The Data protection Code of Conduct (CoCo) enables safe attribute release between Identity and Service Providers within EU.
The following steps explain how to support the Code Of Conduct for a Service Provider.
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://filesender.example.org/"> <Extensions> <EntityAttributes xmlns="urn:oasis:names:tc:SAML:metadata:attribute"> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</AttributeValue> </Attribute> </EntityAttributes> </Extensions> <SPSSODescriptor> <Extensions> <UIInfo xmlns="urn:oasis:names:tc:SAML:metadata:ui"> <!-- At minimum an English display name and a description --> <DisplayName xml:lang="fi">FileSender</DisplayName> <DisplayName xml:lang="en">FileSender</DisplayName> <Description xml:lang="fi">FileSender tarjoaa helpon tavan jakaa suuria tiedostoja.</Description> <Description xml:lang="en">FileSender offers an easy way to share large files with anyone.</Description> <!-- This URL must contain a privacy statement that must include a link to the GEANT Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) --> <PrivacyStatementURL xml:lang="fi">https://filesender.example.org/privacy-fi.html</PrivacyStatementURL> <PrivacyStatementURL xml:lang="en">https://filesender.example.org/privacy-en.html</PrivacyStatementURL> </UIInfo> </Extensions> <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://filesender.example.org/saml/acs" index="1"/> <AttributeConsumingService> <RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> </AttributeConsumingService> </SPSSODescriptor> </EntityDescriptor> |