Child pages
  • Requirements for Federations Operators Assessing R&S

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


RequirementImplementation
1.The Federation Operator actively declares support for R&SDeclare support by email to contact@refeds.org.  This will be re-verified as part of the REFEDS annual audit.
2.Maintain a detailed description of the federation's administrative process for tagging a Service Provider with R&SHost a wiki or web page with information for SPs. 
 3.Have a clear assessment process for Service Providers

Consider using the following checks:

  •  Can the SP demonstrate a reasonable need to use the full R&S bundle?
  •  Is there a relevant and appropriate relatioship relationship between the data subject and the Service Provider?
  •  Would there be a reasonable expectation on the part of the data subject that personal data will be released?
  •  Does the Service Provider demonstrate appropriate safe-guards / effective behaviour regarding data protection (e.g. do they have a privacy notice? do they use a code of conduct etc?)
  •  Does the entity meet the registration criteria in Section 4 of the specification?
4.Have a Process for reviewing use of R&SHave measures in place to review R&S where you are the Registration Authority.  This may be in line with the annual REFEDS review of R&S.
5.Have a Process for removing R&S from a Service ProviderHave a simple process that allows for the removal of R&S if an entity no longer meets the requirements, cannot demonstrate compliance or no longer wishes to support R&S.

...