Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


OBS! UTKAST

Info

This is an example of a standard entity category based attribute filter for SWAMID 2.0 in a Shibboleth IdP .which fulfils SWAMID's Entity Category attribute release in SWAMID


Code Block
languagexml
titleattribute-filter.xml
linenumberstrue
<?xml version="1.0" encoding="UTF-8"?>

<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
        	xmlns="urn:mace:shibboleth:2.0:afp"
        	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">

	<!-- REFEDS ReleaseAnonymous theAuthorization transientEntity IDCategory to anyone -->
	<AttributeFilterPolicy id="releaseTransientIdToAnyonereleaseToRefedsAnonymous">
		<PolicyRequirementRule xsi:type="ANY" />
EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" />
		<AttributeRule attributeID="transientIdeduPersonScopedAffiliation">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganization">
			<PermitValueRule xsi:type="ANY"/>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- GEANT Data protection Code of ConductREFEDS Pseudonymous Authorization Entity Category -->
	<!-- Supports data minimalisation to prevent use together with anonymous -->
	<AttributeFilterPolicy id="releaseToCoCoreleaseToRefedsPseudonymous">
		<PolicyRequirementRule xsi:type="EntityAttributeExactMatchAND">
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"
		 attributeValue="httphttps://wwwrefeds.geant.netorg/uri/dataprotection-code-of-conduct/v1category/pseudonymous" />
        <AttributeRule attributeID="eduPersonTargetedID">
			<PermitValueRule<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
        </AttributeRule>
	<AttributeRule attributeID="eduPersonPrincipalName">
		<PermitValueRuleNOT">
				<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequired="trueattributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" />
			</AttributeRule>Rule>
		</PolicyRequirementRule>
		<AttributeRule attributeID="eduPersonUniqueIdsamlPairwiseID">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonOrcideduPersonScopedAffiliation">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" ANY"/>
		</AttributeRule>
		<AttributeRule attributeID="norEduPersonNINschacHomeOrganization">
			<PermitValueRule xsi:type="ANDANY"/>
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="AttributeInMetadata" onlyIfRequired="true" /eduPersonAssurance">
			<Rule<PermitValueRule xsi:type="RegistrationAuthorityANY" registrars="http://www.swamid.se/" />
		</PermitValueRule>AttributeRule>
	</AttributeRule>AttributeFilterPolicy>

	<AttributeRule attributeID="personalIdentityNumber">
		<PermitValueRule xsi:type="AND<!-- REFEDS Personalized Access Entity Category	-->
	<!-- Supports data minimalisation to prevent use together with anonymous and pseudonymous-->
	<AttributeFilterPolicy id="releaseToRefedsPersonalized">
			<Rule<PolicyRequirementRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /AND">
			<Rule xsi:type="RegistrationAuthorityEntityAttributeExactMatch" registrarsattributeName="http://www.swamid.se/macedir.org/entity-category" attributeValue="https://refeds.org/category/personalized" />
		</PermitValueRule>
	</AttributeRule>
	<AttributeRule attributeID="schacDateOfBirth	<Rule xsi:type="NOT">
		<PermitValueRule		<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /OR">
		</AttributeRule>
	<AttributeRule attributeID="mail">
		<PermitValueRule<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequiredattributeName="true" />
	</AttributeRule>
	<AttributeRule attributeID="cn"http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" />
		<PermitValueRule			<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequiredattributeName="truehttp://macedir.org/entity-category" />
	</AttributeRule>
attributeValue="https://refeds.org/category/pseudonymous" />
				</Rule>
			</Rule>
		</PolicyRequirementRule>
		<AttributeRule attributeID="displayNamesamlSubjectID">
			<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="givenNamedisplayName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true"ANY" />
		</AttributeRule>
		<AttributeRule attributeID="sngivenName">
			<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
/>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurancesn">
			<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliationmail">
			<PermitValueRule xsi:type="ANDANY" />
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="AttributeInMetadata" onlyIfRequired="true" /eduPersonAssurance">
			<Rule<PermitValueRule xsi:type="ORANY" />
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="Value" value="faculty" ignoreCase="true" /schacHomeOrganization">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="OR">
				<Rule xsi:type="Value" value="studentfaculty" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="staffstudent" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="alumstaff" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="memberalum" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="member" caseSensitive="false"/>
				<Rule xsi:type="Value" value="affiliate" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="employee" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="library-walk-in" ignoreCasecaseSensitive="truefalse" />
			</Rule>PermitValueRule>
		</PermitValueRule>AttributeRule>
	</AttributeRule>AttributeFilterPolicy>

