...
| InCommon Baseline | eduGAIN Baseline | Other Baseline | Actions or Controls | |
|---|---|---|---|---|
| Security | SP01. Controls are in place to reasonably secure information and maintain user privacy | CoCo? Sirtfi? | ||
| Security | SP02. Information received from IdPs is not shared with third parties without permission and is stored only when necessary for SP’s purpose | GDPR | ||
| Security | SP03. Generally-accepted security practices are applied to the SP | Sirtfi? | ||
| Compliance | SP04. Federation metadata is accurate, complete, and includes site technical, admin, and security contacts, MDUI information, and privacy policy URL | Required by eduGAIN: RECOMMENDED: | Federation-specific requirements (as documented by the federation) | |
| Compliance | SP05. Unless governed by an applicable contract, attributes required to obtain service are appropriate and made known publicly | only via CoCo and R&S | AAF (and others): Publish attribute requirements in metadata as RequestedAttribute elements of the AttributeConsumingService. |
...