Differences

This shows you the differences between two versions of the page.

--- en:entity_attributes [2021/03/04 11:45] – [Entity Categories in der DFN-AAI] Silke Meyer
+++ en:entity_attributes [2023/01/12 19:29] (current) – Wolfgang Pempe
@@ Line 1: / Line 1: @@
-FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)//
 ====== Entity Attributes ======
@@ Line 6: / Line 4: @@
 </callout>
-===== Degrees of Reliance of IdPs =====
-This Entity Attribute announces the [[en:degrees_of_reliance|Degree of Reliance]] of an Identity Provider.
-<file xml dfn-aai-idp-metadata.xml>
-  <md:EntityDescriptor entityID="https://idp.scc.kit.edu/idp/shibboleth">
-    <md:Extensions>
-      <mdrpi:RegistrationInfo registrationAuthority="https://www.aai.dfn.de" registrationInstant="2010-03-15T10:30:11Z">
-        <mdrpi:RegistrationPolicy xml:lang="en">https://www.aai.dfn.de/en/join/</mdrpi:RegistrationPolicy>
-        <mdrpi:RegistrationPolicy xml:lang="de">https://www.aai.dfn.de/teilnahme/</mdrpi:RegistrationPolicy>
-      </mdrpi:RegistrationInfo>
-      <mdattr:EntityAttributes>
-        <!-- ... -->
-        <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-          <saml:AttributeValue>advanced</saml:AttributeValue>
-        </saml:Attribute>
-      </mdattr:EntityAttributes>
-    </md:Extensions>
-</file>
 ===== Sirtfi =====
@@ Line 102: / Line 80: @@
 </file>
-The next example shows IdP metadata: The IdP releases attributes to CoCo compliant SPs, and it commits to the degree of reliance "Advanced".
+The next example shows IdP metadata: The IdP releases attributes to CoCo compliant SPs.
 <file xml dfn-aai-metadata.xml>
@@ Line 114: / Line 92: @@
         <saml:Attribute Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
           <saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
-        </saml:Attribute>
-        <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-          <saml:AttributeValue>advanced</saml:AttributeValue>
         </saml:Attribute>
       </mdattr:EntityAttributes>
@@ Line 142: / Line 117: @@
 See the details [[:de:aai:entity_categories|here]] (in German).
-==== Beispiele (Metadaten) ====
+==== Examples (Metadata) ====
-Hier sehen Sie den Metadatenauszug eines SP, der am bwIdM-Verbund teilnimmt:
+This is the according metadata extract of an SP participating in bwIdM:
 <file xml dfn-aai-sp-metadata.xml>
@@ Line 162: / Line 137: @@
 </file>
-Hier sehen Sie den Metadatenauszug eines IdP, der am bwIdM-Verbund teilnimmt und sich der Verlässlichkeitsklasse Advanced zuordnet:
+The metadata of an IdP taking part in bwIdM:
 <file xml dfn-aai-metadata.xml>
@@ Line 174: / Line 149: @@
         <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
           <saml:AttributeValue>http://aai.dfn.de/category/bwidm-member</saml:AttributeValue>
-        </saml:Attribute>
-        <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-          <saml:AttributeValue>advanced</saml:AttributeValue>
         </saml:Attribute>
       </mdattr:EntityAttributes>
@@ Line 183: / Line 155: @@
 </file>
-Hier sehen Sie den Metadatenauszug eines IdP aus den eduGAIN-Metadaten (UK-Föderation), an dem sich Nutzer*innen selbst registrieren können:
+This extract shows metadata of an IdP from eduGAIN (from the UK federation) where users can self-register.
 <file xml dfn-aai-edugain+idp-metadata.xml>
@@ Line 201: / Line 173: @@
 </file>
-==== Beispiele (Filter) ====
+==== Examples (Filters) ====
-SP-seitige Whitelist, bei der die Metadaten, mit denen der SP arbeitet, auf IdPs aus dem bwIDM-Projekt beschränkt werden:
+This Shibboleth SP filters metadata to allow only IdPs from the bwIdM project:
 <file xml shibboleth2.xml>
 <MetadataProvider type="XML"
-     uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-metadata.xml"
+     uri="http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml"
      backingFilePath="dfn-aai-metadata.xml" reloadInterval="3600">
    <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" />
-   <MetadataFilter type="Whitelist" matcher="EntityAttributes">
+   <MetadataFilter type="Include" matcher="EntityAttributes">
          <saml:Attribute Name="http://macedir.org/entity-category"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
             <saml:AttributeValue>http://aai.dfn.de/category/bwidm-member</saml:AttributeValue>
         </saml:Attribute>
-   </MetadataFilter>
-   <MetadataFilter type="EntityRoleWhiteList">
-      <RetainedRole>md:IDPSSODescriptor</RetainedRole>
    </MetadataFilter>
 </MetadataProvider>
@@ Line 223: / Line 192: @@
 </file>
-SP-seitige Blacklist, bei der aus den Metadaten, mit denen der SP arbeitet, sog. Public IdPs / Self-Signup IdPs entfernt werden:
+This Shibboleth SP filters metadata to remove IdPs with self-registration:
 <file xml shibboleth2.xml>
