(Peter Schober)
How the IdP knows which attribute should be sent to the SP
best practice?
Informal
The guide for the SP which has a list of requirements the version 2 CoCO I care about the CoCo
The simple idea of the CoCo 2.0 If the application need an identifier so we have the SAML attribute profile If you need an identifier
Standard efforts to comply with the GDPR
Part of the project is mapping having the SAML
Standardizing
Scott notes in the US lots of institutions don’t have the data to fill the attributes. Renaming the identifier won’t improve anything.
Possible helpful links:
- [https://wiki.geant.org/display/eduGAIN/CoCo+Training+2015](https://wiki.geant.org/display/eduGAIN/CoCo+Training+2015)
- [https://wiki.refeds.org/display/CODE/Introduction+to+Code+of+Conduct](https://wiki.refeds.org/display/CODE/Introduction+to+Code+of+Conduct)
- [https://wiki.refeds.org/display/CODE/Code+of+Conduct+ver+2.0+project](https://wiki.refeds.org/display/CODE/Code+of+Conduct+ver+2.0+project)
- [https://wiki.oasis-open.org/security/SAMLSubjectIDAttr](https://wiki.oasis-open.org/security/SAMLSubjectIDAttr)
- [https://wiki.refeds.org/display/GROUPS/Transforming+Identifiers+between+OIDC+and+SAML](https://wiki.refeds.org/display/GROUPS/Transforming+Identifiers+between+OIDC+and+SAML)
- [https://refeds.org/category/research-and-scholarship](https://refeds.org/category/research-and-scholarship)
Conclusion:
Risk management
