Skip to main content

Terms of Use for Stanford SPDB

A. Agreement to Provide Ongoing Technical Support

Each registered Service Provider must:

  • Be associated with one or more Technical Contacts who:
    • Verify that the Service Provider is authenticating properly.
    • Act on communications about Stanford IdP updates, outages, and issues.
    • Make necessary changes to the registered Service Provider metadata (e.g., when metadata expires).
  • Ensure that the contact email address can receive messages from saml-announce@lists.stanford.edu.

B. Data Protection Code of Conduct

By submitting Service Provider metadata to the SPDB application, you agree that the Service Provider will:

  • Abide by the GEANT Data Protection Code of Conduct.
  • Only request, process, and retain attributes necessary for enabling access to the provided service.
  • Not process attributes for any other purpose.
  • Follow the complete stipulations outlined in the referenced Code of Conduct.

C. Restriction on Acting as an Identity Provider Proxy

  • No Service Provider receiving attributes from Stanford's Identity Provider may act as an Identity Provider proxy.
  • Explicit permission must be obtained from the Stanford Identity Provider team before doing so.
Last modified