Old REFEDS Advice:
Logo: “specifies the external location of a localized logo fit for display to users. This element extends the anyURI schema type with the following attributes:
height [Required]: The rendered height of the logo measured in pixels.
width [Required]: The rendered width of the logo measured in pixels.
xml:lang: Optional language specifier.
- In order to facilitate the usage of logos within a user interface, logos SHOULD:
- Use a transparent background where appropriate
- Use PNG, or GIF (less preferred), images
- Use HTTPS URLs in order to avoid mixed-content warnings within browsers.
- As mentioned in the specification (and above), these should be protected by an https URL so as to avoid mixed content warning.
- Sites (particularly) should be encouraged to avoid hosting their logos on a (Java) servlet container. Apart from the additional load on a (usually) scarce resource, such containers usually push a cookie with every request. Thus, such URLs when rendered by other sites, will be pushing third party cookies.
SAML2Int:
[SDP-MD09] Metadata MUST include an <mdui:UIInfo> element as defined in [MetaUI] containing at least the child elements <mdui:DisplayName> and <mdui:Logo>. An SP’s metadata MUST include the child element <PrivacyStatementURL> [SDP-MD10] The content of the <mdui:Logo> element MUST be either an https URL or an in-line image embedded in a data URI element. The size of the data URI used in a <mdui:Logo> element is not limited to 256 characters.
eduGAIN SAML Profile:
If an <mdui:Logo> element is present, the logo MUST be expressed as a Data URI(embedded logo) or an https URL. URLs used for this element MUST be publicly accessible.