Swamid–Service definition

SWAMID – Service definition

General description of SAML2 WebSSO

This service provides authentication of users which have an electronic idenitity at Blekinge Institute of Technology (BTH), together with release of attributes pertaining to the authenticated user. The provider of this service/the University is a member of SWAMID, the Swedish identity federation for Research and higher education. This service has been deployed in accordance with SWAMID’s policy and encompassing rules and guidelines which have been laid down by SWAMID.

The service and limitations of service

BTH undertakes to guarantee the availability of this service in accordance with BTH’s requirements and expectations. BTH follows SWAMID’s recommendations for release of attributes based upon entity categories. BTH reserves the right to change the actually released attributes, having communicated such with a service provider, regardless of the recommendations from SWAMID concerning the entity category the service provider has been placed in.

Personal integrity policy

The Identity Provider (IdP) performs authentication at the request of a service which BTH recognizes, either via metadata provided by the SWAMID federation or because the service and BTH has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to BTH’s IdP, one or more pieces of personal data are transferred from BTH’s catalogue and authorization system to the requesting service. This procedure follows the General Data Protection Regulation (GDPR) and accompanying Swedish legislation.

All web services have access to a unique identifier which makes it possible for the user to save preferences after logging in such that the user has access to the same preferences during a subsequent login. This unique identifier is unique to that specific service and cannot be shared or traced between different web services.

Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations.

Types of personal information being processed

Services whose primary purpose is for the benefit of research and education have access to name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at BTH.

Registered services that adhere to the GÉANT Data Protection Code of Conduct and the General Data Protection Regulation get access to the same information.

Services whose purpose is for students to process admissions, course registrations, examination sign-up, degree applications, internships, grant applications, self-service account administration and for employee’s self-service for Blekinge Institute of Technology’s HR-system have access to the user’s Swedish personal identity number or Swedish higher education interim personal identity number for foreigners. In cases where personal identity numbers are processed, this is done to ensure a secure identification.

Legal basis

The legal basis for the processing of personal data follows from the fact that they are necessary for the performance of a task carried out in the public interest or in the exercise of official authority by the university with the aim of supporting research and education.

Rights of the registered

For questions about the rights arising from the General Data Protection Regulation such as register extracts, rectification and deletion of your personal data, please contact Blekinge Institute of Technology.

Correction of personal data transferred in connection with login is made in the identity issuer that you use to log in. This information is corrected in the service at the first login after the personal data is corrected in the identity provider.

Data controller

The data controller for the processing of personal data is Blekinge Institute of Technology.

For more information on the processing of personal data se:

https://www.bth.se/eng/about-bth/personal-data/

Service and support

Questions and faults regarding the SAML2 WebSSO service should be directed to the following local support channels:

Email: ithelpdesk@bth.se

Phone: +46 455-38 51 00

Questions and requests about how personal data is handled within the service, contact the Data Protection Officer.

Email: dataskyddsombud@bth.se

Phone: +46 455 38 50 00