	<AttributeRule attributeID="eduPersonAffiliation">
		<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
	</AttributeRule>
	<AttributeRule attributeID="organizationName">
		<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
	</AttributeRule>
	<AttributeRule attributeID="norEduOrgAcronym">
		<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
	</AttributeRule>
	<AttributeRule attributeID="countryName">
		<PermitValueRule<!-- Rule to honour Subject ID requirement tag in metadata. Used in combination with Geant/Refeds Code of Conduct v* -->
	<!-- Code of Conduct can be combined with other entity categories -->
	<!-- Supports data minimalisation to prevent subject-id and pairwise-id being released together -->
	<AttributeFilterPolicy id="subject-identifiers">
		<PolicyRequirementRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
	</AttributeRule>
	<AttributeRule attributeID="friendlyCountryName">
		<PermitValueRuleOR">
			<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequiredattributeName="true" />
	</AttributeRule>
	<AttributeRule attributeID="schacHomeOrganization"http://macedir.org/entity-category" attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
		<PermitValueRule	<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequiredattributeName="truehttp://macedir.org/entity-category" />
	</AttributeRule>
	attributeValue="https://refeds.org/category/code-of-conduct/v2" />
		</PolicyRequirementRule>
		<AttributeRule attributeID="schacHomeOrganizationTypesamlPairwiseID">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
	</AttributeRule>
</AttributeFilterPolicy>

