SWITCHaai
1. Introduction
The SWITCHaai ArpViewer has been introduced at the beginning of October 2006. It serves the following purposes:
- It replaces the old data protection system by integrating it in the AAI environment
- For the user of SWITCHaai it implements a mechanism to inform him about the release of personal information (attributes) to a SWITCHaai Service Provider (SP) when he accesses the SP for the first time.
- For the administrator of a SWITCHaai Identity Provider (IdP)
- it provides a tool to implement data protection laws by requiring to obtain user consent before his/her personal information is released to a SP,
- it allows to collect information about the release of attributes and accesses to SP (if configured to do so).
2. Functional Description
From the user's point of view the ArpViewer is an application which presents him a webpage, on which
- he may have to accept or decline the Terms of Use of a Shibboleth Identity Provider upon first access to the AAI system
- he has to accept the release of his/her attributes upon first access to a given Service Provider
In addition, the user can reset his/her personal settings of the Digital ID Card on a separate webpage, such that he/she will be asked again, whenever attributes have to be released. If new attributes are required by a Service Provider, the user will be asked again to accept the release of his personal information regardless of his previous acceptance.
Last but not least, the user has the possibility to exclude himself completely from the Switch AAI system (also known as Federation). By default, every student is granted access to the Switch AAI federation. At the University of Fribourg, a user can turn this flag off, thus ensuring extreme data protection.
3. How it works
Upon the very first connection, a screen is displayed concerning the Terms of Use ot the SWITCHaai infrastructure. This screen will be displayed once only, even after a reset. The language depends on the browser Regional Settings.
Then, upon the first connection to an SP, the Digital ID Card is displayed:
If the user does not agree to send his personal information, the following message is displayed and the connection to the Service Provider is canceled.
4. What is personal information?
Personal information, also known as Attributes, is one or more of the following values:
| Value | Example | Description |
| UniqueID | ab12cd34@unifr.ch | Unique identifier of a person |
| Surname | Muster | Last name |
| Given name | Felix | First name |
| felix.muster@unifr.ch | firstname.lastname@unifr.ch | |
| Home organization | unifr.ch | unifr.ch |
| Home organization Type | university | university |
| Business postal address | Bd de Pérolles 90 CH-1700 Fribourg | only for staff personnel, blank for students |
| Business phone number | +41 26 300 1234 | only for staff personnel, blank for students |
| Study branch3 | 2200 | only for students: study branch as defined by the SIUS/SHIS (Swiss University Information System of the Swiss Federal Statistical Office). |
| Study level | 15 | only for students: study level as defined by the SIUS/SHIS. |
| Affiliation | student | Type of affiliation to the Home Organization (staff, student, alum, member, affiliate) |
| Staff category | 11 | Workbranch as defined by the SIUS/SHIS |
5. Resetting the authorizations
If the user decides to reset his authorizations, he can do it from the AAI Support home page. He will be informed that his authorizations are about to be reset.
