Code of Conduct Monitoring Tool

SRCE operates a tool that regularly browses through the eduGAIN metadata and

checks that the elements asserting compliance to the Data protection Code of Conduct conform to the SAML2 metadata profile for the Data protection Code of Conduct
checks that the Privacy Policy referenced by mdui:PrivacyStatementURL resolves to a page which references the Data Protection Code of Conduct
archives the SP's Privacy Policy page for the audit trail
the ip address of the CoCo monitoring tool is 161.53.2.204
value of the User-Agent request header sent by CoCo monitoring tool is "eduGAIN CoCo Monitor v1.0"

The tool has an on-line interface in http://monitor.edugain.org/coco/

The tool uses following colours for SPs

Colour	id_status	code	Description
White	1		The SP does not assert compliance to the Data Protection Code of Conduct
Green	2		The SP conforms to the REQUIRED and RECOMMENDED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct
Yellow	3		The SP conforms to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct
Red	4	<> -1	The SP does not conform to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct
Gray	4	-1	The SP can not be checked properly (Unable to access Privacy Policy URL)

For description of the columns, see below.

The monitoring tool provides also a JSON feed on the monitoring results in http://monitor.edugain.org/coco/json.php

If called without parameters feed shows only "green" and "yellow" entities (entities with id_status=2 or id_status=3).

All entities can be fetched using query string parameter all_sps=true. Example: http://monitor.edugain.org/coco/json.php?all_sps=true

Specific entity can be fetched using query string parameter entityid=<URLENCODED_ENTITYID>. Example: http://monitor.edugain.org/coco/json.php?entityid=https%3A%2F%2Fwiki.edugain.org%2Fshibboleth

The table below describes the JSON feed. You can request particular attributes by enumerating their names in the query string. Example: http://monitor.edugain.org/coco/json.php?attributes=DisplayName;entityID

Attribute name (JSON)	Attribute description
entityID	SP's SAML2 entityID
registrationAuthority	mdrpi:RegistrationInfo element’s registrationAuthority attribute
DisplayName	mdui:displayName element. If multivalued, only the value with xml:lang="en" is present
first_seen	Timestamp when the monitoring tool has first encountered this SP
last_seen	Timestamp when the monitoring tool has last encountered this SP
id_status	Observed colour of the SP; see the table above
status	Textual representation of the id_status attribute
PrivacyStatementURL	mdui:PrivacyStatementURL element. If multivalued, only the value with xml:lang="en" is present
code	(HTTP) status code when fetching the page to which mdui:PrivacyStatementURL resolves; codes less then 0 represent errors in page access
code_txt	HTTP status code description / error code description
content_type	The content type of the page to which mdui:PrivacyStatementURL resolves
headers	Headers of the page to which mdui:PrivacyStatementURL resolves
cookies	Cookies of the page to which mdui:PrivacyStatementURL resolves
source_b64	A copy of the last archived page to which mdui:PrivacyStatementURL resolves (BASE64 encoded)

You can also validate a custom SAML2 metadata file's compliance to the Data Protection Code of Conduct

Page tree