1. About Feide and Uninett
Uninett is an independent, non-profit entity owned by Unit — the Norwegian Directorate for ICT and Joint Services in Higher Education and Research.
Uninett provides the infrastructure of the knowledge sector and is an active partner in the effort to digitize education and research. Uninett develops and provides the digital foundation that makes world-class research and education possible in Norway.
Feide is a national solution for secure log-in and data sharing in education. With Feide, users get secure and correct access to a number of digital services with only one user name and password.
Feide makes it possible to share data securely and easily, while also protecting privacy. The service offers improved oversight and control of the dataflow, and it facilitates for data-driven innovation.
For more information about the service, go to www.feide.no.
Before any provider can integrate with Feide, an authorized representative of the provider must accept these terms.
2. Who can use Feide?
All providers of education-related services, or services that offer added value for individuals or institutions affiliated with the education sector, can use Feide.
The provider’s use of Feide must at all times comply with Norwegian law.
Feide was designed to serve as critical infrastructure in the education sector. All components have redundancy and can normally be updated with no downtime. The various components have different availability, depending on the component’s criticality and use. Please go to www.feide.no for more information about the various components.
The service is monitored 24/7 by Uninett’s operations centre.
Technical documentation for integration of a service with Feide can be found here: docs.feide.no.
4.2. Registration of Feide services
The provider must register its services in the Customer Portal. The provider must register all of the information marked as required in the Customer Portal.
4.3. Using ID-porten for authentication
Log-in using ID-porten is not available until the service provider specifically requests to make this option available for its services by contacting firstname.lastname@example.org.
Log-in using ID-porten is only permitted for services that satisfy ID-porten’s requirements.
4.4. Integration with eduGain
Integration with eduGain may make the service more accessible for international students. If the provider wants to integrate with eduGain, the service and the provider must satisfy eduGain’s requirements.
Service providers choosing to allow international log-ins via eduGAIN, must also comply with the terms of the GÉANT Data Protection Code of Conduct.
4.5. Information material
In the interest of user-friendliness and universal design for the users of Feide, it is important to make sure the visual presentation and user interface generates trust. Uninett prepares and maintains user-oriented information about Feide and graphic elements providers should use when connecting to Feide. Updated information material is available at www.feide.no.
5.1. Continuous maintenance
Minor changes that are not expected to cause service interruption or downtime are performed continuously with no prior notice.
5.2. Scheduled maintenance — maintenance window
A maintenance window is a pre-defined slot of time where the service may be unavailable, and this window is used for hardware maintenance, upgrades, service, etc.
Feide’s maintenance window is the night before Tuesday.
Uninett will, if at all possible, not use the maintenance window during critical periods for providers and host organizations.
5.3. Notice of scheduled maintenance
Uninett will give notice of scheduled maintenance at minimum 5 business days in advance. Notice will be given by e-mail to the provider’s contact persons, as registered in the Customer Portal and on www.feide.no.
6. Contact information
6.1. End user support
The provider is responsible for providing first-line support for users of its own service in connection with log-in problems and other problems related to the service. The provider must ensure that all first-line support personnel has received appropriate training in using Feide.
6.2. Uninett support
The provider’s administrators and developers may contact Uninett at email@example.com / +47 73 55 79 00 for assistance in connection with the registration of services, as well as with APIs and integration with Feide. Opening hours are 08.00–16.00.
Errors and problems with Feide can be reported outside of regular opening hours, at tel. +47 91 12 70 87.
6.3. The provider's contacts
The provider must keep a list of contacts within its own organization up to date in the Customer Portal. The provider may register several contacts in the Customer Portal.
The contact information for the technical manager is especially important, as Uninett will contact this person for technical matters, security issues and errors associated with the provider’s integration with the shared solutions.
The provider must, as soon as is practically possible, inform Uninett about events involving Feide, or the provider’s own services when the events may affect Feide. Uninett’s point of contact in these situations is listed on www.feide.no.
For the provider to receive notifications of critical and serious events, the provider must register desired recipients of these notifications under technical manager in the Customer Portal.
7. Processing of personal data
7.1. The provider's obligations in connection with the processing of personal data
Service providers providing services to host organizations (university colleges/universities, school owners) must comply with certain obligations, as defined by relevant privacy legislation.
