Differences

This shows you the differences between two versions of the page.

--- en:entity_attributes [2021/03/04 11:25] – Silke Meyer
+++ en:entity_attributes [2023/01/12 19:29] (current) – Wolfgang Pempe
@@ Line 1: / Line 1: @@
-FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)//
 ====== Entity Attributes ======
@@ Line 6: / Line 4: @@
 </callout>
-===== Degrees of Reliance of IdPs =====
-This Entity Attribute announces the [[en:degrees_of_reliance|Degree of Reliance]] of an Identity Provider.
-<file xml dfn-aai-idp-metadata.xml>
-  <md:EntityDescriptor entityID="https://idp.scc.kit.edu/idp/shibboleth">
-    <md:Extensions>
-      <mdrpi:RegistrationInfo registrationAuthority="https://www.aai.dfn.de" registrationInstant="2010-03-15T10:30:11Z">
-        <mdrpi:RegistrationPolicy xml:lang="en">https://www.aai.dfn.de/en/join/</mdrpi:RegistrationPolicy>
-        <mdrpi:RegistrationPolicy xml:lang="de">https://www.aai.dfn.de/teilnahme/</mdrpi:RegistrationPolicy>
-      </mdrpi:RegistrationInfo>
-      <mdattr:EntityAttributes>
-        <!-- ... -->
-        <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-          <saml:AttributeValue>advanced</saml:AttributeValue>
-        </saml:Attribute>
-      </mdattr:EntityAttributes>
-    </md:Extensions>
-</file>
 ===== Sirtfi =====
@@ Line 80: / Line 58: @@
 We have not implemented the Entity Category [[https://refeds.org/category/hide-from-discovery|Hide from Discovery]] in our metadata administration tool. IdPs thus cannot not it. However, SPs should be configured to support the EC (e.g. because of IdPs from other federations).
-==== Beispiele ====
+==== Examples ====
-Hier sehen Sie den Metadatenauszug eines Services Providers mit drei Entity Attributes: Er sagt CoCo-Compliance zu, bietet einen Dienst für kollaboratives Arbeiten in der Forschung o.ä. an und gehört zur Gruppe der Clarin-SPs.
+The following example shows an extract from SP metadata with three Entity Attributes: The SP commits to CoCo compliance, it offers a service for collaboration in research (or similar), and it belongs to the group of Clarin SPs.
 <file xml dfn-aai-sp-metadata.xml>
@@ Line 102: / Line 80: @@
 </file>
-Hier sehen Sie den Metadatenauszug eines Identity Providers: Er hat Attributfreigaben für Code of Conduct-getreue SPs konfiguriert und verpflichtet sich den Kriterien der Verlässlichkeitsklasse Advanced.
+The next example shows IdP metadata: The IdP releases attributes to CoCo compliant SPs.
 <file xml dfn-aai-metadata.xml>
@@ Line 114: / Line 92: @@
         <saml:Attribute Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
           <saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
-        </saml:Attribute>
-        <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-          <saml:AttributeValue>advanced</saml:AttributeValue>
         </saml:Attribute>
       </mdattr:EntityAttributes>
@@ Line 123: / Line 98: @@
 </file>
-===== Entity Categories in der DFN-AAI =====
+===== Entity Categories in DFN-AAI =====
-<callout color="#ff9900" title="Eigene Entity Category?"> Implementierungswünsche für weitere Entity Categories richten Sie bitte an [[hotline@aai.dfn.de|]]. </callout>
+<callout color="#ff9900" title="A custom Entity Category?"> You can request the implementation of custom Entity Categories at [[hotline@aai.dfn.de|]]. </callout>
-In der DFN-AAI kommen Entity Categories zum Einsatz, die z.B. nach Projektzugehörigkeit vergeben werden. Sie können anhand der IdP- und SP-seitigen Filtermechanismen dazu eingesetzt werden, sogenannte **virtuelle Subföderationen**  zu bilden, z.B. für bwIDM, Nds-AAI und die Virtuelle Hochschule Bayern. Folgende Kategorien werden derzeit vergeben:
+In DFN-AAI, there are more Entity Categories used to express the affiliation to projects. We call them **virtual subfederations** for projects like bwIDM, Nds-AAI, or Virtuelle Hochschule Bayern. Here is a list of the implemented Entity Categories:
   * [[http://aai.dfn.de/category/bwidm-member|http://aai.dfn.de/category/bwidm-member]]
@@ Line 140: / Line 115: @@
   * [[http://aai.dfn.de/category/vhb-member|http://aai.dfn.de/category/vhb-member]]
-Details hierzu finden sich auf einer [[:de:aai:entity_categories|separaten Übersichtsseite]].
