...
The following example policy releases a bundle of attributes to any SP in the InCommon Federation by referencing the Name
attribute of on the EntitiesDescriptor
element in the InCommon metadata aggregate.
...
Note |
---|
Releasing attributes "to a federation" in this way assumes all of the SPs in the aggregate are equally trustworthy. If the aggregate corresponds to a single federation with adequate privacy controls, such a policy might be warranted. In other situations, it might be preferable to restrict the release release of attributes to SPs that meet certain requirements. One approach is to restrict attribute release to SPs possessing a particular entity attribute, as shown in the example below. attribute, as shown in the example below. |
Release the Essential Attribute Bundle to any SP Registered by InCommon
Contributed By: Tom Scavo, Internet2
Here's a default attribute release policy that releases a bundle of attributes to any SP registered by InCommon (as indicated by an entity attribute in SP metadata):
Expand | |||||
---|---|---|---|---|---|
| |||||
|
Release an Attribute Bundle Based on an Entity Attribute
...
The following example policy (v2.3.4 or later) releases a bundle of attributes to a Research & Scholarship Category SP in the InCommon Federation. Attribute release is based on an entity attribute in SP metadata, which is significantly easier to maintain than a policy based on entity IDs.
Expand | |||||
---|---|---|---|---|---|
| |||||
|
...
Like the previous example, the following policy (v2.4 or later) releases a bundle of attributes to a Research & Scholarship Category SP in the InCommon Federation. As before, attribute release depends on an entity an entity attribute in SP metadata, but in this case a given attribute is released only if there is a corresponding <md:RequestedAttribute>
element in SP metadata.
...