Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Current »

REFEDS Data Protection Code of Conduct ver 2.0


The Data protection Code of Conduct v2 describes an approach to meet the requirements of the EU GDPR in federated identity management. The Data protection Code of Conduct defines behavioral rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations. It is expected that Home Organisations are more willing to release attributes to Service Providers who manifest conformance to the Data protection Code of Conduct.

Normative documents

Supporting materials


  • Recipe for a Service Provider
  • Recipe for a Home Organisation
  • Recipe for a Federation Operator

Tools and resources

  • eduGAIN entity browser to check SPs/IdPs using the CoCo in eduGAIN (TBD: update to support CoCo2)
  • Monitoring tool  to monitor eduGAIN SPs' CoCo compliance (TBD: update to support CoCo2)
  • Test SP to test IdPs' attribute release (TBD: update to support CoCo2)

Space contributors


  • No labels