Módosítások

== Federation principles About eduID ==# The Hungarian Research and Educational Federation (HREF) is a SAML2-based Identity Federation had been founded in order to facilitate the use of the services of its Members Hungarian higher education and research institutions, public collections and Partners by other content providers. For the end-users. Users should be able to access , the services (if they are allowed federation aims to use them) if they Home Institution identified and authorised them.# A Home Institution might authenticate only users having a (known) relationship with be transparent, therefore the given institutionlogin procedure is communicated as '''''eduID login'''''.# IdPs and SPs must not give false or misleading information about itself.== Contacts ==# An IdP should provide information as accurate as it The Federation is possible. However, Service Providers must take into account that some of the information received from an IdP might be modified operated by its users themselves[http://www. # The IdPs must ensure that the credentials (iniif.ehu NIIF Institute] as a Federation Operator. password) Questions, concerns or any kind of their users are protected. Credentials could requests about the Federation should be verified only in a safe procedure.# A SP must request only the minimal amount directed to any of the user’s attributes from the IdPfollowing addresses:* '''aai@niif.hu'''# A SP must not request the password of a user used at his or her IdP. * '''Kristof Bajnok''', ''NIIF Institute''# The SP processes personal data of the users according to the applicable privacy laws:18-22 Victor H.str# IdP and SP must cooperate when a possible misuse should be investigated.:H-1132 Budapest# IdPs and SPs IT systems must be operated with due diligence. :Hungary

News and information about the federation is published at http://eduid.hu (Hungarian only)== Rules Policy and principles of interoperation ===== Data protection rules Basic principles ===# The aim of the Federation is to allow the use of services of its Members and Partners must ensure that processing personal data satisfies , where authorisation is based on the requirements of the applicable laws. Therefore personal data of user information originating from the users may be processed only if either authorised by law or, if the user expressed his or her consent' Home Institutions. Users # Home Institutions must be able only authenticate users having a known affiliation to receive all the needed background information before their permission could be askedthem.# All Members IdPs and Partners SPs must have their own Data Protection (Privacy) Policy which must includenot give false or misleading information about themselves.#* description User information provided by IdPs should be as accurate as possible. SPs must take into account that parts of the collected personal data;#* purpose received information may be at the discretion of the data processing;user.#* period of time of keeping collected personal data;#* User credentials (i.e. passwords) stored by IdPs must be protected and verified only through secure procedures of expressing complaint about data processing.# All Partners and Members SPs must publish request only the user attributes which are absolutely necessary for their up to date Data Protection (Privacy) Policyoperation.=== Operational rules ===# Operational rules are described in separate documents: [[HREFIdPReqEN|IdP requirements]], [[HREFSPReqEN|SP requirements]]SPs must not ask users for their federation passwords.# The Federation Operator is authorised to verify conformance SPs must handle personal data according to the operational ruleslocal privacy laws.# Members IdPs and Partners SPs must insure that their metadata handling and modification procedures adhere to the [[HREFMetadataSpecEN|metadata specification]], thus:#* Members maintain their data cooperate in the Resource Registry in order keep the Federation's metadata files up to dateinvestigation of possible abuse/fraud.#* metadata IT systems running IdPs and SPs must be updated and verified according to the schedule included into the specification.# Both IdP and SP follows the [[HREFAttributeSpecEN|Attribute Specification]] when transferring attributes of a useroperated with due diligence.=== Data management rules protection ===# All Identity Providers * Prior joining the federation, every entity needs to publish the Data Protection Policy under which it operates. This policy must document their user registration procedures.# Only users having a defined affiliation with the institution might be authenticated by that institutionkept up-to-date.# Quality of data#* Whenever the Data storage procedures Protection Policy changes, the Federation Operator must support that an individual can be back-traced only for the time what it is necessary for the purpose of the data processingnotified.#* It is recommended to build the database Transfer of the IdP based on an authoritative database. Regular update of the personal data ensures its timeliness and accuracy. is only allowed when either** authorised by law, or#* If * the database of the IdP would not be based user expressed his or her consent on an authoritative database then procedures must take place to maintain the quality of datatransfer.# The Identity Provider should aim to make its services available to all of its affiliated users.# The Identity Provider implements the attributes what are ''required'' by the [[HREFAttributeSpecEN|Attribute Specification]].=== Rules of Membership membership === The HREF Federation is operated by the Federation Operator, that also operates the national research network. Further participants are ''Members '' and ''Partners '' that must have a signed contract with the Operator.# The following institutions may be '''Members ''' of the federation:

#* Any organisation might join as Partnersa '''Partner'''.#* All Members and Partners of the Federation might provide services.#* A Partner might participate in the meeting of the Members' Board as an observer, without having rights to vote.

#* supply user identity information to the federation