Versions Compared

Old Version 31

changes.mady.by.user Paul Scott

Saved on

compared with

New Version 41

changes.mady.by.user Paul Scott

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titleattribute-filter.xml
linenumberstrue
<?xml version="1.0" encoding="UTF-8"?>

<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
        	xmlns="urn:mace:shibboleth:2.0:afp"
        	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">

	<!-- REFEDS Anonymous Authorization Entity Category -->
	<AttributeFilterPolicy id="releaseToRefedsAnonymous">
    		<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="https://refeds.org/category/anonymous" />
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganization">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- REFEDS Pseudonymous Authorization Entity Category -->
	<AttributeFilterPolicy id="releaseToRefedsPseudonymous">
    <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
      <!-- Supports data minimalisation to prevent use together with anonymous -->
	<AttributeFilterPolicy id="releaseToRefedsPseudonymous">
		<PolicyRequirementRule xsi:type="AND">
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"
      attributeValue="https://refeds.org/category/pseudonymous" />
			<AttributeRule<Rule attributeIDxsi:type="samlPairwiseIDNOT">
				<PermitValueRule<Rule xsi:type="ANY"/>
		EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" />
			</Rule>
		</PolicyRequirementRule>
		<AttributeRule attributeID="samlPairwiseID">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganization">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurance">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- REFEDS Personalized Access Entity Category	-->
	<AttributeFilterPolicy <!-- Supports data minimalisation to prevent use together with anonymous and pseudonymous-->
	<AttributeFilterPolicy id="releaseToRefedsPersonalized">
		<PolicyRequirementRule xsi:type="EntityAttributeExactMatchAND">
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"
			 attributeValue="https://refeds.org/category/personalized" />
			<AttributeRule<Rule attributeIDxsi:type="samlSubjectIDNOT">
				<PermitValueRule<Rule xsi:type="ANYOR" />
				</AttributeRule>
		<AttributeRule attributeID="displayName">
			<PermitValueRule	<Rule xsi:type="ANYEntityAttributeExactMatch" />
		</AttributeRule>
		<AttributeRule attributeID="givenName"attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" />
			<PermitValueRule		<Rule xsi:type="ANY" />EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/pseudonymous" />
				</Rule>
			</AttributeRule>Rule>
		</PolicyRequirementRule>
		<AttributeRule attributeID="snsamlSubjectID">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="maildisplayName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurancegivenName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganizationsn">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliationmail">
			<PermitValueRule xsi:type="ORANY" />
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="Value" value="faculty" caseSensitive="false" /eduPersonAssurance">
				<Rule<PermitValueRule xsi:type="ValueANY" value="student" caseSensitive="false"/>
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="Value" value="staff" caseSensitive="false"/schacHomeOrganization">
				<Rule<PermitValueRule xsi:type="Value" ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="OR">
				<Rule xsi:type="Value" value="alumfaculty" caseSensitive="false" />
				<Rule xsi:type="Value" value="memberstudent" caseSensitive="false"/>
				<Rule xsi:type="Value" value="affiliatestaff" caseSensitive="false"/>
				<Rule xsi:type="Value" value="employeealum" caseSensitive="false"/>
				<Rule xsi:type="Value" value="library-walk-inmember" caseSensitive="false"/>
			</PermitValueRule>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category -->
	<AttributeFilterPolicy id="releaseToCodeOfConduct">
    <PolicyRequirementRule xsi:type="OR">
			<Rule xsi:type="EntityAttributeExactMatch"
				attributeName="http://macedir.org/entity-category"
				attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
      <Rule xsi:type="EntityAttributeExactMatch"
				attributeName="http://macedir.org/entity-category"
				attributeValue="https://refeds.org/category/code-of-conduct/v2" />
    </PolicyRequirementRule>
		<AttributeRule attributeID="eduPersonTargetedID">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonOrcid">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="norEduPersonNIN">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
				<Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="personalIdentityNumber">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
				<Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="schacDateOfBirth">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="mail">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="cn">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="displayName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="givenName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true		<Rule xsi:type="Value" value="affiliate" caseSensitive="false"/>
				<Rule xsi:type="Value" value="employee" caseSensitive="false"/>
				<Rule xsi:type="Value" value="library-walk-in" caseSensitive="false"/>
			</PermitValueRule>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- Rule to honour Subject ID requirement tag in metadata. Used in combination with Geant/Refeds Code of Conduct v* -->
	<!-- Code of Conduct can be combined with other entity categories -->
	<!-- Supports data minimalisation to prevent subject-id and pairwise-id being released together -->
	<AttributeFilterPolicy id="subject-identifiers">
		<PolicyRequirementRule xsi:type="OR">
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/code-of-conduct/v2" />
		</AttributeRule>PolicyRequirementRule>
		<AttributeRule attributeID="snsamlPairwiseID">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /AND">
		</AttributeRule>
		<AttributeRule<Rule attributeIDxsi:type="eduPersonAssuranceNOT">
					<PermitValueRule<Rule xsi:type="EntityAttributeExactMatch" attributeName="AttributeInMetadatahttp://macedir.org/entity-category" onlyIfRequiredattributeValue="truehttps://refeds.org/category/personalized" />
				</AttributeRule>Rule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule<Rule xsi:type="ANDOR">
					<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequired="true" />
				<Rule xsi:type="OR">
					<Rule xsi:type="Value" value="faculty" caseSensitive="falseattributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="pairwise-id" />
					<Rule xsi:type="Value" value="student" caseSensitive="falseEntityAttributeExactMatch" attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="any" />
					<Rule xsi:type="Value" value="staff" caseSensitive="false" /></Rule>
					<Rule xsi:type="Value" value="alum" caseSensitive="false" /</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="samlSubjectID">
					<Rule<PermitValueRule xsi:type="Value" value="member" caseSensitive="false" /AND">
					<Rule xsi:type="Value" value="affiliate" caseSensitive="false" /NOT">
					<Rule xsi:type="ValueEntityAttributeExactMatch" valueattributeName="employeehttp://macedir.org/entity-category" caseSensitiveattributeValue="falsehttps://refeds.org/category/pseudonymous" />
				</Rule>
				<Rule xsi:type="ValueEntityAttributeExactMatch" valueattributeName="library-walk-in" caseSensitive="falseurn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="subject-id" />
				</Rule>PermitValueRule>
			</PermitValueRule>AttributeRule>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAffiliation">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="oAttributeFilterPolicy>

