User Consent

Users are asked for their consent before their attributes are passed on to a service. The request for permission to share attributes is made at least the first time a service is accessed. This consent is given individually for each service provider. The user can also decide whether she wants to give consent each time attributes are passed on individually or only if the passed attributes have changed. This is usually done in a window that lists the attributes to be passed on and buttons to agree or disagree to the attribute transfer.

The following technical identifiers and their respective values are not displayed in the user consent, since they are only machine-readable and do not contain any personal data:

technical identifier example values
swissEduPersonUniqueID 845938727494@ethz.ch,
288aac23dbf9e1460c86b1a5a04c6afb75f724ce@uzh.ch
eduPersonTargetedID https://aai-logon.switch.ch/idp/shibboleth!https://aai-viewer.switch.ch/shibboleth!a6c2c4d4-08b9-4ca7-8ff9-43d83e6e1d35
swissEduID 7b91bdaf-da5c-4851-ae02-26416dfda1c2

Consent delegation to services

SWITCH edu-ID offers services interfaces to update attributes and their values in the background (backchannel attribute request) or to obtain additional attributes (via SCIM API). Services can use these interfaces only under the following conditions:

  • A service has obtained the explicit consent of their users to access and update attributes.
  • The service complies with the contractual obligations of the SWITCH edu-ID service description.

If a user no longer wants her data to be updated by such a service, she must notify the service concerned directly.