Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: align with CoCo2 updates



  • Release only Attributes that are adequate, relevant and not excessive for the Service ProviderIf the Service Provider requests only a particular Attribute value, release only that value and no other values
    • for instance, if the Service Provider requests only eduPersonAffiliation="member", do not release eduPersonAffiliation="faculty"
    • for instance, if the Service Provider requests only eduPersonEntitlement="", do not release eduPersonEntitlement=""
    • see SAML 2 Profile for the Code of Conduct for details on SAML metadata for requesting only particular values
  • Inform the end user on the Attribute release
    • by providing the following information to the user when s/he is accessing a new Service Provider for the first time
      • the identity of the Service Provider Organisation (mdui:DisplayName and mdui:Logo, if available, for better usability and look-and-feel)
      • the purpose of the service (mdui:Description)
      • a clickable link to the Service Provider's Privacy Notice document (mdui:PrivacyStatementURL)
      • for each Attribute, the Attribute name, description and value
      • an easily understood label can be displayed instead of displaying several closely related Attributes (eg the various name Attributes)
    • user can be provided a checkbox "don't show this information again". If they check it, the information above is not provided next time they log in to this Service Provider.
    • see How the Home organisation should inform the End user for details and GUI recommendations on how to inform the end user
  • use the data controller's legitimate interests as the legal grounds for attribute release