Replace import whitelist with Phase 1 selection criterion.

Identity providers marked as supporting REFEDS R&S, described as an XPath expression.
internet2 · May 28, 2015 · cf0bbc9 · cf0bbc9
1 parent 17293d3
commit cf0bbc9
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 40 deletions.
diff --git a/mdx/incommon/edugain-policy.xml b/mdx/incommon/edugain-policy.xml
@@ -9,11 +9,6 @@
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
 
-    <!--
-        Import entity whitelist.
-    -->
-    <import resource="classpath:incommon/import-whitelist.xml"/>
-
     <!--
         edugainPolicy
 
@@ -47,11 +42,25 @@
                     <property name="whitelistingRegistrationAuthorities" value="false"/>
                 </bean>
 
-                <!-- Remove all but the entities we want to import. -->
-                <bean id="applyEntityWhitelist" parent="EntityFilterStage"
-                    p:id="applyEntityWhitelist"
-                    p:whitelistingEntities="true"
-                    p:designatedEntities-ref="incommon_edugain_import_whitelist"/>
+                <!--
+                    Remove all but those eduGAIN entities we intend to import in this
+                    phase of the roadmap.
+
+                    Phase 1: import only IdPs that support global R&S.
+                -->
+                <bean p:id="selectEntities" parent="XPathFilteringStage"
+                    p:XPathExpression="not(/md:EntityDescriptor
+                        [md:IDPSSODescriptor]
+                        [md:Extensions
+                            /mdattr:EntityAttributes
+                            /saml:Attribute
+                                [@NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri']
+                                [@Name = 'http://macedir.org/entity-category-support']
+                            /saml:AttributeValue
+                                [. = 'http://refeds.org/category/research-and-scholarship']
+                        ]
+                    )"
+                />
 
                 <!-- Filter the entity attributes imported from eduGAIN. -->
                 <bean parent="EntityAttributeFilteringStage" p:id="entityAttributes">

diff --git a/mdx/incommon/import-whitelist.xml b/mdx/incommon/import-whitelist.xml