Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As this Category definition does not currently specify an attribute bundle (i.e., it doesn't reference specific one set of  attributes which should be released unconditionallyreleased to all category members) the list set of attributes to be released release is basically open-ended. As such you will need to adapt the attribute rules included within the policy, possibly including (fewer or) more attributes, depending on what attributes you have available in your IDP and whether the institution is willing to release them under these terms. In practice, however, only a very limited set of data is being may vary from service to service. The data to transmit under this category is limited to attributes "that are necessary for enabling access to the service provided by the Service Provider" (2.b, "purpose limitation"), though. In practice only a limited set of data may be exchanged within/across academic Identity Federations today: A That could include a person's name, email - address, identifier(s) and role infomation ("affiliation", such as "student" or "staff"), but could also be less than that if the service needs less data to perform apppropriate access control.
The confguration below is an
example based on the most commonly used attributes in Identity Federations today which most/all eduID.at Identity Providers should be able to generate. I..e, this constitutes the upper limit of what an IDP would release to Service Providers requesting data under the GÉANT Data Protection Code of Conduct category.

Expand
titleShow example Shibboleth IDPv3 policy for GEANT EU Code of Conduct:

Include Page
include-CoCo-rules
include-CoCo-rules

...