...
Info |
---|
The Anonymous Authorization Entity Category can be found on the REFEDS website and text from the website should be used as the authoritative source: https://refeds.org/category/anonymous. |
Table of Contents
Implementation Guidance
Relationship to other Entity Categories
...
Code Block |
---|
<AttributeFilterPolicy id="refedsAnonymousAuthorizationCategoryTemplate"> <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org"/> |
Code Block |
<!-- In this example, the IdP by default releases ePPN and ePTID.
This configuration overrides those defaults and blocks
their release. -->
<AttributeRule attributeID="eduPersonPrincipalName">
<DenyValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedID">
<DenyValueRule xsi:type="ANY"/>
</AttributeRule> |
Code Block |
<!-- Release attributes defined in the Anonymous Authorization
category -->
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonOrgDN">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule> |
Code Block |
<!-- Release entitlement values defined by MACE-DIR as well as those
specific to example.org’s demo service -->
<AttributeRule attributeID="eduPersonEntitlement">
<PermitValueRule xsi:type="OR">
<Rule xsi:type="ValueRegex"
regex="^urn:mace:example.org:demoservice:.*$" />
<Rule xsi:type="ValueRegex"
regex="^urn:mace:dir:entitlement:.*$" />
</PermitValueRule>
</AttributeRule>
</AttributeFilterPolicy> |
...