...
Home Organisations may consider taking the following steps to reduce their risks
- Study the Code of Conduct for Service Providers and, based on the Home Organisation's local risk management procedures, decide if a Service Provider's unilateral commitment to the Code of Conduct provides the Home Organisation with sufficient guarantees for an Attribute release
- For instance, a Home Organisation may reduce its risks by releasing only non-sensitive attributes. See Introduction to Data protection directive for details on sensitive personal data.
- Ensure that the Service Provider has committed to the Data Protection Code of Conduct for Service Providers
- see Code of Conduct for Service Providers for details on the Code of Conduct
- see SAML 2 Profile for the Code of Conduct for details on SAML metadata indicating SP's commitment
- Tools may be available to scan the Federation metadata and identify the Service Providers which have committed to the Code of Conduct.
- Ensure that the Service Provider's Purpose of Processing is consistent with the Home Organisation's Purpose of Processing (typically, "support Research and Instruction").
- the Code of Conduct does not provide support to this directly
- the Entity Category SAML Entity Metadata Attribute work may assist a Home Organisation with filtering out Service Providers with a conflicting purpose of processing
...
- If the Service Provider requests only a particular Attribute value, release only that value and no other values
- for instance, if the Service Provider requests only eduPersonAffiliation="member", do not release eduPersonAffiliation="faculty"
- for instance, if the Service Provider requests only eduPersonEntitlement="http://xstor.com/contracts/HEd123", do not release eduPersonEntitlement="urn:mace:washington.edu:confocalMicroscope"
- see SAML 2 Profile for the Code of Conduct for details on SAML metadata for requesting only particular values
...
- use the data controller's legitimate interests as the legal grounds for attribute release
- release only attributes that are flagged as NECESSARY (see SAML 2 Profile for the Code of Conduct for details on how this is done)
- see Introduction to Data protection directive for reasoning
- however, in certain jurisdiction (e.g. Switzerland) user consent may be needed for attribute relase
Deferred until Phase 2 of the
...
Code of Conduct
Note: Introduction to Code of Conduct proposes to defer support to optional extra Attributes to Phase 2.
...