...
Data item | Is personal data (DPO fills in) | Comment | |
---|---|---|---|
1 | instid - provided by the NRO | No | |
2 | ROid - Unique identifier provided by the database operator during the RO | No | |
3 | locationid - provided by the NRO | No | |
4 | coordinates - longitude, latitude, altitude | No | |
5 | stage - 0=preproduction/test, 1=active | No | |
6 | type - 0=single spot; 1=area; 2=mobile | No | |
7 | loc_name - location’s name | No | |
8 | address_street - location’s address | No | |
9 | address_city - location’s address: city | No | |
10 | location_type - IEEE 802.11-2012, clause 8.4.1.34 Venue Info | No | |
11 | contact_name - on site contact: name | Yes | If contact is person |
12 | contact_email - on site contact: e-mail | Yes | If contact is person |
13 | contact_phone - on site contact: phone no. | Yes | If contact is person |
14 | contact_type - 0=person, 1=service/department | No | |
15 | contact_privacy - 0=private, 1=public | No | |
16 | SSID - SSID used | No | |
17 | enc_level - supported encryption levels | No | |
18 | AP_no - number of APs | No | |
19 | wired_no - number of enabled sockets for wired access | No | |
20 | tag - specific characteristic(s): port_restrict, transp_proxy, IPv6, NAT, HS2.0 | No | |
21 | availability - 0=default, 1=physical access restrictions | No | |
22 | operation_hours - If service is not available 24 hours per day | No | |
23 | info_URL - info page with additional info in case of any restrictions | No | |
24 | ts - date: last changed | No |
eduroam CAT (as of version 1.1)
Dataset description: | Configuration Assistant Tool operator database (NRO administrator and institution-level administrator) |
Purpose of processing: | allowing administrators to upload and maintain the information needed to create eduroam installation programs ("installers") within their country / institution |
Data source: | eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above), administrator input, produces web server and application logs (cat-ams.eduroam.org) |
Data storage and access: |
|
Data transfer:None | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to NRO personnel for general status updates) |
Data retention: |
|
Personal data processed: | authentication and authorisation data of NRO and institution administratorsYes |
Dataset content
Data item | Is personal data (DPO fills in) | |
---|---|---|
1 | administrator authentication - supplied from eduroam SP proxy
| |
2 | administrator authorisation
| |
3 | general institution information - supplied by institution administrator input
| |
4 | eduroam media deployment information - supplied by institution administrator input
| |
5 | support contacts of institution - supplied by institution administrator input
| |
6 | RADIUS/EAP details - supplied by institution administrator input
|
...
Dataset description: | eduroam Managed IdP is a derivative of eduroam CAT (see above), which additionally produces per-user personalised installation programs and maintains a database of these end users. It also authenticates the end users based on the installed programs | ||
Purpose of processing: | allowing administrators to upload and maintain the information needed to manage their end user base to the end of creating eduroam installation programs ("installers") within their country / institution, and to authenticate their users in eduroam | ||
Data source: | eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above), administrator input, produces web server and application logs (cat-pilot.eduroam.org / auth-test.hosted.eduroam.org / auth-test-2.hosted.eduroam.org / ocsp-test.hosted.eduroam.org) | ||
Data storage and access: |
| ||
Data transfer: | None | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to end-users for credentialing, one variant to NRO personnel for general status updates) | |
Data retention: |
| Data retention: |
|
Personal data processed: | authentication and authorisation data of NRO and institution administrators, pseudonyms of individuals (institutions' end users), authentication logs of end users including indication of location, frequency and timestamps of use |
Dataset content
Yes |
Dataset content
Data item | Is personal data (DPO fills in) | ||||
---|---|---|---|---|---|
1- | Data item | Is personal data (DPO fills in) | 1-5 | Dataset content items 1 to 5 are IDENTICAL to those of eduroam CAT (see above) | |
6TBD | Deployment details of Managed IdP for NRO (from NRO admin input)
| ||||
7 | Deployment details of Managed IdP for institution
| ||||
8 | eduroam credentials (X.509 certificates)
| ||||
9 | end-user invitation tokens (URLs with unique, random long identifier)
| ||||
10 | RADIUS authentication logs The RADIUS server is an eduroam IdP in the sense of the dataset "eduroam RADIUS server logs → IdP" above, and the same data set considerations apply. | ||||
11 | certificate status server logs
|
Description of fields
The details of service related datasets (data collections) should be filled with a list of all kinds of data which is collected or processed by this service. The table should be filled by the Service Manager and afterwards reconciled with the GEANT Data Protection Officer in order to address GDPR requirements. One service often incorporates several datasets. <dataset_name> - name of dataset (collection of data processed in similar way). Dataset description: brief explanation of the kind of information or entities the dataset contains. Purpose of processing: what is purpose of data collecting and processing. Data source: what are source(s) of data - list of services, systems, applications, databases or similar source components, including user's input, from which data are being received. E.g. RIPE database, service ABC, organisation LDAP directory... Data storage and access: describe where the data are stored, backup-ed etc. and who has access to the data. Data transfer: list of other services, systems, applications, databases or similar destinations to which data are being sent. E.g. RIPE database, service ABC, GÉANT's database XYZ... Data retention: describe data retention policy ie. for how long data are stored before being deleted. E.g. 1 year, 2 years after contract ending, forever... Dataset content
|
...