Detta är förslag på entrys i attribute-filter.xml som implementerar regler för hantering av attribut baserat på tjänstekategorier. Funktionen är testad för Shibboleth IdP.
SFS 1993:1153
<AttributeFilterPolicy id="entity-category-sfs-1993-1153"> <PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/sfs-1993-1153"/> <AttributeRule attributeID="norEduPersonNIN"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> </AttributeFilterPolicy>
Research and Education
<AttributeFilterPolicy id="entity-category-research-and-education"> <PolicyRequirementRule xsi:type="basic:AND"> <basic:Rule xsi:type="basic:OR"> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/eu-adequate-protection"/> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/nren-service"/> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/hei-service"/> </basic:Rule> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/research-and-education"/> </PolicyRequirementRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="surname"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="commonName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="basic:OR"> <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" /> <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" /> </PermitValueRule> </AttributeRule> </AttributeFilterPolicy>