	<!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category -->
	<AttributeFilterPolicy id="releaseToCodeOfConduct">
		<PolicyRequirementRule xsi:type="OR">
			<PermitValueRule<Rule xsi:type="EntityAttributeExactMatch" attributeName="AttributeInMetadata" onlyIfRequired="true"http://macedir.org/entity-category" attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
		</AttributeRule>
		<AttributeRule attributeID="norEduOrgAcronym">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true	<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/code-of-conduct/v2" />
		</AttributeRule>PolicyRequirementRule>
		<AttributeRule attributeID="ceduPersonTargetedID">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="coeduPersonPrincipalName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganizationeduPersonOrcid">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganizationTypenorEduPersonNIN">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" />
			</AttributeFilterPolicy>

	<!-- REFEDS Research and Scholarship Entity Category -->
	<AttributeFilterPolicy id="releaseToRefedsResearchAndScholarshipPermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="personalIdentityNumber">
		<PolicyRequirementRule	<PermitValueRule xsi:type="EntityAttributeExactMatchAND">
				attributeName="http://macedir.org/entity-category"<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
			attributeValue	<Rule xsi:type="RegistrationAuthority" registrars="http://refedswww.swamid.org/category/research-and-scholarshipse/" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonTargetedIDschacDateOfBirth">
			<PermitValueRule xsi:type="NOT">
				<Rule xsi:type="Value" value="https://refeds.org/assurance/ID/eppn-unique-no-reassign"AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurancemail" />
			</PermitValueRule><PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		        <AttributeRule attributeID="displayNamemailLocalAddress">
			<PermitValueRule xsi:type="ANYAttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="givenNamecn">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="ANYtrue" />
		</AttributeRule>
		<AttributeRule attributeID="sndisplayName">
			<PermitValueRule xsi:type="ANY"AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="mailgivenName">
			<PermitValueRule xsi:type="ANY"AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurancesn">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="ANYtrue" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalNameeduPersonAssurance">
			<PermitValueRule xsi:type="ANYAttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="ORAND">
				<Rule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="facultytrue" caseSensitive/>
				<Rule xsi:type="falseOR" />
					<Rule xsi:type="Value" value="studentfaculty" caseSensitive="false" />
					<Rule xsi:type="Value" value="staffstudent" caseSensitive="false" />
					<Rule xsi:type="Value" value="alumstaff" caseSensitive="false" />
					<Rule xsi:type="Value" value="memberalum" caseSensitive="false" />
					<Rule xsi:type="Value" value="affiliatemember" caseSensitive="false" />
					<Rule xsi:type="Value" value="employeeaffiliate" caseSensitive="false" />
					<Rule xsi:type="Value" value="library-walk-inemployee" caseSensitive="false" /> 
			</PermitValueRule>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- ESI European Student Identifier -->
	<AttributeFilterPolicy id="entity-category-european-student-identifier">
		<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
			attributeName="http://macedir.org/entity-category"
			attributeValue="https://myacademicid.org/entity-categories/esi" /><Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" />
				</Rule>
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="schacPersonalUniqueCodeeduPersonAffiliation">
			<PermitValueRule xsi:type="ValueRegex" regex="^urn:schac:personalUniqueCode:int:esi:.*AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- DEPRECATED entity-category-swamid-research-and-education -->
	<AttributeFilterPolicy id="entity-category-research-and-education	<AttributeRule attributeID="o">
		<PolicyRequirementRule	<PermitValueRule xsi:type="AND""AttributeInMetadata" onlyIfRequired="true" />
			<Rule xsi:type="OR</AttributeRule>
		<AttributeRule attributeID="norEduOrgAcronym">
				<Rule<PermitValueRule xsi:type="EntityAttributeExactMatch"
					attributeName="http://macedir.org/entity-category"
					attributeValue="http://www.swamid.se/category/eu-adequate-protection" /AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="c">
				<Rule<PermitValueRule xsi:type="EntityAttributeExactMatch"AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
			attributeName="http://macedir.org/entity-category"<AttributeRule attributeID="co">
					attributeValue="http://www.swamid.se/category/nren-service<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganization">
			<Rule<PermitValueRule xsi:type="EntityAttributeExactMatch"AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
			attributeName="http://macedir.org/entity-category"<AttributeRule attributeID="schacHomeOrganizationType">
					attributeValue="http://www.swamid.se/category/hei-service<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
	</Rule>
			<RuleAttributeFilterPolicy>

