Data Protection Code of Conduct for Identity Federations

The Data protection Code of Conduct describes an approach to meet the requirements of the EU Data Protection Directive in federated identity management. It defines behavioral rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations. It is expected that Home Organisations are more willing to release attributes to Service Providers who manifest conformance to the Code of Conduct.

The Code of Conduct has been developed by REFEDS attribute release workgroup and the GEANT eduGAIN project. A pilot was carried out in the CLARIN community during Autumn 2012.



  • Mikael Linden, CSC – IT Center for Science, Finland
  • Steven Carmody, Brown University, R.I. USA

Part of session

Federation by design

Related documents