...
Besides the formal requirements and recommendations of REFEDS R&S it is highly recommended that the service also adheres to the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi).
GÉANT/REFEDS Dataprotection Code of Conduct
entity-category URI | http://www.geant.net/uri/dataprotection-code-of-conduct/v1 and |
---|---|
eduGAIN enabled | Yes |
Info | ||
---|---|---|
| ||
The GÉANT Data protection Code of Conduct (CoCo) defines an approach at a European level to meet the requirements of the European Union Data Protection Directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct. |
...
- Well functional SAML2 metadata for the service with an entityid in URL-form.
- Display name for the Service in English and preferable also in Swedish and English for use in Identity Providers' login pages and Discovery Services.
- Short description of the Service in Swedish and English English and preferable also in Swedish for use in Identity Providers' login pages and Discovery Services.
- Required attributes of the Service
- Mail address to the technical and/or support contact for the service.
- Organisation name of the organisation delivering the service
- URL to the organisation delivering the service.
- URL to an informational web page that describes the service in English and preferable also in Swedish.
- URL to a publicly accessible web page (not a pdf document) with the service privacy policy in English and maybe preferable also in Swedish, a privacy policy example template: SWAMID Service Provider Privacy Policy Template. The privacy policy must at least contain:
- the name, address and jurisdiction of the Service Provider;
- the purpose or purposes of the processing of the Attributes;
- a description of the Attributes being processed;
- the third party recipients or categories of third party recipient to whom he Attributes might be disclosed, and proposed transfers of Attributes to countries outside of the European Economic Area;
- the existence of the rights to access, rectify and delete the Attributes held about the End User;
- the retention period of the Attributes; and
- a reference to this Code of Conduct including the formal reference URL http://www.geant.net/uri/dataprotection-code-of-conduct/v1.
...