Changes between Version 5 and Version 6 of R&Ssupport


Ignore:
Timestamp:
07/09/12 17:27:07 (12 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • R&Ssupport

    v5 v6  
    9090 
    9191== IdP Previous to v2.3.5 == 
    92 These releases do not correctly support using entity attributes in SP metadata as part of an attribute release filter policy. For IdPs prior to v2.3.5, !InCommon provides a tool that can be run on a regular basis to convert !InCommon metadata into an explicit <!AttributeFilterPolicy> element for R&S SPs. 
     92These releases do not correctly support using entity attributes in SP metadata as part of an attribute release filter policy. For !IdPs prior to v2.3.5, !InCommon provides a tool [copied below] that can be run on a regular basis to convert !InCommon metadata into an explicit <!AttributeFilterPolicy> element for R&S SPs. 
    9393 
    9494== Further Policy Controls == 
    95 If a campus determines that it wants to block release of attributes for certain community members (e.g., students who have opted out under FERPA), !IdP operators could create an additional attribute release policy to enforce this decision. An example is available on the Shibboleth wiki. IdP plugins, such as uApprove, that provide end-user control over attribute release may also be useful to satisfy additional controls. 
     95If a campus determines that it wants to block release of attributes for certain community members (e.g., students who have opted out under FERPA), IdP operators could create an additional attribute release policy to enforce this decision. An example is available on the Shibboleth wiki. IdP plugins, such as uApprove, that provide end-user control over attribute release may also be useful to satisfy additional controls. 
     96 
     97== !InCommon tool to convert metadata for R&S release for IdP v.<2.3.5 == 
     98 
     99{{{ 
     100    <xsl:template match="md:EntitiesDescriptor"> 
     101<AttributeFilterPolicyGroup id="InCommonRSPolicy" xmlns="urn:mace:shibboleth:2.0:afp" 
     102                            xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"  
     103                            xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" 
     104                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     105                            xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd 
     106                                                urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd 
     107                                                urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd"> 
     108 
     109    <AttributeFilterPolicy id="releaseToRandS"> 
     110        <PolicyRequirementRule xsi:type="basic:OR"> 
     111            <xsl:apply-templates/> 
     112        </PolicyRequirementRule> 
     113 
     114        <AttributeRule attributeID="eduPersonScopedAffiliation"> 
     115            <PermitValueRule xsi:type="basic:ANY"/> 
     116        </AttributeRule> 
     117        <AttributeRule attributeID="eduPersonTargetedID"> 
     118            <PermitValueRule xsi:type="basic:ANY"/> 
     119        </AttributeRule> 
     120        <AttributeRule attributeID="eduPersonPrincipalName"> 
     121            <PermitValueRule xsi:type="basic:ANY"/> 
     122        </AttributeRule> 
     123        <AttributeRule attributeID="mail"> 
     124            <PermitValueRule xsi:type="basic:ANY"/> 
     125        </AttributeRule> 
     126        <AttributeRule attributeID="displayName"> 
     127            <PermitValueRule xsi:type="basic:ANY"/> 
     128        </AttributeRule> 
     129        <AttributeRule attributeID="givenName"> 
     130            <PermitValueRule xsi:type="basic:ANY"/> 
     131        </AttributeRule> 
     132        <AttributeRule attributeID="sn"> 
     133            <PermitValueRule xsi:type="basic:ANY"/> 
     134        </AttributeRule> 
     135    </AttributeFilterPolicy> 
     136 
     137</AttributeFilterPolicyGroup> 
     138    </xsl:template> 
     139 
     140</xsl:stylesheet> 
     141}}}