 <MetadataProvider type="XML"
-     uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-edugain+idp-metadata.xml"
+     uri="http://www.aai.dfn.de/metadata/dfn-aai-edugain+idp-metadata.xml"
      backingFilePath="dfn-aai-edugain+idp-metadata.xml" reloadInterval="3600">
    <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" />
-   <MetadataFilter type="Blacklist" matcher="EntityAttributes">
+   <MetadataFilter type="Exclude" matcher="EntityAttributes">
          <saml:Attribute Name="http://macedir.org/entity-category"
                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
             <saml:AttributeValue>http://aai.dfn.de/category/public-idp</saml:AttributeValue>
         </saml:Attribute>
-   </MetadataFilter>
-   <MetadataFilter type="EntityRoleWhiteList">
-      <RetainedRole>md:IDPSSODescriptor</RetainedRole>
    </MetadataFilter>
 </MetadataProvider>
@@ Line 243: / Line 209: @@
 </file>
-SP-seitige Whitelist, bei der die Metadaten, mit denen der SP arbeitet, auf IdPs der [[:de:degrees_of_reliance|Verlässlichkeitsklasse]] "Advanced" beschränkt werden:
-<file xml shibboleth2.xml>
+This IdP filter policy releases a list of attributes to bwIDM Service Providers:
-<MetadataProvider type="XML"
-     uri="http://www.aai.dfn.de/fileadmin/metadata/dfn-aai-idp-metadata.xml"
-     backingFilePath="dfn-aai-idp-metadata.xml" reloadInterval="3600">
-   <MetadataFilter type="Signature" certificate="/etc/ssl/aai/dfn-aai.pem" />
-   <MetadataFilter type="Whitelist" matcher="EntityAttributes">
-         <saml:Attribute Name="http://aai.dfn.de/loa/degree-of-reliance"
-                   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
-            <saml:AttributeValue>advanced</saml:AttributeValue>
-        </saml:Attribute>
-   </MetadataFilter>
-</MetadataProvider>
-</file>
-IdP: Attributfreigabe an bwIDM-SPs:
 <file xml attribute-filter.xml>
@@ Line 282: / Line 232: @@
 </file>
-Weitere Beispiele unter [[de:shibidp:config-attributes#haeufig_genutzt_service_provider|Attribut-Konfiguration]].
+Find more examples on the page about [[de:shibidp:config-attributes#haeufig_genutzt_service_provider|Attribute Configuration]] (in German).
-===== Referenzen =====
+===== References =====
-Weiterführende Informationen finden Sie im Shibboleth Wiki unter folgenden Links:
+For further reading, please consult the Shibboleth Wiki:
-  * **IdP - Attributfreigabe**
+  * **IdP - Attribute Release**
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/EntityAttributeExactMatchConfiguration|EntityAttributeExactMatch Configuration]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/EntityAttributeExactMatchConfiguration|EntityAttributeExactMatch Configuration]]
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/EntityAttributeRegexMatchConfiguration|EntityAttributeRegexMatch Configuration]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/EntityAttributeRegexMatchConfiguration|EntityAttributeRegexMatch Configuration]]
-  * **IdP - Relying Party Konfiguration**
+  * **IdP - Relying Party Configuration**
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/RelyingPartyConfiguration#RelyingPartyConfiguration-Overrides|RelyingParty Configuration - Overrides, (RelyingPartyByTag)]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/RelyingPartyConfiguration#RelyingPartyConfiguration-Overrides|RelyingParty Configuration - Overrides, (RelyingPartyByTag)]]
-  * **IdP - internes Tagging mit Entity Attributen**
+  * **IdP - internal tagging with Entity Attributes**
-      * [[https://wiki.shibboleth.net/confluence/display/IDP30/EntityAttributesFilter|Metadata - EntityAttributesFilter]]
+      * [[https://wiki.shibboleth.net/confluence/display/IDP4/EntityAttributesFilter|Metadata - EntityAttributesFilter]]
   * **SP - Metadata Filter (matcher="EntityAttributes")**
-      * [[https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-WhitelistMetadataFilter|Whitelist MetadataFilter]]
+      * [[https://wiki.shibboleth.net/confluence/display/SP3/IncludeMetadataFilter|IncludeMetadataFilter]]
-      * [[https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-BlacklistMetadataFilter|Blacklist MetadataFilter]]
+      * [[https://wiki.shibboleth.net/confluence/display/SP3/ExcludeMetadataFilter|Exclude MetadataFilter]]
-  * **SP - internes Tagging mit Entity Attributen**
+  * **SP - internal tagging with Entity Attributes**
-      * [[https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMetadataFilter#NativeSPMetadataFilter-EntityAttributesMetadataFilter(Version2.5andAbove)|Entity Attributes Metadata Filter]]
+      * [[https://wiki.shibboleth.net/confluence/display/SP3/EntityAttributesMetadataFilter|Entity Attributes Metadata Filter]]
 {{tag>entity-category entity-attribute}}

entity-category entity-attribute