+See the details [[:de:aai:entity_categories|here]] (in German).
-==== Beispiele (Metadaten) ====
+==== Examples (Metadata) ====
-Hier sehen Sie den Metadatenauszug eines SP, der am bwIdM-Verbund teilnimmt:
+This is the according metadata extract of an SP participating in bwIdM:
 <file xml dfn-aai-sp-metadata.xml>
@@ Line 162: / Line 137: @@
 </file>
-Hier sehen Sie den Metadatenauszug eines IdP, der am bwIdM-Verbund teilnimmt und sich der Verlässlichkeitsklasse Advanced zuordnet:
+The metadata of an IdP taking part in bwIdM:
 <file xml dfn-aai-metadata.xml>
@@ Line 174: / Line 149: @@
         <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
           <saml:AttributeValue>http://aai.dfn.de/category/bwidm-member</saml:AttributeValue>
-        </saml:Attribute>
-        <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-          <saml:AttributeValue>advanced</saml:AttributeValue>
         </saml:Attribute>
       </mdattr:EntityAttributes>
@@ Line 183: / Line 155: @@
 </file>
-Hier sehen Sie den Metadatenauszug eines IdP aus den eduGAIN-Metadaten (UK-Föderation), an dem sich Nutzer*innen selbst registrieren können:
+This extract shows metadata of an IdP from eduGAIN (from the UK federation) where users can self-register.
 <file xml dfn-aai-edugain+idp-metadata.xml>
@@ Line 201: / Line 173: @@
 </file>
-==== Beispiele (Filter) ====
+==== Examples (Filters) ====
-SP-seitige Whitelist, bei der die Metadaten, mit denen der SP arbeitet, auf IdPs aus dem bwIDM-Projekt beschränkt werden:
+This Shibboleth SP filters metadata to allow only IdPs from the bwIdM project:
 <file xml shibboleth2.xml>
 <MetadataProvider type="XML"
-     uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-metadata.xml"
+     uri="http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml"
      backingFilePath="dfn-aai-metadata.xml" reloadInterval="3600">
    <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" />
-   <MetadataFilter type="Whitelist" matcher="EntityAttributes">
+   <MetadataFilter type="Include" matcher="EntityAttributes">
          <saml:Attribute Name="http://macedir.org/entity-category"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
             <saml:AttributeValue>http://aai.dfn.de/category/bwidm-member</saml:AttributeValue>
         </saml:Attribute>
-   </MetadataFilter>
-   <MetadataFilter type="EntityRoleWhiteList">
-      <RetainedRole>md:IDPSSODescriptor</RetainedRole>
    </MetadataFilter>
 </MetadataProvider>
@@ Line 223: / Line 192: @@
 </file>
-SP-seitige Blacklist, bei der aus den Metadaten, mit denen der SP arbeitet, sog. Public IdPs / Self-Signup IdPs entfernt werden:
+This Shibboleth SP filters metadata to remove IdPs with self-registration:
 <file xml shibboleth2.xml>
 <MetadataProvider type="XML"
-     uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-edugain+idp-metadata.xml"
+     uri="http://www.aai.dfn.de/metadata/dfn-aai-edugain+idp-metadata.xml"
      backingFilePath="dfn-aai-edugain+idp-metadata.xml" reloadInterval="3600">
    <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" />
-   <MetadataFilter type="Blacklist" matcher="EntityAttributes">
+   <MetadataFilter type="Exclude" matcher="EntityAttributes">
          <saml:Attribute Name="http://macedir.org/entity-category"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
             <saml:AttributeValue>http://aai.dfn.de/category/public-idp</saml:AttributeValue>
         </saml:Attribute>
-   </MetadataFilter>
-   <MetadataFilter type="EntityRoleWhiteList">
-      <RetainedRole>md:IDPSSODescriptor</RetainedRole>
    </MetadataFilter>
 </MetadataProvider>
@@ Line 243: / Line 209: @@
 </file>
