Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 - mdui:PrivacyStatementURL: PRESENT, MUST be reachable without any authN.
 - mdui:DisplayName: PRESENT
 - mdui:Description: PRESENT and RECOMMENDED "no longer than 140 characters"
 - for all mdui elements there MUST be at least an English value with the  `xml:lang="en"` attribute.
 - Sirtfi:
  - Entity Attribute value:
   - "" 
  - Security Contact:
 - ""

Notes from

...

[CoCov2-

...

SP-

...

BP]

p. 12 Data Minimisation

"In the context of this Code of Conduct, under no circumstances is a Service
Provider Organisation authorised to request End User’s Attribute
revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, trade-union membership, genetic data, biometric data for the
purposes of uniquely identifying a natural person or data concerning health
or sex life or sexual orientation." 
Q: Which means that a service provider cannot run an application that collect health data of patients? 
A: No it means that for the health data collection to take place there need to be in place a specific agreement between the Home Organisation and the SP. Such agreement will take precedence and override the CoCo.

...

https://refeds.org/category/code-of-conduct/v2

[CoCov2-SP-ECBP]

https://refeds.org/category/code-of-conduct/v2/wp-content/uploads/2022/05/REFEDS-CoCo-Best-Practicev2.pdf

[CoCov2-HomeOrg]

https://wiki.refeds.org/display/CODE/Good+practice+for+Home+organisations