– in the context of the Identity Provider (IdP) defined by the MSCA
The Identity Provider performs authentication on behalf of a service known to the KKH, either by delivering metadata about the service via the SWAMID federation or by a specific agreement between the service and the KKH. Depending on the type of service, the purpose of the service, and the relationship of the service to the KKH IdP, one or more personal data is delivered to the service from the KKH identity management system. This procedure follows the intentions of the Swedish Personal Data Act.
All web services are given access to a unique identifier that allows the user to make settings at one login and access the same settings at the next login. This unique identifier is unique to this particular service and cannot be shared between different web services.
Services categorized in SWAMID metadata with entity categories receive attributes in accordance with SWAMID recommendations, see below.
Services whose primary purpose is to support research and education will have access to approximately the same personal data that is automatically sent with each email, i.e. name, email address, user identity, whether the user is a student or active (employed or otherwise operating) and that the user has an account at KKH. Registered services that via the GÉANT Data Protection Code of Conduct comply with the European Union Data Protection Directive, in Sweden the Personal Data Act, will have access to the same information.
The services whose purpose is to manage student admissions, course registration, exam registration, examination, clinical placement, scholarship application, self-service for user accounts and self-service for KKH’s HR system will have access to the user’s personal number.