When the service provider provides services to host organizations via Feide, these obligations apply when
- host organizations are customers of the service provider
- the services process information about students/pupils, teachers, researchers and other employees
The service provider must establish a separate agreement with the host organization regulating such obligations under relevant privacy laws, including the obligation of:
- assessing whether the service’s information safety is satisfactory;
- complying with the host organization’s instructions for processing data on its end users; and
- making sure that the provider’s organization complies with the host organization’s instructions
Data processors must comply with written and documented instructions for managing personal data in the Service, as laid down by the data controller and defined in the data processing agreement.
For more information about the service provider’s obligations in connection with the processing of personal data, please go to https://www.feide.no/personvern-og-samtykke.
Any and all information revealed to the parties in connection with this agreement and its execution shall be kept confidential and not be made available to third parties without consent from the other party.
Uninett’s duty of confidentiality under this paragraph is in line with what follows from the Act of 10 February 1967 Relating to Procedure in Cases Concerning the Public Administration (Public Administration Act) or other equivalent sector-specific legislation.
The duty of confidentiality under this paragraph does not preclude disclosure of information if such disclosure is required by law or regulation, including publication and access to information under the Act of 19 May 2006 Relating to the Right of Access to Documents Held by Public Authorities and Public Undertakings (Freedom of Information Act). If at all possible, the other party shall be notified before any such disclosure is made.
The duty of confidentiality does not impede making use of the information when no legitimate interest indicates that the information should be kept secret, e.g. when the information is publicly known or readily available from other sources.
The parties shall take any and all necessary precautions to prevent third parties from gaining access to or becoming privy to confidential information.
The duty of confidentiality extends to the parties’ employees and subcontractors, as well as any third parties acting on behalf of the parties in connection with performance of the contract. The parties may only make confidential information available to such subcontractors and third parties insofar as this is necessary for the performance of the contract, and only on the provision that these parties are made subject to the same duty of confidentiality.
The duty of confidentiality does not impede any exchange between the parties of experiences and competence acquired in connection with performance of the contract.
This duty of confidentiality shall endure even after the termination of the contract. Employees or others whose appointment with either party ends, shall have a duty to keep confidential any information specified above even after the end of their appointment. This duty of confidentiality shall cease five (5) years after termination of the contract, unless otherwise mandated by laws or regulations.
The service provider must bear any and all costs associated with integration with Feide. The integration shall not cause Uninett to incur any connection costs.
Any financial obligations between the service provider and host organizations shall be regulated by the agreement between the provider and its customers, and Uninett shall not be a party to any of these agreements.
8.1. Fees for the use of ID-porten
Feide may be billed for other services’ use of ID-porten. An invoice will be issued if the total number of log-ins via ID-porten from services connected to Feide exceeds a certain limit. From ID-porten’s perspective, all services connected to Feide are considered a single service, and Uninett will be billed if these services in total causes Feide to become one of ID-porten’s largest users.
In the event Feide is billed for its services’ use of ID-porten, Uninett will, in turn, bill the service providers who are using ID-porten. This onward invoicing will be based on the service provider’s share of the total number of ID-porten log-ins through Feide.
9. Government orders, etc.
Uninett is at all times subject to any government orders and frameworks defined by Uninett’s owner. If government orders or revised frameworks concerning Uninett’s activities significantly affect performance of the contract, Uninett may demand any and all necessary amendments to the contract, e.g. by implementing price changes. Uninett will give written notice of any and all changes that will be effected.
The changes will take effect when the service provider receives the notice, or at a later date specified in the notice.
Within one month of receiving such a notice, the service provider may terminate the contract, effective immediately, without regard for article 14 on termination. This, however, only applies if the changes significantly affect the service provider.
10. Breach of contract
10.1. Material breach of contract
A breach of contract is defined as any objective deviation from what has been agreed. In the event of material breach of contract, Uninett may disconnect the service provider or the service in question from Feide. If so, Uninett must without undue delay inform the service provider of this in writing. The provider’s technical contact persons must be notified via e-mail without undue delay.
Material breach of contract includes, but is not limited to:
- abuse of Feide;
- abuse of information available in/via Feide or the Customer Portal;
- facilitating for or executing a security breach; or
- inadequate follow-up of any security breach
In such situations, the provider must, at its own cost, remedy any inconvenience caused to its own customers as a result of the disconnection.
10.5. Limitation of liability
Uninett cannot be held liable for any loss, damage or costs incurred as a result of the provider’s use of Feide. This limitation of liability, however, does not apply in the event of gross negligence or intentional action on the part of Uninett personnel.