Freigabe der wichtigsten Attribute für CLARIN-SPs

(zur Übersicht Attributfreigaben)

• Liste der Dienste unter http://clarin.eu/content/easy-access-protected-resources
• Test-SP unter https://lindat.mff.cuni.cz/secure/
• Konfiguration der eduPersonTargetedID

/opt/shibboleth-idp/conf/attribute-filter.xml

    <AttributeFilterPolicy id="releaseEverythingToClarin">
        <PolicyRequirementRule xsi:type="AND">
           <Rule xsi:type="EntityAttributeExactMatch"
                 attributeName="http://macedir.org/entity-category"
                 attributeValue="http://clarin.eu/category/clarin-member" />
           <!--
               wer sichergehen will, dass nur SPs bedient werden, die europäischen 
               Datenschutzrichtlinien genügen, nimmt noch den Code-of-Conduct dazu
               (https://doku.tid.dfn.de/de:geant_coco)
           -->
           <Rule xsi:type="EntityAttributeExactMatch"
                 attributeName="http://macedir.org/entity-category"
                 attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
        </PolicyRequirementRule>
 
        <AttributeRule attributeID="eduPersonAffiliation">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <!-- entweder eduPersonPrincipalName *oder* eduPersonTargetedID-->
        <AttributeRule attributeID="eduPersonPrincipalName">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <AttributeRule attributeID="eduPersonTargetedID">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <AttributeRule attributeID="sn">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <!-- einige SPs verlangen 'cn', andere 'displayName' -->
 
        <AttributeRule attributeID="cn">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <AttributeRule attributeID="displayName">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <AttributeRule attributeID="mail">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <!-- einige SPs verlangen 'o', andere 'schacHomeOrganization' -->
 
        <AttributeRule attributeID="o">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <AttributeRule attributeID="schacHomeOrganization">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
        <AttributeRule attributeID="schacHomeOrganizationType">
           <PermitValueRule xsi:type="AttributeInMetadata"/>
        </AttributeRule>
 
</AttributeFilterPolicy>