Sunet Identity Provider Service Definition and Privacy Policy

General description of Sunet Identity Provider

The service includes authentication of employees and other staff at Sunet, as well as attribute transfer regarding the authenticated user. Sunet is a member of SWAMID, the Swedish identity federation for research and higher education. The identity publisher is set up in accordance with policy and other rules and guidelines established by SWAMID.

Policy for personal integrity

The Identity Provider performs authentication at the request of a service which Sunet recognises, either via metadata provided by the SWAMID identity federation or because the service and Sunet has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the The Swedish Research Council's identity provider, one or more pieces of personal data are transferred from The Swedish Research Council's catalogue and authorization system to the requesting service. This procedure follows the intent of the Swedish personal data protection legislation.

Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations, see below.

Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, which being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at Sunet. Registered services that via REFEDS Data Protection Code of Conduct, and the older GÉANT Data Protection Code of Conduct, adhere to the European Union’s General Data Protection Regulation (GDPR) get access to the same information.

Certain services that have specific needs to identify a logged-in person via the Swedish personal identity number (personnummer) have access to the user’s personal identity number.”

The service adheres to the Swedish Research Council policy for the handling of personal data, https://www.vr.se/english/about-the-website/information-on-processing-of-personal-data.html.

The service and limitations of service

Sunet guarantees an availability of the service that is in line with Sunet's requirements and expectations. Sunet's identity issuer transmits a defined set of attributes according to the privacy policy above.

Service desk

For questions and error reports regarding Sunet and its SAML2 WebSSO service, please refer to the e-mail address noc@sunet.se.