SRCE operates a tool that regularly browses through the eduGAIN metadata and
- checks that the elements asserting compliance to the Data protection Code of Conduct conform to the SAML2 metadata profile for the Data protection Code of Conduct
- checks that the Privacy Policy referenced by mdui:PrivacyStatementURL resolves to a page which references the Data Protection Code of Conduct
- archives the SP's Privacy Policy page for the audit trail
On-line interface
The tool has an on-line interface in http://monitor.edugain.org/coco/
The tool uses following colours for SPs
| Colour | id_status code | Decription |
|---|---|---|
| White | 1 | The SP does not assert compliance to the Data Protection Code of Conduct |
| Green | 2 | The SP conforms to the REQUIRED and RECOMMENDED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct |
| Yellow | 3 | The SP conforms to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct |
| Red | 4 | The SP does not conform to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct |
For description of the columns, see below.
JSON interface
The monitoring tool provides also a JSON feed on the monitoring results in http://monitor.edugain.org/coco/json.php
If called without parameters feed shows only "green" and "yellow" entities (entities with id_status=2 or id_status=3).
All entities can be fetched using parameter all_sps=true in query string. Example: http://monitor.edugain.org/coco/json.php?all_sps=true
Specific entity can be fetched using query string parameter entityid=<URLENCODED_ENTITYID>. Example: http://monitor.edugain.org/coco/json.php?entityid=https%3A%2F%2Fwiki.edugain.org%2Fshibboleth
The table below describes the JSON feed. You can request particular attributes by enumerating their names in the query string. Example: http://monitor.edugain.org/coco/json.php?attributes=DisplayName;entityID
| Attribute name (JSON) | Attribute description |
|---|---|
| entityID | SP's SAML2 entityID |
| registrationAuthority | mdrpi:RegistrationInfo element’s registrationAuthority attribute |
| DisplayName | mdui:displayName element. If multivalued, only the value with xml:lang="en" is present |
| first_seen | Timestamp when the monitoring tool has first encountered this SP |
| last_seen | Timestamp when the monitoring tool has last encountered this SP |
| id_status | Observed colour of the SP; see the table above |
| status | Textual representation of the id_status attribute |
| PrivacyStatementURL | mdui:PrivacyStatementURL element. If multivalued, only the value with xml:lang="en" is present |
| code | HTTP status code when when fetching the page to which mdui:PrivacyStatementURL resolves |
| code_txt | HTTP status code description |
| content_type | The content type of the page to which mdui:PrivacyStatementURL resolves |
| headers | Headers of the page to which mdui:PrivacyStatementURL resolves |
| cookies | Cookies of the page to which mdui:PrivacyStatementURL resolves |
| source_b64 | A copy of the last archived page to which mdui:PrivacyStatementURL resolves (BASE64 encoded) |
Custom SAML2 metadata file validation
You can also validate a custom SAML2 metadata file's compliance to the Data Protection Code of Conduct
- you provide the URL of the metadata file to validate
- you receive the results by e-mail
The custom metadata validator: http://monitor.edugain.org/coco/?show=cod