<!-- REFEDS Research and Schoolarship -->
<AttributeFilterPolicy id="releaseToRandS">
	<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
		attributeName="http://macedirAND">
				<Rule xsi:type="NOT">
					<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"
		 attributeValue="httphttps://refeds.org/category/research-and-scholarshippersonalized" />
    <!-- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable -->
	<AttributeRule attributeID="eduPersonTargetedID">
				</Rule>
				<Rule xsi:type="OR">
					<Rule xsi:type="EntityAttributeExactMatch" attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="pairwise-id" />
					<Rule xsi:type="EntityAttributeExactMatch" attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="any" />
				</Rule>
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="samlSubjectID">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="NOT">
					<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/pseudonymous" />
				</Rule>
				<Rule xsi:type="EntityAttributeExactMatch" attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="subject-id" />
			</PermitValueRule>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category -->
	<AttributeFilterPolicy id="releaseToCodeOfConduct">
		<PolicyRequirementRule xsi:type="OR">
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
			<Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/code-of-conduct/v2" />
		</PolicyRequirementRule>
		<AttributeRule attributeID="eduPersonTargetedID">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonOrcid">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="norEduPersonNIN">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
				<Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="personalIdentityNumber">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
				<Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="schacDateOfBirth">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="mail">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="cn">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="displayName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="givenName">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="sn">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurance">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<PermitValueRule xsi:type="AND">
				<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
				<Rule xsi:type="OR">
					<Rule xsi:type="Value" value="faculty" caseSensitive="false" />
					<Rule xsi:type="Value" value="student" caseSensitive="false" />
					<Rule xsi:type="Value" value="staff" caseSensitive="false" />
					<Rule xsi:type="Value" value="alum" caseSensitive="false" />
					<Rule xsi:type="Value" value="member" caseSensitive="false" />
					<Rule xsi:type="Value" value="affiliate" caseSensitive="false" />
					<Rule xsi:type="Value" value="employee" caseSensitive="false" />
					<Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" />
				</Rule>
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAffiliation">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="o">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="norEduOrgAcronym">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="c">
			<PermitValueRule xsi:type="NOT""AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="Value" value="https://refeds.org/assurance/ID/eppn-unique-no-reassign" attributeID="eduPersonAssuranceco">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
		</PermitValueRule>
    </AttributeRule>
		<AttributeRule attributeID="displayNameschacHomeOrganization">
			<PermitValueRule xsi:type="ANY"AttributeInMetadata" onlyIfRequired="true" />
		</AttributeRule>
		<AttributeRule attributeID="givenNameschacHomeOrganizationType">
			<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="ANYtrue" />
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- REFEDS Research and Scholarship Entity Category -->
	<AttributeRule<AttributeFilterPolicy attributeIDid="surnamereleaseToRefedsResearchAndScholarship">
		<PermitValueRule<PolicyRequirementRule xsi:type="ANY="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship" />
	</AttributeRule>
	<AttributeRule attributeID="maileduPersonTargetedID">
			<PermitValueRule xsi:type="ANY" />
	</AttributeRule>
	<AttributeRule attributeID="eduPersonUniqueIdNOT">
			<PermitValueRule	<Rule xsi:type="ANY="Value" value="https://refeds.org/assurance/ID/eppn-unique-no-reassign" attributeID="eduPersonAssurance" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurancedisplayName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalNamegivenName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
		<PermitValueRule xsi:type="ORsn">
			<Rule<PermitValueRule xsi:type="Value" value="faculty" ignoreCase="true" /ANY" />
		</AttributeRule>
		<AttributeRule attributeID="mail">
			<Rule<PermitValueRule xsi:type="ValueANY" value="student" ignoreCase="true" />
		</AttributeRule>
		<Rule<AttributeRule xsi:typeattributeID="Value" value="staff" ignoreCase="true" /eduPersonAssurance">
			<Rule<PermitValueRule xsi:type="Value" value="alum" ignoreCase="true" /ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalName">
			<Rule<PermitValueRule xsi:type="Value" value="member" ignoreCase="true" /ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonScopedAffiliation">
			<Rule<PermitValueRule xsi:type="Value" value="affiliate" ignoreCase="trueOR" />
				<Rule xsi:type="Value" value="employeefaculty" ignoreCasecaseSensitive="truefalse" />
				<Rule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
		</PermitValueRule>
	</AttributeRule>
</AttributeFilterPolicy>

<!-- DEPRECATED entity-category-swamid-research-and-education WILL BE REMOVED 2020-10-31 -->
<AttributeFilterPolicy id="entity-category-research-and-education">
	<PolicyRequirementRulestudent" caseSensitive="false" />
				<Rule xsi:type="Value" value="staff" caseSensitive="false" />
				<Rule xsi:type="AND""Value" value="alum" caseSensitive="false" />
				<Rule xsi:type="Value" value="OR""member" caseSensitive="false" />
				<Rule xsi:type="EntityAttributeExactMatch"
				attributeName="http://macedir.org/entity-category"
				attributeValue="http://www.swamid.se/category/eu-adequate-protectionValue" value="affiliate" caseSensitive="false" />
				<Rule xsi:type="EntityAttributeExactMatch"
				attributeName="http://macedir.org/entity-category"
				attributeValue="http://www.swamid.se/category/nren-serviceValue" value="employee" caseSensitive="false" />
				<Rule xsi:type="Value" value="EntityAttributeExactMatch"
				attributeName="http://macedir.org/entity-category"
				attributeValue="http://www.swamid.se/category/hei-service" />
		</Rule>
		<Rulelibrary-walk-in" caseSensitive="false" />
			</PermitValueRule>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- ESI European Student Identifier -->
	<AttributeFilterPolicy id="entity-category-european-student-identifier">
		<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
			 attributeName="http://macedir.org/entity-category"
			 attributeValue="httphttps://wwwmyacademicid.swamid.se/category/research-and-education" />
	</PolicyRequirementRule>
	<AttributeRule attributeID="givenName">
		<PermitValueRule xsi:type="ANY" />
	</AttributeRule>
	org/entity-categories/esi" />
		<AttributeRule attributeID="surnameschacPersonalUniqueCode">
			<PermitValueRule xsi:type="ANY="ValueRegex" regex="^urn:schac:personalUniqueCode:int:esi:.*" />
		</AttributeRule>
	<AttributeRule attributeID="displayName"</AttributeFilterPolicy>

