polish up default configs for alpha release
[java-idp.git] / resources / conf / attribute-filter.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" 
4                             xmlns="urn:mace:shibboleth:2.0:afp"
5                             xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
6                             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
7                             xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
8                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
9
10     <!-- 
11         Release the principal, which is used as our SAML 1 & 2 name identifiers to anyone.
12     -->
13     <AttributeFilterPolicy id="releasePrincipalToAnyone">
14         <PolicyRequirementRule xsi:type="basic:ANY" />
15         
16         <AttributeRule attributeID="principalName">
17             <PermitValueRule xsi:type="basic:ANY" />
18         </AttributeRule>
19         
20     </AttributeFilterPolicy>
21     
22
23     <!-- 
24           Releases to anyone:
25             * any value of uid
26             * only the member value of affiliation
27     -->
28     <!--
29     <AttributeFilterPolicy id="releaseToAnyone">
30         <PolicyRequirementRule xsi:type="basic:ANY" />
31         
32         <AttributeRule attributeID="uid">
33             <PermitValueRule xsi:type="basic:ANY" />
34         </AttributeRule>
35         
36         <AttributeRule attributeID="affiliation">
37             <PermitValueRule value="member"
38                              xsi:type="basic:AttributeValueString"/>
39         </AttributeRule>
40         
41     </AttributeFilterPolicy>
42     -->
43     
44     
45     <!-- 
46           Releases to only SP 1:
47             * any value of uid
48             * scoped primary affiliation if the scope is the IdP 1 and the value is staff, faculty, or student
49             * any value of affiliation
50             * any value of full name
51     -->
52     <!--
53     <AttributeFilterPolicy id="releaseToSP1">
54         <PolicyRequirementRule value="urn:example.org:myFederation:sp1" 
55                                xsi:type="basic:AttributeRequesterString" />
56         
57         <AttributeRule attributeID="uid">
58             <PermitValueRule xsi:type="basic:ANY" />
59         </AttributeRule>
60         
61         <AttributeRule attributeID="scopedPrimaryAffiliation">
62             <PermitValueRule xsi:type="basic:AND">
63                 <basic:Rule value="urn:example.org:myFederation:idp1" 
64                             xsi:type="AttributeScopeString" />
65                 <basic:Rule xsi:type="basic:OR">
66                     <basic:Rule value="staff"
67                                 xsi:type="AttributeValueString" />
68                     <basic:Rule value="faculty"
69                                 xsi:type="AttributeValueString" />
70                     <basic:Rule value="student"
71                                 xsi:type="AttributeValueString" />
72                 </basic:Rule>
73             </PermitValueRule>
74         </AttributeRule>
75         
76         <AttributeRule attributeID="affiliation">
77             <PermitValueRule xsi:type="basic:ANY" />
78         </AttributeRule>
79         
80         <AttributeRule attributeID="fullName">
81             <PermitValueRule xsi:type="basic:ANY" />
82         </AttributeRule>
83         
84     </AttributeFilterPolicy>
85     -->
86     
87 </AttributeFilterPolicyGroup>