Versions Compared

Old Version 18

changes.mady.by.user Nicole Harris

Saved on

compared with

New Version 19

changes.mady.by.user Tom Scavo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See section 6 of the R&S Entity Category specification for a precise definition of the minimal subset of the R&S attribute bundle.

How

...

do I configure an IdP to release attributes to R&S SPs?

 

To release attributes to all current and future R&S SPs with a one-time configuration, an IdP leverages entity attributes (instead of entity IDs). Thus the configuration steps documented in the R&S IdP Config topic require Shibboleth IdP v2.3.4 or later, which fully supports using entity attributes in SP metadata as part of an attribute release filter policy.

 

No other SAML IdP software is known to support entity attributes at this time.

...

What is the difference between R&S and the Code of Conduct?

The GÉANT Data Protection Code of Conduct is a process that allows Service Providers to commit to a series of declarations of support for data protection within the context of the EU Data Protection Directive.  Like R&S, it results in the application of an entity category tag and is intended to give greater confidence to IdPs when releasing data. 

 

  • The Code of Conduct is designed to help IdPs feel more comfortable with the SPs intentions to abide by existing data protection law and therefore have relationship with them, but does not define attribute release and does not work outside of Europe in its current form, although an international version is being explored.
  • R&S is designed to help IdPs that are struggling to define any sort of attribute release policies have an easier way of mitigating the risk and designing policies for a small subset of Service Providers that have been through some minimal vetting. It can be used by any federation globally.  

If an IdP restricts attribute release to some subset of R&S SPs, can that IdP declare support for R&S?

...

The latter includes dev and/or staging instances of the overall Service Provider deployment.

What is the difference between R&S and the Code of Conduct?

The GÉANT Data Protection Code of Conduct is a process that allows Service Providers to commit to a series of declarations of support for data protection within the context of the EU Data Protection Directive.  Like R&S, it results in the application of an entity category tag and is intended to give greater confidence to IdPs when releasing data. 

  • The Code of Conduct is designed to help IdPs feel more comfortable with the SPs intentions to abide by existing data protection law and therefore have relationship with them, but does not define attribute release and does not work outside of Europe in its current form, although an international version is being explored.
  • R&S is designed to help IdPs that are struggling to define any sort of attribute release policies have an easier way of mitigating the risk and designing policies for a small subset of Service Providers that have been through some minimal vetting. It can be used by any federation globally.