Versions Compared

Old Version 83

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 84

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Code of conduct informational update

...

Info
titleDefinition

The GÉANT Data protection Code of Conduct (CoC) defines an approach on European level to meet the requirements of the EU data protection directive European Union Data Protection Directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct..

CoC is used in the eduGAIN interfederation to make service available to users of European higher education institutions. The CoC makes it possible to automatically release mostly harmless attributes to Service Providers witch fulfills the EU Data Protection Directive without breaking the Swedish Personal Data Act.

Expected IdP Behavior: Release eptid, eppn, email, displayName, scoped affiliation and schacHomeOrganization if mandatory requested by the Service Provider.

Process for applying for tagging a service with entity category GÉANT Dataprotection Code of Conduct

For a service to be taged with CoC it must contact the federation that it has registered with. If the service is registered within the SWAMID federation the service operator sends an e-mail to operations@swamid.se with a formal request.

The request must contain the following information:

  • Purpose and scope of the service.
  • Documentation of that the service has fulfilled all requirements for CoC.

Upon receiving a request SWAMID operations will respond within a fortnight.

SWAMID Service Provider Attribute Release Entity Categories

...

Category

Description

Expected IdP Behavior

research-and-education

SP is an application that directly or indirectly supports HEI institutions.

Release eptid, eppn, email, name and scoped affilation affiliation plus static organisational information only if the SP is any of the above defined SWAMID Data Protection Entity Categories.

sfs-1993-1153

SP is an application that fulfills SFS 1993:1153

Release eduPersonNIN.

...

Upon receiving a request SWAMID operations will *respond * respond within a fortnight.

SFS 1993:1153

...