Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • The Service Provider indicates in its SAML 2.0 metadata element that it believes that its Service is being operated in a manner that is consistent with the Code of Conduct for Service Providers
  • Reminding the Service Provider of a potential non-compliance issue is not expected to make the reminding party a joint data controller which shares legal responsibility with the Service Provider. 
  • The federation(s) provides a trusted SAML 2.0 metadata exchange service to the Identity and Service Providers.


There are various ways a Service Provider can violate the Code of Conduct for Service Providers. For instance,

  • request attributes which are not relevant for the service.
  • indicate wrong legal grounds (i.e. NECESSARY or CONSENT REQUIRED) for the requested attributes.
  • omit publishing a privacy policy or publish an insufficient privacy policy.
  • omit installing security patches.
  • etc.