Versions Compared

Old Version 211

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 212

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For REFEDS Research and Scholarship there is no formal requirement that the service shall publish a public Privacy Policy. However it's recommended that all services that are registered in SWAMID must have a Privacy Policy to inform end users about how personal data are processed. SWAMID have published a Service Provider Privacy Policy Template for GÉANT Data Protection Code of Conduct that can be used except for the last section.

...

  • Well functional SAML2 metadata for the service with an entityid in URL-form.
  • Display name for the Service in Swedish and English for use in Identity Providers login pages and Discovery Services.
  • Short description of the Service in Swedish and English for use in Identity Providers login pages and Discovery Services.
  • Mail address to the technical and/or support contact for the service.
  • Organisation name of the organisation delivering the service
  • URL to the organisation delivering the service.

The request is highly recommended to also have the following information for metadata publication:

  • URL beginning with https to the service logotype for use in Identity Providers login pages and Discovery Services.
  • URL to a web page with the service privacy policy in English and maybe Swedish.
  • URL to a informational web page that describes the service in English and probably in Swedish.
  • URL to a web page with the service privacy policy in English and probably Swedish, a privacy policy example template: SWAMID Service Provider Privacy Policy Template. Please remove the section about GÉANT Dataprotection Code of Conduct if you use the Privacy Policy TamplatePolicy Tamplate.

The request is highly recommended to also have the following information for metadata publication:

  • URL beginning with https to the service logotype for use in Identity Providers login pages and Discovery Services.

Besides the formal requirements and recommendations of REFEDS R&S it is highly recommended that the service also adheres to the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi).

...

  • Well functional SAML2 metadata for the service with an entityid in URL-form.
  • Display name for the Service in Swedish and English for use in Identity Providers' login pages and Discovery Services.
  • Short description of the Service in Swedish and English for use in Identity Providers' login pages and Discovery Services.
  • Required attributes of the Service
  • Mail address to the technical and/or support contact for the service.
  • Organisation name of the organisation delivering the service
  • URL to the organisation delivering the service.
  • URL to an informational web page that describes the service in English and preferable also in Swedish.
  • URL to a publicly accessible web page (not a pdf document) with the service privacy policy in English and maybe Swedish, a privacy policy example template: SWAMID Service Provider Privacy Policy Template. The privacy policy must at least contain:
    • the name, address and jurisdiction of the Service Provider;
    • the purpose or purposes of the processing of the Attributes;
    • a description of the Attributes being processed;
    • the third party recipients or categories of third party recipient to whom he Attributes might be disclosed, and proposed transfers of Attributes to countries outside of the European Economic Area;
    • the existence of the rights to access, rectify and delete the Attributes held about the End User;
    • the retention period of the Attributes; and
    • a reference to this Code of Conduct including the formal reference URL http://www.geant.net/uri/dataprotection-code-of-conduct/v1.

...

  • URL beginning with https to the service logotype for use in Identity Providers login pages and Discovery Services.
  • URL to an informational web page that describes the service in English and preferable also in Swedish.

Besides the formal requirements and recommendations It's also a formal requirement of GÉANT Dataprotection Code of Conduct it is highly recommended Conduct that the service also adheres to the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi). SIRTFI will be mandatory in the next version of this code of conduct.

Release without any recognised Entity Categories

...