Versions Compared

Old Version 90

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 91

changes.mady.by.user Paul Scott

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Proof read ; minor grammar/spelling corrections

...

Info
titleDefinition

The GÉANT Data protection Code of Conduct (CoC) defines an approach on at a European level to meet the requirements of the European Union Data Protection Directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct..

CoC is used in the eduGAIN interfederation to make service services available to users of European higher education institutions. The CoC makes it possible to automatically release mostly harmless attributes to Service Providers witch fulfills which fulfill the EU Data Protection Directive. The expected IdP behavior behaviour is to release by the service required subset of the attributes eptid, eppn, email, displayName, scoped affiliation and schacHomeOrganization.

Process for applying for tagging a service with entity category GÉANT Dataprotection Code of Conduct

For a service to be taged tagged with CoC it must contact the federation that it has registered with. If the service is registered within the SWAMID federation the service operator sends an e-mail to operations@swamid.se with a formal request.

...

  • Purpose and scope of the service.
  • Documentation of which proves that the service has fulfilled all the requirements for CoC.

Upon receiving a request SWAMID operations will respond within a fortnight.

SWAMID Service Provider Attribute Release Entity Categories

These categories defines define the release of mostly harmless personal attributes to a Service Provider (SP) from a Identity Provider (IdP). It 's is used together with SWAMID Data Protection Entity Categories below.

...

For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The recommended IdP behavior behaviour is to release name, eppn, eptid, mail and eduPersonScopedAffiliation which also aligns with the InCommon recommendation only if the services is also in at least one of the safe data processing categories. It is also a recommendation recommended that static organisational information is released.

...

  • Purpose and scope of the service.
  • Valid SWAMID Data Protection Entity Category, iei.e. what type of organisation is legally responsible for the Service. The options are defined below (HEI Service, NREN Service or EU Adequate Protection).

...

Examples of services that are viable for this entity category is a course registration self service and a student account creation service, a learning progression registration service and a an internship administration self service.

...

These categories indicate category classifaction of Identity Providers (IdP) that can release mostly harmless personal attributes to a Service Provider (SP) in conjunction with the Swedish Personal Data Act. It 's is used together with the SWAMID Service Provider Attribute Release Entity Categories above.

...

Info
titleDefinition

The application is compliant with either

This category includes for instance applications that is operated within Sweden or declares compliance with US safe-harbor harbour and is operated in the US.