From f4572ed28c9b84d01c95ec7296dacc1f0b031d26 Mon Sep 17 00:00:00 2001 From: ndk Date: Tue, 27 Apr 2004 15:43:44 +0000 Subject: [PATCH] no longer needed in ARP's for 1.2 targets. git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1020 ab3bd59b-922f-494d-bb5f-6f0a3c29deca --- doc/DEPLOY-GUIDE-ORIGIN.html | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/doc/DEPLOY-GUIDE-ORIGIN.html b/doc/DEPLOY-GUIDE-ORIGIN.html index 41ef8e9..7f2f1c9 100644 --- a/doc/DEPLOY-GUIDE-ORIGIN.html +++ b/doc/DEPLOY-GUIDE-ORIGIN.html @@ -1732,9 +1732,9 @@ resolverConfig="pathname"> which the target definition is formed. The Attribute elements specifies the name and values of the attributes that may be released.

-

The simplest possible ARP is as follows, which releases - eduPersonScopedAffiliation to any target - for the users the ARP applies to:

+

The simplest possible ARP is as follows, which releases eduPersonScopedAffiliation to the given providerId for the users the ARP applies to:

<?xml version="1.0"?>
<AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" @@ -1746,7 +1746,7 @@ resolverConfig="pathname">                  <Target>
                    -      <AnyTarget/>
+      <Requester>providerId</Requester>
                 </Target>
                 @@ -1765,15 +1765,21 @@ resolverConfig="pathname"> sub-populated follows:

The Target element:

-

Target may contain either the +

Target operates differently when releasing to 1.2 or 1.1 targets. When releasing to 1.2 targets, this must only contain one Resource element, which contains the providerId for requests this ARP will relate to. For 1.1, this may contain either the AnyTarget element, which will cause the Target to always return TRUE, or both the Requester element, which provides for - matches to be performed against the SHAR name for 1.1 targets or the providerId for 1.2 targets, and the + matches to be performed against the SHAR name for 1.1 targets, as compared to providerId for 1.2 targets, and the Resource element, which provides for matches to be performed against the requested URL.

-

When going against 1.1 targets, the Resource element will refer to individual URL trees protected by a given SHAR. However, due to the nature of application identifiers, the Resource element has no meaning when releasing to 1.2 targets. These will always function as though <AnyResource/> is specified.

+

When going against 1.1 targets, the Resource element will refer to individual URL trees + protected by a given SHAR. However, due to the nature of application + identifiers, the Resource element has no + meaning when releasing to 1.2 targets. These will always function as + though <AnyResource/> and <AnyTarget/> are specified.

There are three matches that may be performed by the AA in evaluating ARP's by using the matchFunction component of the Requester and -- 1.7.10.4