protection Officer in order to address GDPR requirements. One service often incorporates several datasets. <dataset_name> - name of dataset (collection of data processed in similar way). Dataset description: brief explanation of the kind of information or entities the dataset contains. Purpose of processing: what is purpose of data collecting and processing. Data source: what are source(s) of data - list of services, systems, applications, databases or similar source components, including user's input, from which data are being received. E.g. RIPE database, service ABC, organisation LDAP directory... Data storage and access: describe where the data are stored, backup-ed etc. and who has access to the data. Data transfer: list of other services, systems, applications, databases or similar destinations to which data are being sent. E.g. RIPE database, service ABC, GÉANT's database XYZ... Data retention: describe data retention policy ie. for how long data are stored before being deleted. E.g. 1 year, 2 years after contract ending, forever... Dataset content
|
...