Child pages
  • Anonymous Authorization

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

The Anonymous Authorization Entity Category can be found on the REFEDS website and text from the website should be used as the authoritative source: https://refeds.org/category/anonymous.

Table of Contents

Implementation Guidance

Relationship to other Entity Categories

...

Code Block
<AttributeFilterPolicy id="refedsAnonymousAuthorizationCategoryTemplate"> 
  <PolicyRequirementRule xsi:type="Requester"
      value="https://sp.example.org"/>
Code Block


  <!-- In this example, the IdP by default releases ePPN and ePTID. 
       This configuration overrides those defaults and blocks 
       their release. -->
  <AttributeRule attributeID="eduPersonPrincipalName">
    <DenyValueRule xsi:type="ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="eduPersonTargetedID">
    <DenyValueRule xsi:type="ANY"/>
  </AttributeRule> 
Code Block


<!-- Release attributes defined in the Anonymous Authorization 
      category --> 
  <AttributeRule attributeID="eduPersonScopedAffiliation">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule> 
  <AttributeRule attributeID="eduPersonOrgDN">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>
Code Block


<!-- Release entitlement values defined by MACE-DIR as well as those   
       specific to example.org’s demo service -->
  <AttributeRule attributeID="eduPersonEntitlement">
    <PermitValueRule xsi:type="OR">
      <Rule xsi:type="ValueRegex"          
            regex="^urn:mace:example.org:demoservice:.*$" />
      <Rule xsi:type="ValueRegex" 
            regex="^urn:mace:dir:entitlement:.*$" />
    </PermitValueRule>
  </AttributeRule>
</AttributeFilterPolicy>

...