...
Typically, an IdP will use the registered-by-incommon
entity attribute (if it uses it all) to constrain its attribute release policy. A number of sample policy rules are illustrated in the subsections below.
Note |
---|
title | Do not filter SP metadata! |
---|
|
An interoperable IdP consumes all the SP metadata in the world, no exceptions. Consequently, an IdP does not filter metadata. Instead an interoperable IdP implements a rational set of attribute release rules, subject to local policy. |
Anchor |
---|
| default-attribute-release |
---|
| default-attribute-release |
---|
|
...