Versions Compared

Old Version 4

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The RegistrationAuthority type is a PolicyRule that returns true if the entity is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority XML attribute value on the <mdrpi:RegistrationInfo> element (if any).

...

The RegistrationAuthority type is defined by defined in the urn:mace:shibboleth:2.0:afp  namespace, the schema , for which is located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd.Prior to release 3.2.0 the 

The deprecated saml:RegistrationAuthority type is defined by defined in the urn:mace:shibboleth:2.0:afp:mf:saml  namespace, the schema , for which is located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd.

Use of that namespace is deprecated, but is supported.

Attributes

One attribute must be specified:

  • registrars : a
    •  A required attribute that specifies a space-separated list of registrar IDs

Child Elements

None

Example

Apply this rule if the SP is a REFEDS Research & Scholarship service registered by MyFederation with the given registrar ID:

Code Block
languagexml
<PolicyRequirementRule xsi:type="AND">
  <Rule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <Rule xsi:type="RegistrationAuthority" registrars="http://my.federation.org"/>
</PolicyRequirementRule>

...