Add support for IdPs asserting CoCo v2 entity category support

See ukf/ukf-meta#359 for details
InCommon · Apr 26, 2023 · b45569e · b45569e
1 parent ae2b5df
commit b45569e
Showing 3 changed files with 63 additions and 0 deletions.
diff --git a/mdx/_rules/check_coco_v2_support.xsl b/mdx/_rules/check_coco_v2_support.xsl
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    check_coco_v2_support.xsl
+
+    Checking ruleset containing rules associated with the REFEDS
+    Data Protection Code of Conduct Entity Category category support, see:
+
+    https://refeds.org/category/code-of-conduct/v2
+
+    This ruleset reflects v2.0 published 28th March 2022
+
+-->
+<xsl:stylesheet version="1.0"
+    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+    <!--
+        Common support functions.
+    -->
+    <xsl:import href="check_framework.xsl"/>
+
+    <!--
+        Entity support category applies only to identity providers.
+    -->
+    <xsl:template match="md:EntityDescriptor
+        [
+            md:Extensions/mdattr:EntityAttributes/saml:Attribute
+                [@NameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:uri']
+                [@Name='http://macedir.org/entity-category-support']
+                /saml:AttributeValue[.='https://refeds.org/category/code-of-conduct/v2']
+        ]
+        [not(md:IDPSSODescriptor)]">
+        <xsl:call-template name="error">
+            <xsl:with-param name="m">REFEDS Data Protection Code of Conduct support only applies to identity provider entities</xsl:with-param>
+        </xsl:call-template>
+    </xsl:template>
+
+</xsl:stylesheet>
diff --git a/mdx/uk/check_uk_mdattr.xsl b/mdx/uk/check_uk_mdattr.xsl
@@ -98,6 +98,7 @@
         /saml:AttributeValue
         [. != 'http://refeds.org/category/research-and-scholarship']
         [. != 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1']
+        [. != 'https://refeds.org/category/code-of-conduct/v2']
         ">
         <xsl:call-template name="error">
             <xsl:with-param name="m">

diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml
@@ -289,6 +289,25 @@
         </property>
     </bean>
 
+    <!--
+        ******************************************************************
+        ***                                                            ***
+        ***   R E F E D S   C o C o   v2   S P E C I F I C A T I O N   ***
+        ***                                                            ***
+        ******************************************************************
+    -->
+
+    <bean id="check_coco_v2_support" parent="mda.XSLValidationStage"
+        p:XSLResource="classpath:_rules/check_coco_v2_support.xsl"/>
+
+    <bean id="check_coco_v2" parent="mda.CompositeStage">
+        <property name="composedStages">
+            <list>
+                <ref bean="check_coco_v2_support"/>
+            </list>
+        </property>
+    </bean>
+
 
     <!--
         ***********************************************************
@@ -658,6 +677,7 @@
                 <ref bean="check_mdui"/>
                 <ref bean="check_misc"/>
                 <ref bean="check_rands"/>
+                <ref bean="check_coco_v2"/>
                 <ref bean="check_reqattr"/>
                 <ref bean="check_saml1"/>
                 <ref bean="check_saml2"/>