Idem Federation Services

BIGLIETTI

TICKETS

BILLETS



Focus

Museum

Firenze, Piazza dei Giudici 1
Tel. +39 055 265 311

Support Museo Galileo

Museum activities

Library

The collective database provides full access to the Museo Galileo’s collections and the databases produced in connection with the various research and study projects.

Search the collective database

or ...

Browse the indexes

: Category: Idem Federation Services

This information is being provided to the interested parties (hereafter referred to as Users and User), in accordance with articles 13 and 14 of the EU General Data Protection Regulation (GDPR) 679/2016, by the owner of the website, Museo Galileo – Istituto e Museo di Storia della Scienza (Piazza dei Giudici n. 1, Florence, Italy; e-mail This email address is being protected from spambots. You need JavaScript enabled to view it., tel. +39 055 265 311)

Definitions

Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Identity Provider: IT system that provides the federated authentication service for Users of a specific Organization;
Resources: third-party services or of the Owner to which the User of the federated authentication service intends to access;
Federation of Identities: A group of entities providing federated authentication services and Entities providing access to resources who decide to interoperate according to a set of common rules;
User: natural person who uses the service;
Interested: natural person whose personal data are being processed by the Owner and any third parties (coincides with the User)

Service Name	Identity Provider (IdP)
Service Description	The federated authentication service allows users of Museo Galileo - Institute and Museum of the History of Science to access federated resources using their institutional credentials. The Resources can be provided through the Italian Federation of Identities of Universities and Research Bodies (IDEM), or directly. The Federated Authentication Service is responsible for authenticating the user and issuing an authentication token and, if required, a minimum set of personal data to access the Resource.
Data Controller	Name: Museo Galileo - Istituto e Museo di Storia della Scienza Email: This email address is being protected from spambots. You need JavaScript enabled to view it. Address: Piazza dei Giudici 1 · 50122 Firenze · ITALY The Museo Galileo - Istituto e Museo di Storia della Scienza is the owner of the processing of personal data managed through the Service.
Data Processor (GDPR Section 4)	Museo Galileo - Istituto e Museo di Storia della Scienza
Supervisory authority	IT-IT Garante per la Protezione dei Dati Personali http://www.garanteprivacy.it/
Categories of personal data concerned	one or more unique identifiers; recognition credential; name and surname; email address; role in the organization; belonging to working groups; specific rights over resources; name of the organization concerned; IdP service log record: user identification, date and time of use, resource requested, attributes transmitted; Log record of the services necessary for the operation of the IdP service. The personal data collected is stored in Italy in accordance with the GDPR. Their treatment is aimed at providing the authentication service. The legal bases for data processing are the provision of the authentication service (fulfillment of contractual obligations) and the legitimate interest of the owner.
Purpose of the processing of personal data	Provide the federated authentication service in order to access the resources requested by the interested party. Check and monitor the proper functioning of the service and ensure its security (legitimate interest). Fulfill any legal obligations or requests from the judicial authority.
Third parties to whom the data are disclosed	In order to correctly provide the service, the Data Controller communicates to the suppliers of the Resources to which the User intends to access proof of authentication and only the personal data (attributes) required, in full compliance with the principle of minimization. Personal data are transmitted only when the interested party requests access to the third party's resource. For purposes related to the legitimate interest of the Owner or the fulfillment of legal obligations, some log data may be processed by third parties (e.g. CERT, CSIRT, Judicial Authority).
Exercise of the rights of the interested parties	Contact the data controller at the addresses indicated above to request access to personal data and the correction or cancellation of the same or the limitation of the processing concerning him or to oppose their treatment, or to exercise the right to portability of the data (articles from 15 to 22 of the GDPR).
Revocation of the consent of the interested party	The only data that is collected with the consent of the interested party are the preferences regarding the transmission of the attributes to third parties. The preferences are collected at the time of the first access to the Resource and can be eliminated, with the result of withdrawing the consent to their transmission, starting the login procedure again and checking the box "Clear prior granting of permission for release of your information to this service".
Data portability	The interested party can request the portability of their data relating to the federated authentication service, including preferences regarding the transmission of the attributes to third parties, which will be provided in an open format and pursuant to Art. 20 of the GDPR. The portability service is free of charge upon termination of the service.
Duration of Data Retention	All personal data collected in order to provide the federated authentication service are kept for as long as it is necessary to provide the service itself. After 3 months from deactivation, all personal data collected or generated by the use of the service are deleted.

Here you can find the Information Page of the Museo Galileo - Istituto e Museo di Storia della Scienza: Information Page

: Category: Idem Federation Services

The Museo Galileo - Istituto e Museo di Storia della Scienza participate to the national Federation IDEM (IDEntity Management federate do for the access to the resources), to realize the GARR federated AAI, and to interfederation eduGAIN (that interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community).

Resource list available as member of the IDEM GARR AAI that you can access with this Identity Provider.

The credentials (username and password) for the access will be provided to:

Employees
Researchers and other guests
Library users

ACCEPTABLE USE POLICY - AUP

Acceptable Use Policies - AUP

ACCOUNT ACTIVATION AND MANAGEMENT

To request the activation of an account, please send the motivated request to idem (AT) museogalileo.it

GUIDE TO ACCESSING FEDERATED RESOURCES

Access Guide for Federated IDEM and eduGAIN Resources (Italian only)

USERS SUPPORT

Technical Reference for Museo Galileo: idem (AT) museogalileo.it

SERVICE OPERATOR

Museo Galileo - Istituto e Museo di Storia della Scienza: info(AT)museogalileo.it

INFORMATION ABOUT THE ATTRIBUTE RELEASE TO FEDERATED RESOURCES

The Museo Galileo - Istituto e Museo di Storia della Scienza with this Identity Provider can send to the requested resource some informations (called attributes) about you.
These informations are:

Needed to access on the resource requested
Limited to only those informations strictly needed
Treated by following the law

The information set sent could change from resource to resource.
This Identity Provider will send, to each resource, only attributes needed to the access on them.
Before the access on the resource, you will view which attributes will be sent where you could decide if consent (or not) the release of such informations. If you denied the releasing of the needed attributes, you could not access to the resource requested.
The following table contains all attributes that your IdP can send to the resources, but only a subset of these attributes will be sent to the resources, the requested ones:

Attribute Name	Meaning
`sn`	Surname
`givenName`	Name
`cn`	Name Surname
`displayName`	Name Surname
`mail`	E-mail
`schacHomeOrganization`	The persons home organization using the domain of the organization.
`schacHomeOrganizationType`	Type of a Home Organization
`eduPersonScopedAffiliation`	Specifies your affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc
`eduPersonPrincipalName`	A scoped identifier for a person
`eduPersonEntitlement`	A simple example would be a URL for a contract with a licensed resource provider

The Privacy Policy applied to the users of the Museo Galileo - Istituto e Museo di Storia della Scienza is located here: Privacy Policy

: Category: Idem Federation Services

Related resources

Useful links

GARR / IDEM federated authentication

The Museo Galileo - Istituto e Museo di Storia della Scienza participates in the Federation IDEM (IDEntity Management for federated access), federated authentication and authorization infrastructure of the GARR network.

The service was created with the aim of facilitating the sharing of Web services between the academic and research institutions participating in the Federation, allowing users of the participating institutions to access shared applications using a single point of authentication.
Before accessing an IDEM federation resource, read the Information Note.

Complete list of resources.

For technical information or to request assistance, send an e-mail to idem(AT)museogalileo.it