SRCE operates a tool that regularly browses through the eduGAIN metadata and
- checks that the elements asserting compliance to the Data protection Code of Conduct conform to the SAML2 metadata profile for the Data protection Code of Conduct
- checks that the Privacy Policy referenced by mdui:PrivacyStatementURL resolves to a page which references the Data Protection Code of Conduct
- archives the SP's Privacy Policy page for the audit trail
On-line interface
The tool has an on-line interface in http://monitor.edugain.org/coco/
The tool uses following colours for SPs
Colour | id_status | code | Description |
---|---|---|---|
White | 1 | The SP does not assert compliance to the Data Protection Code of Conduct | |
Green | 2 | The SP conforms to the REQUIRED and RECOMMENDED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct | |
Yellow | 3 | The SP conforms to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct | |
Red | 4 | <> -1 | The SP does not conform to the REQUIRED behavior described in the SAML2 metadata profile for the Data protection Code of Conduct |
Gray | 4 | -1 | The SP can not be checked properly (Unable to access Privacy Policy URL) |
For description of the columns, see below.
JSON interface
The monitoring tool provides also a JSON feed on the monitoring results in http://monitor.edugain.org/coco/json.php
If called without parameters feed shows only "green" and "yellow" entities (entities with id_status=2 or id_status=3).
All entities can be fetched using query string parameter all_sps=true. Example: http://monitor.edugain.org/coco/json.php?all_sps=true
Specific entity can be fetched using query string parameter entityid=<URLENCODED_ENTITYID>. Example: http://monitor.edugain.org/coco/json.php?entityid=https%3A%2F%2Fwiki.edugain.org%2Fshibboleth
The table below describes the JSON feed. You can request particular attributes by enumerating their names in the query string. Example: http://monitor.edugain.org/coco/json.php?attributes=DisplayName;entityID
Attribute name (JSON) | Attribute description |
---|---|
entityID | SP's SAML2 entityID |
registrationAuthority | mdrpi:RegistrationInfo element’s registrationAuthority attribute |
DisplayName | mdui:displayName element. If multivalued, only the value with xml:lang="en" is present |
first_seen | Timestamp when the monitoring tool has first encountered this SP |
last_seen | Timestamp when the monitoring tool has last encountered this SP |
id_status | Observed colour of the SP; see the table above |
status | Textual representation of the id_status attribute |
PrivacyStatementURL | mdui:PrivacyStatementURL element. If multivalued, only the value with xml:lang="en" is present |
code | (HTTP) status code when fetching the page to which mdui:PrivacyStatementURL resolves; codes less then 0 represent errors in page access |
code_txt | HTTP status code description / error code description |
content_type | The content type of the page to which mdui:PrivacyStatementURL resolves |
headers | Headers of the page to which mdui:PrivacyStatementURL resolves |
cookies | Cookies of the page to which mdui:PrivacyStatementURL resolves |
source_b64 | A copy of the last archived page to which mdui:PrivacyStatementURL resolves (BASE64 encoded) |
Custom SAML2 metadata file validation
You can also validate a custom SAML2 metadata file's compliance to the Data Protection Code of Conduct
- you provide the URL of the metadata file to validate
- you receive the results by e-mail
The custom metadata validator: http://monitor.edugain.org/coco/?show=cod