95 | | If a campus determines that it wants to block release of attributes for certain community members (e.g., students who have opted out under FERPA), !IdP operators could create an additional attribute release policy to enforce this decision. An example is available on the Shibboleth wiki. IdP plugins, such as uApprove, that provide end-user control over attribute release may also be useful to satisfy additional controls. |
| 95 | If a campus determines that it wants to block release of attributes for certain community members (e.g., students who have opted out under FERPA), IdP operators could create an additional attribute release policy to enforce this decision. An example is available on the Shibboleth wiki. IdP plugins, such as uApprove, that provide end-user control over attribute release may also be useful to satisfy additional controls. |
| 96 | |
| 97 | == !InCommon tool to convert metadata for R&S release for IdP v.<2.3.5 == |
| 98 | |
| 99 | {{{ |
| 100 | <xsl:template match="md:EntitiesDescriptor"> |
| 101 | <AttributeFilterPolicyGroup id="InCommonRSPolicy" xmlns="urn:mace:shibboleth:2.0:afp" |
| 102 | xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" |
| 103 | xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" |
| 104 | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| 105 | xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd |
| 106 | urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd |
| 107 | urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd"> |
| 108 | |
| 109 | <AttributeFilterPolicy id="releaseToRandS"> |
| 110 | <PolicyRequirementRule xsi:type="basic:OR"> |
| 111 | <xsl:apply-templates/> |
| 112 | </PolicyRequirementRule> |
| 113 | |
| 114 | <AttributeRule attributeID="eduPersonScopedAffiliation"> |
| 115 | <PermitValueRule xsi:type="basic:ANY"/> |
| 116 | </AttributeRule> |
| 117 | <AttributeRule attributeID="eduPersonTargetedID"> |
| 118 | <PermitValueRule xsi:type="basic:ANY"/> |
| 119 | </AttributeRule> |
| 120 | <AttributeRule attributeID="eduPersonPrincipalName"> |
| 121 | <PermitValueRule xsi:type="basic:ANY"/> |
| 122 | </AttributeRule> |
| 123 | <AttributeRule attributeID="mail"> |
| 124 | <PermitValueRule xsi:type="basic:ANY"/> |
| 125 | </AttributeRule> |
| 126 | <AttributeRule attributeID="displayName"> |
| 127 | <PermitValueRule xsi:type="basic:ANY"/> |
| 128 | </AttributeRule> |
| 129 | <AttributeRule attributeID="givenName"> |
| 130 | <PermitValueRule xsi:type="basic:ANY"/> |
| 131 | </AttributeRule> |
| 132 | <AttributeRule attributeID="sn"> |
| 133 | <PermitValueRule xsi:type="basic:ANY"/> |
| 134 | </AttributeRule> |
| 135 | </AttributeFilterPolicy> |
| 136 | |
| 137 | </AttributeFilterPolicyGroup> |
| 138 | </xsl:template> |
| 139 | |
| 140 | </xsl:stylesheet> |
| 141 | }}} |