Below is a security contact metadata extension for identity federations in order to allow handling of security incidents between federation partners.
<EntityDescriptor ... > ... <ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security"> <GivenName>Security Response Team</GivenName> <EmailAddress>mailto:security@institution.edu</EmailAddress> </ContactPerson> ... </EntityDescriptor> |
Correspondence sent to this address must not be publicly archived |
GivenName and EmailAddress are mandatory for a Sirtfi security contact.
Additional information, such as telephone numbers or secondary email addresses, may be added if desired. Only fields from the OASIS Standard for contactType may be added.