Versions Compared

Old Version 190

changes.mady.by.user Fredrik Domeij

Saved on

compared with

New Version 191

changes.mady.by.user Fredrik Domeij

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Purpose and scope of the service.
  • Documentation which proves that the service has fulfilled all the requirements for R&S if it's not defined by purpose and scope of the service.

The Unless the following is already published in current service metadata, the request must contain the following information for metadata publication:

  • Well functional SAML2 metadata for the service with an entityid in URL-form.
  • Display name for the Service in Swedish and English for use in Identity Providers login pages and Discovery Services.
  • Short description of the Service in Swedish and English for use in Identity Providers login pages and Discovery Services.
  • Mail address to the technical and/or support contact for the service.
  • Organisation name of the organisation delivering the service
  • URL to the organisation delivering the service.

...

  • Purpose and scope of the service.
  • A list of the required attributes that the service needs to function (the list is also required in the privacy policy of the service). It 's is possible to require more than one attribute of a specific type, i.e. name and identifier attributes, to increase the possibility to get the needed set of attributes.
  • Documentation which proves that the service has fulfilled all the requirements for CoCo and lawfullness of processing as described in GDPR Article 6 if it's not defined by purpose and scope of the service.

The Unless the following is already published in current service metadata, the request must contain the following information for metadata publication, preferable in xml for direct inclusion in the service metadata:

  • Well functional SAML2 metadata for the service with an entityid in URL-form.
  • Display name for the Service in Swedish and English for use in Identity Providers' login pages and Discovery Services.
  • Short description of the Service in Swedish and English for use in Identity Providers' login pages and Discovery Services.
  • Required attributes of the Service
  • Mail address to the technical and/or support contact for the service.
  • Organisation name of the organisation delivering the service
  • URL to the organisation delivering the service.
  • URL to a publicly accessible web page (not a pdf document) with the service privacy policy in English and maybe Swedish, a privacy policy example template: SWAMID Service Provider Privacy Policy Template. The privacy policy must at least contain:
    • the name, address and jurisdiction of the Service Provider;
    • the purpose or purposes of the processing of the Attributes;
    • a description of the Attributes being processed;
    • the third party recipients or categories of third party recipient to whom he Attributes might be disclosed, and proposed transfers of Attributes to countries outside of the European Economic Area;
    • the existence of the rights to access, rectify and delete the Attributes held about the End User;
    • the retention period of the Attributes; and
    • a reference to this Code of Conduct including the formal reference URL http://www.geant.net/uri/dataprotection-code-of-conduct/v1.

...

  • URL beginning with https to the service logotype for use in Identity Providers login pages and Discovery Services.
  • URL to a informational web page that describes the service in English and probably preferable also in Swedish.

Besides the formal requirements and recommendations of GÉANT Dataprotection Code of Conduct it is highly recommended that the service also adheres to the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi). SIRTFI will be mandatory in the next version of this code of conduct.

...