As of: 18/12/2018
1. The Identity Provider (IdP) of Charité - Universitätsmedizin Berlin (Charité)
The IdP of Charité allows secure login to so-called service provider services (SP) available through the DFN-AAI (Authentication and Authorization Infrastructure). The DFN-AAI is managed by the DFN Association (Association for the Promotion of a German Research Network e.V.). The DFN Association provides a technical, organizational and legal framework for the exchange of user information. The DFN-AAI is part of international mergers (eduGAIN). The technology used is also known as "Shibboleth".
2. User circle
In order to use the Charité IdP, you need valid credentials (login name and password) of the Charité.
You will receive the registration data as part of setting up your e-mail address through the IT department (GB IT).
The service is only available to people whose personal records are made available to GB IT via an automated process.
3. Authentication and authorization process
As part of the login process, the IdP first performs an authentication of the users. This is done by entering user ID and password. Your credentials will always be verified on the Charité IdP. These credentials will not be transferred to an SP. Subsequently, the user data (so-called attributes) requested for use of the relevant SP are provided, and your consent to their transmission is obtained and, if necessary, transmitted. This can be, for example, the first and last name, the e-mail address or the group affiliation within the Charité (student, employee, ...). You can revoke the consent to the transmission at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
All communication is encrypted. Encryption uses certificates that have been awarded or checked by the DFN association. The technical delivery and operation of the IdP of the Charité will be carried out by the IT department of the Charité.
If the service is used, the following personal data may be processed and logged:
- contact details (including pseudonyms and identification data)
- further attributes on request of the SP.
Usage logs are stored. A deletion of this data occurs after elimination of the purpose, unless there is a reason to use the data for further purposes and to keep. The further processing may be e.g. from statutory provisions such as §1 2. Abs. BlnDSG.
The legal basis for the processing and use of this data is the consent pursuant to article 6 (1) (a) and 7 of Regulation (EU) 2016/679 of 27/04/2016 - General Data Protection Regulation (DSGVO).
To the extent permitted by law, the use of the service is at your own risk. GB IT shall not be liable for any costs or damages, whether they are direct or indirect, incidental or consequential, through appropriate or improper use, or otherwise in connection with cross-organizational authentication and authorization and access to certain resources of other organizations. The Charité and the DFN Association assume no responsibility or guarantee with respect to the services available under the DFN-AAI or their use. This disclaimer applies equally to all parties involved in cross-organizational authentication and authorization services, including the DFN-AAI Federation and its affiliates, directors, employees and agents.
6. Final provisions
The Charité reserves the right to change or amend these terms without prior notice. In this case, this page will be displayed again to alert you to the changes.