NSHE Identity Fabric Privacy Statement
System Computing Services (SCS) provides an identity federation service for several NSHE institutions. This service is used to facilitate access to research computing and scholarly/library services (“federated service providers”) via the InCommon Federation. When accessing federated services, faculty, staff, and students (“end-users”) use their home institution’s single sign-on service (“federated identity provider”) to authenticate, rather than managing a separate user account and credentials.
End-user privacy and federation: identity providers
While SCS coordinates with NSHE institutions to ensure that they meet the InCommon Federation’s baseline expectations for trust in federation, each NSHE institution manages its own authentication systems. The technical protocols used by NSHE’s federated identity providers prevent an end-user’s passphrase/password and multifactor authenticators from being divulged to federated service providers.
End-user privacy and federation: service providers
When an end-user accesses a federated service provider, their home institution’s federated identity provider may transmit basic information (“attributes”) associated with the end-user to the federated service provider. More information about these attributes may be found below. Federated service providers typically request and/or use a subset of the default attributes in order for their service to function properly. Some federated service providers may also prompt the end-user to supply additional information when accessing their service.
When an end-user accesses a federated service provider, the federated identity provider may share standard default attributes such as those defined in the REFEDS Research and Scholarship Entity Category attribute bundle. Exact attribute names and their formatting are subject to change as standards evolve to fit the needs of NSHE and the broader federated research and education community.
End-users may choose to share additional information with a federated service provider, for example when customizing preferences and settings within the particular service.
The following data elements are included in the default attributes:
|Data Element||Example Value|
|Given Name (First Name)||Abraham|
|Surname (Last Name)||Froman|
|Identity provider scope||example.edu|
|Institutional email firstname.lastname@example.org|
Who do I contact with questions about privacy and data protection?
Inquiries about an institution’s privacy and data protection practices should be directed to the institution’s privacy and/or security officials. This can typically be done by opening a support ticket with the institution’s information technology team.
Inquiries about how a federated service provider uses and protects end-user information should be directed to that federated service provider. SCS does not control how federated service providers use information that is shared either via the federated identity provider or directly by the end-user.