SWAMID Service Definition
General description of SAML2 WebSSO
The service includes authentication of users who have an electronic identity at Blekinge Institute of Technology (BTH), and attribute transfer regarding the authenticated user. The service provider/university is a member of SWAMID, the Swedish identity federation for research and higher education. The service is set up in accordance with SWAMID's policy and other rules and guidelines established by SWAMID.
The service and its limitations
BTH guarantees accessibility to the service in accordance with BTH's requirements and expectations. BTH follows SWAMID's recommendations for the disclosure of attributes, based on entity categories. BTH reserves the right, in communication with a service provider, to change the attributes actually issued, regardless of what is recommended by SWAMID regarding the entity category in which the service provider has been placed.
Handling of personal data
The Identity Provider (IdP) performs authentication on behalf of a service that BTH is aware of, either by delivering metadata about the service via the SWAMID federation or by the service and BTH having a special agreement. Depending on the type of service, the purpose of the service and the relationship of the service to BTH's IdP, one or more personal data is delivered to the service from Blekinge Institute of Technology's catalog and authorization system. BTH ensures that this procedure complies with the General Data Protection Regulation (GDPR) and supplementary Swedish legislation.
All web services get access to a unique identifier that makes it possible for the user to make settings at a login and access the same settings at the next login. This unique identifier is unique to this particular service and cannot be shared between different web services.
Services categorized in SWAMID metadata with entity categories receive attributes in accordance with SWAMID recommendations.
What personal data is processed
Services whose primary purpose is to support research and education get access to name, e-mail address, user identity, and whether the user is a student or active (employee or otherwise active) and that the user has an account with BTH.
Services that comply with the GÉANT Data Protection Code of Conduct and the rules of the General Data Protection Regulation will have access to the same information.
The services whose purpose is to manage admissions, course registration, exam registration, examination, clinical placement, scholarship application, self-service for user accounts and self-service for BTH's personnel system also have access to the user's personal identity number. In cases where personal identity numbers are handled, this is done to ensure secure identification.
Legal basis
The legal basis for the processing of personal data is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the university for the purpose of supporting research and education.
Rights of data subjects
For questions about the rights that follow from the Data Protection Regulation such as register extracts, correction and deletion of your personal data, contact Blekinge Institute of Technology.
Correction of personal data transferred in connection with login is done in the identity issuer that you use to log in. This information is corrected in the service at the first login after the personal data is corrected in the identity issuer.
Controller of personal data
The data controller for the processing of personal data is Blekinge Institute of Technology.
For more information about the university's personal data processing, see: www.bth.se/personuppgifter.
Service and support questions
Regarding SAML2 WebSSO service:
ithelpdesk@bth.se
Phone: +46 455-38 51 00 (IT helpdesk)
Regarding how personal data is handled within the service:
dataskyddsombud@bth.se
Telephone: +46 455-38 50 00 (Reception)