...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:PolicyRequirementRule xsi:type="basic:AND">
<basic:Rule xsi:type="saml:EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship"/>
<basic:Rule xsi:type="saml:RegistrationAuthority"
registrars="https://incommon.org"/>
</afp:PolicyRequirementRule> |
| Tip | ||
|---|---|---|
| ||
Note that the registrars XML attribute in the preceding example takes a space-separated list of registrar IDs |
...
| , which is most flexible. You could easily expand your attribute release policy by adding other registrar IDs to the list. |
For more information about configuring an IdP for R&S, consult the R&S IdP Config topic in the wiki.
...
As long as there are IdPs that want to restrict attribute release to R&S SPs registered by InCommon, the legacy incommon.org R&S tag will remain in IdP metadata. Note well: From a global perspective, you do not support R&S unless you recognize the refeds.org R&S entity attribute value in SP metadata.
When should I migrate to global R&S, that is, when should I reconfigure my IdP to release attributes to all R&S SPs globally?
...
If you don’t want to release attributes to R&S SPs from other federations, don’t change your attribute release policy to recognize the refeds.org R&S entity attribute value. Simply continue to recognize the legacy incommon.org R&S entity attribute value as you do now, or better yet, reconfigure your IdP to release attributes to R&S SPs registered by InCommon without relying on the legacy incommon.org R&S tag.
If I don’t release attributes to global R&S SPs, why do I have to touch my IdP config at all?
...