You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The Data protection Code of Conduct (CoCo) enables safe attribute release between Identity and Service Providers within EU.

The following steps explain how to support the Code Of Conduct for a Service Provider.

  1. Read and understand the GEANT Data protection Code of Conduct for SPs:
  2. SP’s jurisdiction:
    • Is the SP established in EU/EEA, or in a country/jurisdiction with adequate data protection (the EC white-list)?
    • The GEANT Data protection Code of Conduct for SPs in EU/EEA is only applicable for those SPs
  3. Find out if the organization that is responsible for the SP feels comfortable to commit to the GEANT data protection Code of Conduct for SPs:
    • As an SP administrator, you may need to ask someone above you in your organization
    • Remember: In many cases there is nothing to worry about because in EU/EEA countries, many of the CoCo requirements are already mandated by the data protection laws
  4. Develop a list of attributes that are necessary for enabling access to the service:
  5. Provide a name and description for the service:
    • There must be at least an English name and description
    • Choose names that are meaningful  for the end user who might not be familiar yet with the service
    • Good example:
      • Name: University of Tübingen's Weblicht tool for linguistics research
      • Description: WebLicht is a chaining tool for linguistics research. It provides an execution environment for automatic annotation of text corpora.
    • Bad example:
      • Name: Finna
      • Description: Public Interface Finna.
  6. Develop and publish a Privacy policy document:
  7. Ensure that the Service Provider is registered in your federation/eduGAIN with the following SAML2 metadata elements:
    • Entity Category attribute for the Code of Conduct
    • mdui:PrivacyStatementURL
    • list of md:RequestedAttributes 
    • mdui:Displayname (recommended) 
    • mdui:Description (recommended) 
    • For details of these elements, see SAML 2.0 profile for the Code of Conduct
    • How these elements are registered depends on your local federation
    • Find below an example of how the metadata looks like for a Service Provider that supports the GEANT Code Of Conduct.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

<!-- This is the GEANT Code of Conduct Entity Attribute. Might be set by the federation operator only -->
 
   
    http://www.geant.net/uri/dataprotection-code-of-conduct/v1
   
 
 
 
 
 
   
 
    <!-- This URL must contain a privacy statement that must include a link to the GEANT Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) -->
    https://wiki.edugain.org/eduGAIN:Privacy_policy
 
    <!-- At minimum an English display name and a description -->
    eduGAIN Wiki
    This wiki provides recommendations and instructions on how to enable web services for eduGAIN.
 
    eduGAIN Wiki
    Dieses Wiki enthält Empfehlungen und Anleitungen um Webdienste für eduGAIN anzupassen.
    eduGAIN Wiki
    Ce wiki met à disposition des recommandations et instructions expliquant comment intégrer des services web dans eduGAIN.
   
 
 
[... More SAML metadata ...]

  • No labels