	<!-- REFEDS Research and Scholarship Entity Category -->
	<AttributeFilterPolicy id="releaseToRefedsResearchAndScholarship">
		<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
				 attributeName="http://macedir.org/entity-category"
				 attributeValue="http://wwwrefeds.swamid.seorg/category/research-and-educationscholarship" />
		</PolicyRequirementRule>
		<AttributeRule attributeID="givenNameeduPersonTargetedID">
			<PermitValueRule xsi:type="ANYNOT" />
		</AttributeRule>
		<AttributeRule attributeID="surname">
			<PermitValueRule<Rule xsi:type="ANYValue" />
		</AttributeRule>
		<AttributeRulevalue="https://refeds.org/assurance/ID/eppn-unique-no-reassign" attributeID="displayNameeduPersonAssurance" />
			<PermitValueRule xsi:type="ANY" /></PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="commonNamedisplayName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalNamegivenName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurancesn">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="mail">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="OR">
				<Rule xsi:type="Value" value="faculty" caseSensitive="false" /
		<AttributeRule attributeID="eduPersonAssurance">
				<Rule<PermitValueRule xsi:type="Value" value="student" caseSensitive="false" /ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalName">
				<Rule<PermitValueRule xsi:type="Value" value="staff" caseSensitive="false" />
				<RuleANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="Value" value="alum" caseSensitive="false" /OR">
				<Rule xsi:type="Value" value="memberfaculty" caseSensitive="false" />
				<Rule xsi:type="Value" value="affiliatestudent" caseSensitive="false" />
				<Rule xsi:type="Value" value="employeestaff" caseSensitive="false" />
				<Rule xsi:type="Value" value="library-walk-inalum" caseSensitive="false" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="o">
			<PermitValueRule	<Rule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="norEduOrgAcronym">
			<PermitValueRuleValue" value="member" caseSensitive="false" />
				<Rule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="co"Value" value="affiliate" caseSensitive="false" />
			<PermitValueRule	<Rule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="c"Value" value="employee" caseSensitive="false" />
			<PermitValueRule	<Rule xsi:type="Value" value="library-walk-in" caseSensitive="ANYfalse" />
			</PermitValueRule>
		</AttributeRule>
	</AttributeFilterPolicy>

		<AttributeRule attributeID="schacHomeOrganization<!-- ESI European Student Identifier -->
	<AttributeFilterPolicy id="entity-category-european-student-identifier">
			<PermitValueRule<PolicyRequirementRule xsi:type="ANYEntityAttributeExactMatch" />
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- DEPRECATED entity-category-sfs-1993-1153 -->
	<AttributeFilterPolicy id="entity-category-sfs-1993-1153attributeName="http://macedir.org/entity-category" attributeValue="https://myacademicid.org/entity-categories/esi" />
		<AttributeRule attributeID="schacPersonalUniqueCode">
		<PolicyRequirementRule	<PermitValueRule xsi:type="EntityAttributeExactMatch"
				attributeName="http://macedir.org/entity-category"
				attributeValue="http://www.swamid.se/category/sfs-1993-1153" />

		<AttributeRule attributeID="norEduPersonNINValueRegex" regex="^urn:schac:personalUniqueCode:int:esi:.*" />
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- Sectigo -->
	<AttributeFilterPolicy id="releaseSectigoAttributeBundle">
			<PermitValueRule<PolicyRequirementRule xsi:type="ANYRequester" value="https://cert-manager.com/shibboleth" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssuranceeduPersonPrincipalName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- Sectigo -->
  <AttributeFilterPolicy id="releaseSectigoAttributeBundle	<AttributeRule attributeID="displayName">
		<PolicyRequirementRule	<PermitValueRule xsi:type="RequesterANY" value="https://cert-manager.com/shibboleth" />/>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalNamegivenName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="displayNamemail">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="givenNamesn">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
 		<AttributeRule attributeID="mailschacHomeOrganization">
 			<PermitValueRule xsi:type="ANY" />
 		</AttributeRule>
		<AttributeRule attributeID="sntcsPersonalEntitlement">
			        	<PermitValueRule xsi:type="ANY"/>
	    	</AttributeRule>
	<   </AttributeFilterPolicy>

 <!-- PLACEHOLDER DO NOT REMOVE -->
</AttributeFilterPolicyGroup>

...