Versions Compared

Old Version 121

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 122

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An IdP that supports R&S locally is configured with a policy rule that releases the R&S Attribute Bundle to R&S SPs registered by InCommon only. To do this, an instance of Shibboleth IdP V3 leverages either the Registered By InCommon Category or  and/or MD-RPI Elements as shown in the following pair of examples:

Code Block
languagexml
titleExample 1: Releasing attributes to R&S SPs registered by InCommon
<!-- for Shibboleth IdP V3.2.0 or later -->
 <!-- policy relies on two entity attributes -->

<afp:PolicyRequirementRule xsi:type="AND">
  <Rule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <Rule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
</afp:PolicyRequirementRule>
Code Block
languagexml
titleExample 2: Releasing attributes to R&S SPs registered by InCommon
<!-- for Shibboleth IdP V3.2.0 or later -->

<!-- policy relies on an entity attribute and the RegistrationInfo element -->
 
<afp:PolicyRequirementRule xsi:type="AND">
  <Rule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <Rule xsi:type="RegistrationAuthority"
      registrars="https://incommon.org"/>
</afp:PolicyRequirementRule>

...