University of California, Riverside

InCommon Federation: Participant Operational Practices

Resource Provider Information

Resource Providers are trusted to ask for only the information necessary to make an appropriate access control decision, and to not misuse information provided to them by Credential Providers. Resource Providers must describe the basis on which access to resources is managed and their practices with respect to attribute information they receive from other Participants.

3.1 – What attribute information about an individual do you require in order to manage access to resources you might make available to other Participants? Describe separately for each resource the ProviderID that you have registered.

No applications are currently offered, no ProviderIDs

3.2 – What use do you make of attribute information that you receive in addition to basic access control decisions? For example, do you aggregate session access records or records of specific information accessed based on attribute information, or make attribute information available to partner organizations, etc.?

No applications are currently offered

3.3 – What human and technical controls are in place on access to and use of attribute information that might refer to only one specific person, i.e. personally identifiable information? For example, is this information encrypted?

Access control lists are in place for our directory service that only allow specific accounts to read information. These accounts are established by our Identity Management person with approval from the C&C AVC

3.4 – Describe the human and technical controls that are in place on the management of super-user and other privileged accounts that might have the authority to grant access to personally identifiable information?

Privileged accounts are limited, additional access must be approved by the Manager of Computing Infrastructure and Security

3.5 – If personally identifiable information is compromised, what actions do you take to notify potentially affected individuals?

Notification as per California law SB1386

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-4741
Fax: (951) 827-4541