The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.
The <AccessControl> element is the root of an XML-based access control policy that prevents access to a resource unless the user's session satisfies the policy. It's a simple, boolean-capable language provided as an example of how to implement an access control plugin.
The example above would enforce a policy that allows only Ohio State faculty or students, other than a single blacklisted person, if they have authenticated with a password or a time-synchronized token.
If you are using the AccessControl element in an external file outside of shibboleth2.xml, you may have to add the "type" attribute shown below.