	<!-- DEPRECATED entity-category-swamid-research-and-education -->
	<AttributeFilterPolicy id="entity-category-research-and-education">
		<PermitValueRule<PolicyRequirementRule xsi:type="ANYAND" />
		</AttributeRule>
	<AttributeRule<Rule attributeIDxsi:type="commonNameOR">
		<PermitValueRule		<Rule xsi:type="ANYEntityAttributeExactMatch" />
	</AttributeRule>
	<AttributeRule attributeID="eduPersonPrincipalName">
		<PermitValueRule xsi:type="ANY"attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/eu-adequate-protection" />
	</AttributeRule>
	<AttributeRule attributeID="eduPersonAssurance">
		<PermitValueRule<Rule xsi:type="ANYEntityAttributeExactMatch" />
	</AttributeRule>
	<AttributeRule attributeID="mail">
		<PermitValueRule xsi:type="ANYattributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/nren-service" />
	</AttributeRule>
	<AttributeRule attributeID="eduPersonScopedAffiliation">
		<PermitValueRule<Rule xsi:type="OR">
			<Rule xsi:type="Value" value="faculty" ignoreCase="true" />EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/hei-service" />
			</Rule>
			<Rule xsi:type="ValueEntityAttributeExactMatch" valueattributeName="studenthttp://macedir.org/entity-category" ignoreCaseattributeValue="truehttp://www.swamid.se/category/research-and-education" />
		</PolicyRequirementRule>
		<Rule xsi:type="Value" value="staff" ignoreCase="true" /<AttributeRule attributeID="givenName">
			<Rule<PermitValueRule xsi:type="Value" value="alum" ignoreCase="true" /ANY" />
		</AttributeRule>
		<AttributeRule attributeID="sn">
			<Rule<PermitValueRule xsi:type="ValueANY" value="member" ignoreCase="true" />
		</AttributeRule>
		<Rule xsi:type="Value" value="affiliate" ignoreCase="true" /<AttributeRule attributeID="displayName">
			<Rule<PermitValueRule xsi:type="Value" value="employee" ignoreCase="true" /ANY" />
		</AttributeRule>
		<AttributeRule attributeID="cn">
			<Rule<PermitValueRule xsi:type="ValueANY" value="library-walk-in" ignoreCase="true/>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalName">
			<PermitValueRule xsi:type="ANY" />
		</PermitValueRule>AttributeRule>
	</AttributeRule>
	<AttributeRule attributeID="organizationNameeduPersonAssurance">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="norEduOrgAcronymmail">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="countryNameeduPersonScopedAffiliation">
			<PermitValueRule xsi:type="ANYOR" />
		</AttributeRule>
	<AttributeRule attributeID="friendlyCountryName">
		<PermitValueRule xsi:type="ANY		<Rule xsi:type="Value" value="faculty" caseSensitive="false" />
				<Rule xsi:type="Value" value="student" caseSensitive="false" />
	</AttributeRule>
	<AttributeRule attributeID="schacHomeOrganization">
		<PermitValueRule<Rule xsi:type="ANY" />
	</AttributeRule>
</AttributeFilterPolicy>

