General Requirements
- MUST implement apply privacy by design principles. The Mand privacy by default principle as expressed in art. 25 GDPR [GDPR-ART-25].
- MUST not require manual creation of user accounts on the service side.
- MUST NOT require manual management of access rights on the service side.
- MUST provide contact information of the following types:
- Technical and/or Helpdesk/Support contact information
- Security/incident response
- MUST have a logo recognisable by the end users. The logo SHALL:
- use a transparent background where appropriate to facilitate the usage of logos within a user interface
- use PNG, or GIF (less preferred), images
- use HTTPS URLs in order to avoid mixed-content warnings within browsers
- have a size smaller than 50000 characters when encoded in base64
- SHOULD create local account mappings just-in-time, when the user first interacts with the service using the user information provided by the GEANT AAI Service. In the case that the service requires the local accounts and mappings to be pre-provisioned, then it must provide a documented API, which can be used for the provisioning of the accounts.
- Access management should be performed based on the groups and roles made available by the GEANT AAI Service. In the case that the service requires the access management to happen on the service side, then it must provide a documented API, which can be used to manage the access rights of the users.
- Users must be identified using one of the User Identifier claims described in [GN-Attrs-UserID]
...