-SP-seitige Whitelist, bei der die Metadaten, mit denen der SP arbeitet, auf IdPs der [[:de:degrees_of_reliance|Verlässlichkeitsklasse]] "Advanced" beschränkt werden:
-<file xml shibboleth2.xml>
+This IdP filter policy releases a list of attributes to bwIDM Service Providers:
-<MetadataProvider type="XML"
-     uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-idp-metadata.xml"
-     backingFilePath="dfn-aai-idp-metadata.xml" reloadInterval="3600">
-   <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" />
-   <MetadataFilter type="Whitelist" matcher="EntityAttributes">
-         <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance"
-                   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-            <saml:AttributeValue>advanced</saml:AttributeValue>
-        </saml:Attribute>
-   </MetadataFilter>
-</MetadataProvider>
-</file>
-IdP: Attributfreigabe an bwIDM-SPs:
 <file xml attribute-filter.xml>
@@ Line 282: / Line 232: @@
 </file>
-Weitere Beispiele unter [[de:shibidp:config-attributes#haeufig_genutzt_service_provider|Attribut-Konfiguration]].
+Find more examples on the page about [[de:shibidp:config-attributes#haeufig_genutzt_service_provider|Attribute Configuration]] (in German).
-===== Referenzen =====
+===== References =====
-Weiterführende Informationen finden Sie im Shibboleth Wiki unter folgenden Links:
+For further reading, please consult the Shibboleth Wiki:
-  * **IdP - Attributfreigabe**
+  * **IdP - Attribute Release**
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/EntityAttributeExactMatchConfiguration|EntityAttributeExactMatch Configuration]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/EntityAttributeExactMatchConfiguration|EntityAttributeExactMatch Configuration]]
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/EntityAttributeRegexMatchConfiguration|EntityAttributeRegexMatch Configuration]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/EntityAttributeRegexMatchConfiguration|EntityAttributeRegexMatch Configuration]]
-  * **IdP - Relying Party Konfiguration**
+  * **IdP - Relying Party Configuration**
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/RelyingPartyConfiguration#RelyingPartyConfiguration-Overrides|RelyingParty Configuration - Overrides, (RelyingPartyByTag)]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/RelyingPartyConfiguration#RelyingPartyConfiguration-Overrides|RelyingParty Configuration - Overrides, (RelyingPartyByTag)]]
-  * **IdP - internes Tagging mit Entity Attributen**
+  * **IdP - internal tagging with Entity Attributes**
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/EntityAttributesFilter|Metadata - EntityAttributesFilter]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/EntityAttributesFilter|Metadata - EntityAttributesFilter]]
   * **SP - Metadata Filter (matcher="EntityAttributes")**
-      * [[https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-WhitelistMetadataFilter|Whitelist MetadataFilter]]
+      * [[https://wiki.shibboleth.net/confluence/display/SP3/IncludeMetadataFilter|IncludeMetadataFilter]]
-      * [[https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-BlacklistMetadataFilter|Blacklist MetadataFilter]]
+      * [[https://wiki.shibboleth.net/confluence/display/SP3/ExcludeMetadataFilter|Exclude MetadataFilter]]
-  * **SP - internes Tagging mit Entity Attributen**
+  * **SP - internal tagging with Entity Attributes**
-      * [[https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-EntityAttributesMetadataFilter(Version2.5andAbove)|Entity Attributes Metadata Filter]]
+      * [[https://wiki.shibboleth.net/confluence/display/SP3/EntityAttributesMetadataFilter|Entity Attributes Metadata Filter]]
 {{tag>entity-category entity-attribute}}

entity-category entity-attribute