initial InCommon ref config for 4.0

docker · Feb 7, 2020 · 620c9cf · 620c9cf
1 parent 1f3d90b
commit 620c9cf
Show file tree

Hide file tree

Showing 4 changed files with 376 additions and 58 deletions.
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
@@ -18,6 +18,7 @@
     Example rule relying on a locally applied tag in metadata to trigger attribute
     release of some specific attributes. Add additional attributes as desired.
     -->
+<!--
 	<AttributeFilterPolicy id="Per-Attribute-singleValued">
 	    <PolicyRequirementRule xsi:type="ANY" />
 	 
@@ -35,10 +36,12 @@
 	            attributeValue="mail" />
 	    </AttributeRule>
 	</AttributeFilterPolicy>
+-->
 
     <!--
     Same as above but more efficient form for an attribute with multiple values.
     -->
+<!--
     <AttributeFilterPolicy id="Per-Attribute-Affiliation">
         <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
@@ -47,11 +50,13 @@
      
         <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
     </AttributeFilterPolicy>
+-->
 
     <!--
     Example rule for honoring Subject ID requirement tag in metadata.
     The example supplies pairwise-id if subject-id isn't explicitly required.
     -->
+<!--
     <AttributeFilterPolicy id="subject-identifiers">
         <PolicyRequirementRule xsi:type="ANY" />
 
@@ -75,22 +80,77 @@
                 attributeValue="subject-id" />
         </AttributeRule>
     </AttributeFilterPolicy>
+-->
 
     <!-- Release an additional attribute to an SP. -->
+<!--
     <AttributeFilterPolicy id="example1">
         <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
 
         <AttributeRule attributeID="uid" permitAny="true" />
     </AttributeFilterPolicy>
+-->
 
     <!-- Release eduPersonScopedAffiliation to two specific SPs. -->
+<!--
     <AttributeFilterPolicy id="example2">
         <PolicyRequirementRule xsi:type="OR">
             <Rule xsi:type="Requester" value="https://sp.example.org" />
             <Rule xsi:type="Requester" value="https://another.example.org/shibboleth" />
         </PolicyRequirementRule>
-
         <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
     </AttributeFilterPolicy>
-
+-->
+
+    <!-- Attribute release for all SPs (global) tagged as 'Research and Scholarship' -->
+    <AttributeFilterPolicy id="releaseRandSAttributeBundle">
+        <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+                        attributeName="http://macedir.org/entity-category"
+                        attributeValue="http://refeds.org/category/research-and-scholarship"/>
+        <AttributeRule attributeID="eduPersonPrincipalName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="eduPersonScopedAffiliation">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="givenName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="surname">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="displayName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="mail">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+    </AttributeFilterPolicy>
+
+    <!-- Attribute release for all InCommon SPs -->
+    <AttributeFilterPolicy id="releaseToInCommon">
+        <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+                        attributeName="http://macedir.org/entity-category"
+                        attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
+        <AttributeRule attributeID="eduPersonPrincipalName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="eduPersonScopedAffiliation">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="givenName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="surname">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="displayName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="mail">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+    </AttributeFilterPolicy>
+
+
 </AttributeFilterPolicyGroup>