Page History

...

Non-technical findings

Service Providers’ willingness to commit to the Code of Conduct

...

In a "Call for action on federated identity" CLARIN-D and DARIAH-DE identified a common set of 6 attributes which are required to enable Web-SSO-based collaboration within both research infrastructures. 

Other SAML 2.0 metadata elements

The service providers also introduced names (e.g. “Lux17 Service Provider”) and descriptions (e.g. "Max Planck Institue for Psycholinguistics Lux17 Service Provider") which were not very understandable and useful for common end users. 

Home federation's role

Based on the sections above, it appears that there is a need that some external body makes a light sanity check the the service provider's Privacy Policy document, list of requested attributes and other SAML 2.0 metadata elements. In an identity federation, the natural party is the federation operator.

However, a design goal of the Code of Conduct has been to avoid the federation operator becoming liable for the service provider's omissions. The home federation operator cannot perform checks that may expose it to the liability. 

Home Organisations’ willingness to release attributes to Service Providers committed to the Code of Conduct

...

The Code of Conduct introduces Federation operator's guidelines suggesting that the home federation operator stores the Privacy Policy document of the Service Provider for future evidence. While this can be done manually, it could also be replaced by a fully automated webcrawler that browses the SAML2 metadata file and stores the Privacy Policy documents automatically. The crawler could be provided and operated e.g. by the eduGAIN interfederation service.

...

The Code of Conduct covers Notes on Implementation of INFORM/CONSENT GUI Interfaces which are not currently supported by common Identity Provider products. Separate projects are needed to implement and release the recommendations in Identity Provider products/modules such as

...