...
| Info | ||
|---|---|---|
| ||
The GÉANT Data protection Code of Conduct (CoCo) defines an approach at a European level to meet the requirements of the European Union Data Protection Directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct. |
| Info | ||
|---|---|---|
| ||
An updated version of the GÉANT Data protection Code of Conduct (CoCo) based on the new European Union Data Protection Regulation is underway and the current version will be used until it arrives. The new updated CoCo should be a Code of Conduct as described in GDPR and therefore the update takes longer than expected. The current version of CoCo is in the same spirit as GDPR, i.e. the Charter of Fundamental Rights of the European Union. |
CoCo is used both within SWAMID and in the eduGAIN interfederation to make services available to users of the higher education institutions in Sweden and around Europe. The CoCo makes it possible to automatically release mostly harmless attributes to Service Providers which fulfil the EU Data Protection legislation. The expected Identity Provider behaviour is to release the Service Provider required attributes if the IdP is able to. Required attributes means attributes the service must have to be able to work for the user. However it's possible to require more than one attribute of a specific type, i.e. name and identifier attributes, to increase the possibility to get the needed set of attributes. The required attributes for a specific service is defined in the the service metadata and must be described in the mandatory Service Provider Privacy Policy. There is furthermore an CoCo is used both within SWAMID and in the eduGAIN interfederation to make services available to users of the higher education institutions in Sweden and around Europe. The CoCo makes it possible to automatically release mostly harmless attributes to Service Providers which fulfil the EU Data Protection legislation. The expected Identity Provider behaviour is to release the Service Provider required attributes if the IdP is able to. Required attributes means attributes the service must have to be able to work for the user. However it's possible to require more than one attribute of a specific type, i.e. name and identifier attributes, to increase the possibility to get the needed set of attributes. The required attributes for a specific service is defined in the the service metadata and must be described in the mandatory Service Provider Privacy Policy. There is furthermore an identity provider entity support category that should be registered for all Identity Provider that supports the CoCo entity category that can be used for filter purpose in a discovery service.
| Info | ||
|---|---|---|
| ||
An updated version of the GÉANT Data protection Code of Conduct (CoCo) based on the new European Union Data Protection Regulation is underway and the current version will be used until it arrives. The new updated CoCo should be a Code of Conduct as described in GDPR and therefore the update takes longer than expected. The current version of CoCo is in the same spirit as GDPR, i.e. the Charter of Fundamental Rights of the European Union. |
Expected attribute availability from an Identity Provider for attributes required by indication in metadata
...