Sympa Email List Server
3. Service Provider Information
Service Name: |
UC Davis Sympa Email List Server |
Entity ID: |
|
Shibboleth SP Version: |
2.4 |
Contact: |
sysadmin@ucdavis.edu |
Service Providers are trusted to ask for only the information necessary to make an appropriate access control decision, and to not misuse information provided to them by Identity Providers. Service Providers must describe the basis on which access to resources is managed and their practices with respect to attribute information they receive from other Participants.
3.1 What attribute information about an individual do you require in order to manage access to resources you make available to other Participants? Describe separately for each service ProviderID that you have registered.
Email address.
3.2 What use do you make of attribute information that you receive in addition to basic access control decisions? For example, do you aggregate session access records or records of specific information accessed based on attribute information, or make attribute information available to partner organizations, etc.?
Other than authentication, email list expansion, routing, and archival, no other use is made of the information.
3.3 What human and technical controls are in place on access to and use of attribute information that might refer to only one specific person (i.e., personally identifiable information)? For example, is this information encrypted?
This is a public list server, so we expect there is PII on the system as students/public/etc send PII to mailing lists occasionally. A large number of archives were migrated from Listproc, some of them going back to 1992, well before anyone cared about PII. None of the PII is under our control.