Trust and Internet Identity Meeting Europe
11-14 Feb 2019: Workshops and Unconference

Prescriptive Attribute profile

(Peter Schober)

How the IdP knows which attribute should be sent to the SP

best practice?

Informal

The guide for the SP which has a list of requirements the version 2 CoCO I care about the CoCo

The simple idea of the CoCo 2.0 If the application need an identifier so we have the SAML attribute profile If you need an identifier

Standard efforts to comply with the GDPR

Part of the project is mapping having the SAML

Standardizing

Scott notes in the US lots of institutions don’t have the data to fill the attributes. Renaming the identifier won’t improve anything.

Possible helpful links:

- [https://wiki.geant.org/display/eduGAIN/CoCo+Training+2015](https://wiki.geant.org/display/eduGAIN/CoCo+Training+2015)
- [https://wiki.refeds.org/display/CODE/Introduction+to+Code+of+Conduct](https://wiki.refeds.org/display/CODE/Introduction+to+Code+of+Conduct)
- [https://wiki.refeds.org/display/CODE/Code+of+Conduct+ver+2.0+project](https://wiki.refeds.org/display/CODE/Code+of+Conduct+ver+2.0+project)
- [https://wiki.oasis-open.org/security/SAMLSubjectIDAttr](https://wiki.oasis-open.org/security/SAMLSubjectIDAttr)
- [https://wiki.refeds.org/display/GROUPS/Transforming+Identifiers+between+OIDC+and+SAML](https://wiki.refeds.org/display/GROUPS/Transforming+Identifiers+between+OIDC+and+SAML)
- [https://refeds.org/category/research-and-scholarship](https://refeds.org/category/research-and-scholarship)

Conclusion:

Risk management