Changes between Version 4 and Version 5 of R&Ssupport
- Timestamp:
- 07/09/12 16:55:08 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
R&Ssupport
v4 v5 21 21 The following configuration requires Shibboleth IdP v2.3.5 or later, which fully supports using entity attributes in SP metadata as part of an attribute release filter policy. 22 22 23 Configure a new < AttributeFilterPolicy> element for R&S SPs.This example releases all of the R&S attributes; a campus should customize as appropriate (e.g., changing the attributeID values).23 Configure a new <!AttributeFilterPolicy> element for R&S SPs.This example releases all of the R&S attributes; a campus should customize as appropriate (e.g., changing the attributeID values). 24 24 25 25 {{{ … … 90 90 91 91 == IdP Previous to v2.3.5 == 92 These releases do not correctly support using entity attributes in SP metadata as part of an attribute release filter policy. For IdPs prior to v2.3.5, InCommon provides a tool that can be run on a regular basis to convert InCommon metadata into an explicit <AttributeFilterPolicy> element for R&S SPs.92 These releases do not correctly support using entity attributes in SP metadata as part of an attribute release filter policy. For IdPs prior to v2.3.5, !InCommon provides a tool that can be run on a regular basis to convert !InCommon metadata into an explicit <!AttributeFilterPolicy> element for R&S SPs. 93 93 94 94 == Further Policy Controls == 95 If a campus determines that it wants to block release of attributes for certain community members (e.g., students who have opted out under FERPA), IdP operators could create an additional attribute release policy to enforce this decision. An example is available on the Shibboleth wiki. IdP plugins, such as uApprove, that provide end-user control over attribute release may also be useful to satisfy additional controls.95 If a campus determines that it wants to block release of attributes for certain community members (e.g., students who have opted out under FERPA), !IdP operators could create an additional attribute release policy to enforce this decision. An example is available on the Shibboleth wiki. IdP plugins, such as uApprove, that provide end-user control over attribute release may also be useful to satisfy additional controls.