Skip to content

Authorization Service Privacy Statement

Notes

  • The data in this privacy statement must be added to Service Now as a document of type "Record of Processing Operations" (RPO), and must be updated at every release.
  • The RPO document should also address these points of the GDPR Compliance: User stories document:
    • 1.1: “As a user, I want access to a text that explains what personal data is held about me, for which purpose and for how long” => this is the information provided by the RPO.
    • 1.3: “As a user, I would like to be informed about how CERN can get my personal information when I don’t provide it directly” => federated authentication.

Current "Record of Processing Operations" for SSO.

Data processed by the service

Basis = Legitimate interest of CERN

Data Purposes Source
User identifiers
Login and Unix User ID
  • SSO authentication
  • SSO applications
    Part of the user information sent to applications using SSO
  • Service troubleshooting and support
Identity provider
CERN LDAP service, federated institution, external authentication provider like Google, Facebook etc
Email
  • SSO authentication
  • SSO applications
  • Service troubleshooting and support
Identity provider
Full name
  • SSO authentication
  • SSO applications
  • Service troubleshooting and support
  • CERN users: CERN personnel database
  • External accounts: identity provider
Groups membership
  • SSO applications
  • Service troubleshooting and support
Authorization Service
IP Addresses
  • Service troubleshooting and support
  • Anonymous statistics collection
Service portals

Reasons:

  • The service must process all the necessary information to authenticate the user (username, email) and determine the user access rights (group membership).
  • The service must provide applications some data to display human readable user information (full name). This is so that the application can display "Authenticated as John Doe" rather than "Authenticated as md5hash@social.network".

Data stored by the service

For CERN users

Data Retention Period Purpose
CERN Person ID
Numeric identifier for a person in the CERN personnel database
Unlimited.
  • Correlation with CERN personnel database
  • Reassignment of previously owned resources to returning user
Full name
  • Full duration of the affiliation with CERN
  • Unlimited duration once the affiliation with CERN ends, deleted on demand
  • User identification
  • Providing access to computing resources
  • Tracking ownership of computing resources
Birth date
  • Full duration of the affiliation with CERN
  • Unlimited duration once the affiliation with CERN ends, deleted on demand
User identification
Can be useful e.g. for the Service Desk to distinguish two users with the same name
Organizational information
Department, group, section, supervisor, team leader, type and validity dates of contract or relationship with CERN, office location, acceptance of computing rules
Duration of affiliation with CERN
The data is no longer valid or relevant afterwards
  • User identification.
  • Comptuing resources policies
    E.g. automatic or on-demand creation of a CERN computing account, continued access to computing resources based on rules acceptance
SSO authentication and authorization data
User name, email, groups membership
  • Full duration of the affiliation with CERN
  • Unlimited duration once the affiliation with CERN ends, deleted on demand
  • User authentication
  • Access control to computing resources

For non-CERN users

Data Retention Period Purpose
SSO authentication and authorization data (User name, email, groups membership). Lifetime of the account
Deleted on demand
  • User authentication
  • Access control to computing resources

For all users

Data Retention Period Purpose
Single Sign-On logs
Who logs in to which application, username, IP address, destination site, authentication method)
30 days
  • Service troubleshooting and support
Service logs
Debug logs
30 days
  • Service troubleshooting and support
User actions auditing 30 days
  • Providing users with a log of the actions performed by them and others on the computing resources they own or are responsible for
  • Service troubleshooting and support

Reason:

  • The service will store a minimum amount of data so that a person (especially a CERN user) can be identified by the Service Desk if needed (full name, birth date, department and group information etc).
  • The service needs to store authentication and authorization data (username, mail, group memberships) to provide them to other applications.
  • User actions and logs must be stored for service troubleshooting and to display them to the user.

Data transfered to 3rd parties

Data: User Record attributes

Purpose: Provide validated authentication and user attributes to applications using SSO for authentication.

Who:

  • SNow
  • Alumni
  • EduGain members
  • SmartRecruiters
  • Kuantic

Reason:

  • The service must be able to authenticate users to external applications.