Association of users of Ukrainian Research and Academic Network URAN (hereinafter referred to as URAN Association) can not accept any liability for any loss or damage resulting from the use of the material contained herein. The information is believed to be correct but no liability can be accepted for any inaccuracies.
PEANO Federation for Certifying Electronic Accounts (Identity Federation) for Science and Education (hereinafter referred to as PEANO Federation) is a consortium of organizations (legal entities) founded by URAN Association without the formation of a separate legal entity. The main goal of PEANO Federation is facilitation of access to distributed electronic resources for the members of the Federation.
The Federation consists of the following three (3) categories of entities:
Through PEANO Authentication and Authorisation Infrastructure (PEANO Infrastructure), users of the Federation can receive services in a secure and confidential manner, by using only their institutional account. For access to the Service Providers, the end user does not need to remember additional or specific user names or passwords anymore. As long as he/she is a user of an affiliated organization - Identity Provider, he/she may apply via the federative connection and use services on the basis of his/her status within the home organization.
The PEANO Federation is participating in eduGAIN (Education and Global Authentication Infrastructure), the GÉANT inter-federation service that interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community. As eduGAIN participant, the PEANO Federation hereby declares that it will comply with the eduGAIN Policy Framework (see eduGAIN Policy Declaration, .pdf, 911 k).
Identity Providers and Service Providers are able to join or leave the Federation by applying to the Coordinator. Participation to the Federation requires the agreement with this Policy and compliance with the terms and conditions presented herein that arise from it.
In the Federation only URAN Association and its members can participate as Identity Providers. Each institution may take part with a single Identity Provider in the PEANO Infrastructure.
Any organization can participate in the Federation as a Service Provider of one or more services provided that these services promote the academic, research or educational work.
URAN Association and its members can act both as Identity and Service Providers at the same time.
In the case the Service Provider does not also participate as an Identity Provider, it is necessary for at least one Identity Provider to express to the Coordinator an interest in accessing the particular service.
The minimal technical requirements for being able to be affiliated to the PEANO Infrastructure are described in the Technical Rules of the PEANO Federation issued by the Federation Coordinator. The Coordinator reserves the right to alter the Technical Rules at any time. The alterations are published on the website of the Federation and come into effect two months after their notification via e-mail by the Coordinator.
The Coordinator provides and maintains the PEANO Infrastructure which enables authentication and authorization of users and interaction between Identity Providers and Service Providers.
As provider of the federative service, the Coordinator commits to:
The Identity Provider executes the authentication of users of its institution. The Identity Provider is not only responsible for establishing a person’s identity, but also for the content of user’s personal data contained in his attributes.
The Identity Provider commits to:
The Service Provider provides services to users of the affiliated organizations. Authorization of the access to those services is performed by the Service Provider on the basis of authentication executed by the Identity Provider. Due to the federative service, it is not necessary that the service providers still store or manage the identity data, which have been forwarded by the Identity Providers.
The Service Provider commits to:
End-user support is implemented by the Identity Provider’s service desk and not by the Service Providers or the Coordinator. For this purpose, Identity Providers must inform the Coordinator of the user support contact point (e-mail address and/or telephone number). This contact point may be announced on the website of the Federation as well as be published in any other way.
Both Identity Providers and Service Providers must keep the Coordinator informed about the technical/administrative contact points. These data are communicated to the Federation members but may not be posted on the website of the Federation.
In the case that a problem resides with a Service Provider, the Identity Providers’ administrators may contact the Service Provider directly, without the mediation or assistance of the Coordinator.
Members of the Federation are obliged to protect the personal data of the end users and commit themselves to execute the processing of the personal data needed for the functioning of the Federation, in compliance with the Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28.01.1981, Additional Protocol to the Convention 108 regarding supervisory authorities and transborder data flows, Strasbourg, 08.11.2001, Law of Ukraine On protection of personal data (Çàêîí Óêðà¿íè Ïðî çàõèñò ïåðñîíàëüíèõ äàíèõ) of June 1th 2010 No 2297-VI and other current legislation.
The Identity Providers must ensure the legitimate and safe personal data transmission to the Service Providers while the Service Providers, in turn, must use and store the minimal personal data that is required for the proper functioning of their services in accordance with the currently existing legal framework.
The Coordinator assumes no responsibility for the compliance of these obligations because the Coordinator does not distribute or retain users data through the PEANO Infrastructure: the transmission of data is carried out directly from the Identity Providers to the Service Providers.
In the case that the Identity or Service Provider is violating requirements of this Policy and if it is deemed that such a violation may result in a security breach and possibly in a personal data leakage, the Coordinator may temporarily suspend the provider’s access to the Federation.
In case of abuse, the affected party may request compensation by the Identity or Service Provider, which is responsible for the loss of personal data or any other possible damage. Courts of Ukraine are responsible for resolving disputes. The affected parties may notify the Coordinator about the dispute; however, his actions in relation to their participation in the PEANO Infrastructure remain at his discretion.
None of the parties will be responsible for the failure to commit to this Policy, if such failure is caused by Force Majeure. A Force Majeure is an event beyond the reasonable control of a party which makes that party’s performance impossible or so impractical as reasonably to be considered impossible and includes, but is not limited to war, riot, civil disorder, earthquake, fire, explosion, flood or other adverse weather conditions, strikes, or confiscation or any other action by governments.
The Ukrainian law applies to disputes with regard to the compliance with the provisions of this Policy.
This work is based on the
Special gratitude to Peter Schober, ACOnet (Austrian Academic Computer Network) for consultations and discussions in the preparation of this document