<!-- DEPRECATED entity-category-sfs-1993-1153 WILL BE REMOVED 2020-10-31-->
<AttributeFilterPolicy id="entity-category-sfs-1993-1153">
	<PolicyRequirementRuleValue" value="staff" caseSensitive="false" />
				<Rule xsi:type="EntityAttributeExactMatch"
			attributeName="http://macedir.org/entity-category"
			attributeValue="http://www.swamid.se/category/sfs-1993-1153Value" value="alum" caseSensitive="false" />

	<AttributeRule attributeID="norEduPersonNIN">
		<PermitValueRule				<Rule xsi:type="Value" value="member" caseSensitive="false" />
				<Rule xsi:type="ANY"Value" value="affiliate" caseSensitive="false" />
			</AttributeRule>
	<AttributeRule attributeID="eduPersonAssurance">
		<PermitValueRule	<Rule xsi:type="Value" value="employee" caseSensitive="false" />
				<Rule xsi:type="ANY" />
	</AttributeRule>
</AttributeFilterPolicy>

<!-- Examples of entityId based release to Service Providers -->

<!-- Release to testshib.org -->
<!--
<AttributeFilterPolicy id="testShib">
	<PolicyRequirementRuleValue" value="library-walk-in" caseSensitive="false" />
			</PermitValueRule>
		</AttributeRule>
		<AttributeRule attributeID="o">
			<PermitValueRule xsi:type="RequesterANY" value="https://sp.testshib.org/shibboleth-sp" />
		</AttributeRule>
		<AttributeRule attributeID="givenNamenorEduOrgAcronym">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>

		<AttributeRule attributeID="commonNameco">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>

		<AttributeRule attributeID="surnamec">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>

		<AttributeRule attributeID="principalschacHomeOrganization">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>

	</AttributeFilterPolicy>
-->

	<!-- NyA-webben UHR -->
<!--
<AttributeFilterPolicy id="releaseNyAwebbenEntitlement">
	<PolicyRequirementRule xsi:type="OR">
		<RuleDEPRECATED entity-category-sfs-1993-1153 -->
	<AttributeFilterPolicy id="entity-category-sfs-1993-1153">
		<PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/sfs-1993-1153" />
		<AttributeRule attributeID="norEduPersonNIN">
			<PermitValueRule xsi:type="RequesterANY" value="https://expert.antagning.se/ecs-sp" //>
		</AttributeRule>
		<AttributeRule attributeID="eduPersonAssurance">
		<Rule	<PermitValueRule xsi:type="RequesterANY" value="https://expert.testa.antagning.se/ecs-sp" //>
		</AttributeRule>
	</AttributeFilterPolicy>

	<!-- Sectigo -->
	<AttributeFilterPolicy id="releaseSectigoAttributeBundle">
		<Rule<PolicyRequirementRule xsi:type="Requester" value="https://expert.testb.antagning.se/ecs-sp//cert-manager.com/shibboleth" />
	</PolicyRequirementRule>

	<AttributeRule attributeID="NyAwebbenEntitlementeduPersonPrincipalName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
</AttributeFilterPolicy>
-->

<!--  New TCS Personal -->
<!--
<AttributeFilterPolicy id="releaseTcsPersonalEntitlement		<AttributeRule attributeID="displayName">
	<PolicyRequirementRule		<PermitValueRule xsi:type="Requester" value="https://www.digicert.com/ssoANY" />
		</AttributeRule>
		<AttributeRule attributeID="displayNamegivenName">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="eduPersonPrincipalNamemail">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
		<AttributeRule attributeID="tcsPersonalEntitlementsn">
			<PermitValueRule xsi:type="ANY" />
		</AttributeRule>
 		<AttributeRule attributeID="emailschacHomeOrganization">
 			<PermitValueRule xsi:type="ANY" />
 		</AttributeRule>
		<AttributeRule attributeID="schacHomeOrganizationtcsPersonalEntitlement">
		        	<PermitValueRule xsi:type="ANY"/>
    	</AttributeRule>
<   </AttributeFilterPolicy>
-->

 <!-- PLACEHOLDER DO NOT REMOVE -->
</AttributeFilterPolicyGroup>

...