...
- the SP admin asks his/her boss if it is OK to commit to the iCoCo. The boss says carelessly “yes”
- the next day the boss has studied the issue more, changed his/her mind and says that s/he hasn’t ever heard of the iCoCo and if s/he had s/he wouldn’t have ever allowed the organization to commit to the CoCo
Alternative solutions (from strong to weak evidence)
- The SP-organisation needs to present a paper with wet or qualified e-signature from a management level person saying “we are committed to the Code of Conduct and I’m a truly representative person of the organization”
- The manager level person needs to log in to something using his/her personal account and click a button saying “we are committed to the Code of Conduct and I’m a truly representative person of the organization”. Pressing the button is logged.
- The manager level person needs to send email to someone in eduGAIN to say “we are committed to the Code of Conduct and...
- We have what we have for the GÉANT CoCo at the moment. Only element in SAML2 metadata and a link in the privacy policy document.
Proposed solution (alternative 2)
- There is an iCoCo Staging service that is registered as an SP to relevant (non-EU/EEA) federations
- the Staging service must be able to trust the users authenticated from non-EU/EEA IdPs
- the Staging service must be able to receive sufficient PII attributes from the IdP
- The iCoCo staging service is part of or is closely coupled to the SAML2 metadata management service of an eduGAIN participant federation
- The non-EU/EEA SP goes through the following workflow to commit to the international CoCo
...