<afp:AttributeFilterPolicy<AttributeFilterPolicy id="REFEDSResearchAndScholarship">
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatchEntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship"/>
<!-- RandS Minimalrequires: subsetAn of the "Ridentifier, email and S" attribute bundle. -->
<!--a person's name.
If ePPN values could be reassigned you MUST also release eduPersonTargetedID.
Always releasing ePTID is recommended, though, as is releasing givenName+sn
in addition to displayName, to help with interop. -->
<afp:AttributeRule<AttributeRule attributeID="eduPersonPrincipalName">
<afp:PermitValueRule<PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="eduPersonTargetedID">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataANY" onlyIfRequired="false"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="email">
<afp:PermitValueRule<PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="displayName">
<afp:PermitValueRule<PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<!-- Other attributes only if requested (could also be released unconditionally) -->
<afp:AttributeRule<AttributeRule attributeID="givenName">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataANY" onlyIfRequired="false"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="surname">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataANY" onlyIfRequired="false"/>
</afp:AttributeRule>
<!-- Affiliation is <afp:AttributeRuleoptional but release is still "strongly recommended". -->
<AttributeRule attributeID="eduPersonScopedAffiliation">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataANY" onlyIfRequired="false"/>
</afp:AttributeRule>
</afp:AttributeFilterPolicy> | 