Merged issuer/protocol extraction back into rules.

[shibboleth/cpp-opensaml.git] / saml / binding / SecurityPolicyRule.h

diff --git a/saml/binding/SecurityPolicyRule.h b/saml/binding/SecurityPolicyRule.h
index 749c571..427f5cc 100644 (file)
--- a/saml/binding/SecurityPolicyRule.h
+++ b/saml/binding/SecurityPolicyRule.h
@@ -61,6 +61,7 @@ namespace opensaml {
          * @param metadataProvider  locked MetadataProvider instance to authenticate the message
          * @param role              identifies the role (generally IdP or SP) of the peer who issued the message 
          * @param trustEngine       TrustEngine to authenticate the message
+         * @param extractor         MessageExtractor to use in examining message
          * @return the identity of the message issuer, in two forms, or NULL
          * 
          * @throws BindingException thrown if the request/message do not meet the requirements of this rule
@@ -80,6 +81,14 @@ namespace opensaml {
     void SAML_API registerSecurityPolicyRules();
 
     /**
+     * SecurityPolicyRule for TLS client certificate authentication.
+     * 
+     * Requires that messages carry information about the issuer, and then
+     * evaluates the claimed certificates against the issuer's metadata.
+     */
+    #define CLIENTCERTAUTH_POLICY_RULE  "org.opensaml.binding.ClientCertAuthRule"
+
+    /**
      * SecurityPolicyRule for replay detection and freshness checking.
      * 
      * <p>A ReplayCache instance must be available from the runtime, unless
@@ -93,21 +102,20 @@ namespace opensaml {
     #define MESSAGEFLOW_POLICY_RULE  "org.opensaml.binding.MessageFlowRule"
 
     /**
-     * SecurityPolicyRule for ensuring messages are delivered to the right place.
+     * SecurityPolicyRule for protocol message "blob" signing.
      * 
-     * <p>Enforcement is mandatory and the message must be explicitly addressed,
-     * unless a "mandatory" XML attribute is set to "0" or "false" when instantiating
-     * the policy rule.
+     * Allows the message issuer to be authenticated using a non-XML digital signature
+     * over the message body. The transport layer is not considered.
      */
-    #define MESSAGEROUTING_POLICY_RULE  "org.opensaml.binding.MessageRoutingRule"
+    #define SIMPLESIGNING_POLICY_RULE  "org.opensaml.binding.SimpleSigningRule"
 
     /**
-     * SecurityPolicyRule for protocol message signing.
+     * SecurityPolicyRule for protocol message XML signing.
      * 
-     * Allows the message issuer to be authenticated using an XML or binding-specific
-     * digital signature over the message. The transport layer is not considered.
+     * Allows the message issuer to be authenticated using an XML digital signature
+     * over the message. The transport layer is not considered.
      */
-    #define MESSAGESIGNING_POLICY_RULE  "org.opensaml.binding.MessageSigningRule"
+    #define XMLSIGNING_POLICY_RULE  "org.opensaml.binding.XMLSigningRule"
 };
 
 #endif /* __saml_secrule_h__ */