UniTrento - IDEM Privacy policy

Procedure for granting access to UniTrento users’ information to IDEM and eduGAIN.

The use of IDEM and eduGAIN services may require UniTrento to provide some personal data to the service. Here you are given a description of how this procedure is conducted.

UniTrento often needs to communicate some of its users’ information to IDEM and eduGAIN Federations: this may happen when users want to have access to the IDEM and eduGAIN services.

The tool enabling the communication of personal information is the Identity Provider of UniTrento (IdP). This tool implements the Single Sign On system, which permits users to access the IDEM and eduGAIN services by entering their UniTrento name and password.

The Identity Provider of UniTrento shows a page specifying what is the personal information required as soon as users log in. This way, users can decide whether or not to give consent to their information being shared. If consent is not given, information will not be shared and users will not be able to have access to the services.

Here you are given an example of which kind of information shall be sent:

Personal Information

  • commonName (Name and Surname)
  • surname (Surname)
  • givenName (Name)
  • title (e.g.: Full Professor, PhD, Research Associate, Administrative Staff, Researcher, Graduate ...)
  • schacHomeOrganization (unitn.it)
  • schacHomeOrganizationType (university)


  • email (E-mail address)

General role in the membership organisation

  • eduPersonAffiliation (es: student, staff, member, alumni, affiliate ...)
  • eduPersonScopedAffiliation (es: student @unitn.it, staff @unitn.it, member @unitn.it, alum @unitn.it, affiliate @unitn.it ...)


A special case: the "opaque identification codes"

  • eduPersonTargetedID
  • nameID

Opaque identification codes, when required, are always sent to the service, even without any request for explicit consent.

Such codes are composed in a way that hinders the service from autonomously tracing the user’s identity and other personal information.

If required by the service, the opaque identification code may be sent every time the user has access to the service.

By so doing, the service could guarantee customized and permanent, and saves users the bother of changing the settings every time they access.

Every service receives a different opaque identification code, so that it becomes less possible to trace the user’s operations between different services.

As regards the services supplied by one’s management, the IDEM Federation is committed to agreeing with the Service Provider (SP) on which kind of information is indispensable to the supply of the service.