You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Detta är förslag på entrys i attribute-filter.xml som implementerar regler för hantering av attribut baserat på tjänstekategorier. Implementation sker på egen risk.

SFS 1993:1153

<AttributeFilterPolicy id="entity-category-sfs-1993-1153">
   <PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
                          attributeName="http://macedir.org/entity-category"
                          attributeValue="http://www.swamid.se/category/sfs-1993-1153"/>
      <AttributeRule attributeID="norEduPersonNIN">
         <PermitValueRule xsi:type="basic:ANY" />
      </AttributeRule>
</AttributeFilterPolicy>

Research and Education

<AttributeFilterPolicy id="entity-category-research-and-education">
   <PolicyRequirementRule xsi:type="basic:AND">
      <basic:Rule xsi:type="basic:OR">
         <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
                     attributeName="http://macedir.org/entity-category"
                     attributeValue="http://www.swamid.se/category/eu-adequate-protection"/>
         <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
                     attributeName="http://macedir.org/entity-category"
                     attributeValue="http://www.swamid.se/category/nren-service"/>
         <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
                     attributeName="http://macedir.org/entity-category"
                     attributeValue="http://www.swamid.se/category/hei-service"/>
      </basic:Rule>
      <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
                  attributeName="http://macedir.org/entity-category"
                  attributeValue="http://www.swamid.se/category/research-and-education"/>
  </PolicyRequirementRule>
  <AttributeRule attributeID="givenName">
     <PermitValueRule xsi:type="basic:ANY" />
  </AttributeRule>
  <AttributeRule attributeID="surname">
     <PermitValueRule xsi:type="basic:ANY" />
  </AttributeRule>
  <AttributeRule attributeID="displayName">
     <PermitValueRule xsi:type="basic:ANY" />
  </AttributeRule>
  <AttributeRule attributeID="commonName">
     <PermitValueRule xsi:type="basic:ANY" />
  </AttributeRule>
  <AttributeRule attributeID="eduPersonPrincipalName">
     <PermitValueRule xsi:type="basic:ANY" />
  </AttributeRule>
  <AttributeRule attributeID="email">
     <PermitValueRule xsi:type="basic:ANY" />
  </AttributeRule>
  <AttributeRule attributeID="eduPersonScopedAffiliation">
     <PermitValueRule xsi:type="basic:OR">
        <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />
        <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />
     </PermitValueRule>
  </AttributeRule>
</AttributeFilterPolicy>
  • No labels