Fixes to constants, allow sequences of condition rules, new policy rule for Delegatio...

[shibboleth/cpp-opensaml.git] / saml / binding / SecurityPolicyRule.h

diff --git a/saml/binding/SecurityPolicyRule.h b/saml/binding/SecurityPolicyRule.h
index f4b746d..8653f98 100644 (file)
--- a/saml/binding/SecurityPolicyRule.h
+++ b/saml/binding/SecurityPolicyRule.h
@@ -52,12 +52,13 @@ namespace opensaml {
         /**
          * Evaluates the rule against the given request and message.
          *
-         * <p>An exception will be raised if the message is invalid according to
+         * <p>An exception will be raised if the message is fatally invalid according to
          * a policy rule.
          *
          * <p>The return value is used to indicate whether a message was ignored or
          * successfully processed. A false value signals that the rule wasn't successful
-         * but was also not unsuccessful, because the rule was inapplicable to the message.
+         * because the rule was inapplicable to the message, but allows other rules to
+         * return an alternate result.
          *
          * @param message   the incoming message
          * @param request   the protocol request
@@ -82,6 +83,11 @@ namespace opensaml {
     #define AUDIENCE_POLICY_RULE        "Audience"
 
     /**
+     * SecurityPolicyRule for evaluation of SAML DelegationRestriction Conditions.
+     */
+    #define DELEGATION_POLICY_RULE        "Delegation"
+
+    /**
      * SecurityPolicyRule for TLS client certificate authentication.
      *
      * Evaluates client certificates against the issuer's metadata.