From 793a90abfdd6d0640ced0173a32a2771ba0045cc Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Tue, 20 May 2008 21:47:32 +0000 Subject: [PATCH] Add deny rules to schema. --- schemas/shibboleth-2.0-afp.xsd | 62 +++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/schemas/shibboleth-2.0-afp.xsd b/schemas/shibboleth-2.0-afp.xsd index e132a4f..675f41f 100644 --- a/schemas/shibboleth-2.0-afp.xsd +++ b/schemas/shibboleth-2.0-afp.xsd @@ -34,17 +34,24 @@ - Defines an attribute value filter that may be reused across multiple attribute rules. + Defines a permit value rule that may be reused across multiple attribute rules. - + + + + + Defines a deny value rule that may be reused across multiple attribute rules. + + + Defines an attribute rule that may be reused across multiple filter policies. - + @@ -89,7 +96,7 @@ - Rerfence to a PolicyRequirement defined within this policy group or another. + Reference to a PolicyRequirement defined within this policy group or another. @@ -105,7 +112,7 @@ - Rerfence to a AttribtueRule defined within this policy group or another. + Reference to a AttributeRule defined within this policy group or another. @@ -124,21 +131,26 @@ - - - - A filter for attribute values. If the filter evaluates to true the value is permitted, - otherwise it is filtered out. - - - - - - - Rerfence to a PermitValueRule defined within this policy group or another. - - - + + + + + + Reference to a PermitValueRule defined within this policy group or another. + + + + + + + + + + Reference to a DenyValueRule defined within this policy group or another. + + + + @@ -157,8 +169,14 @@ - A filter for attribtue values. If the filter evaluates to true the value is permitted, otherwise it is - filtered out. + A filter for attribute values. If the filter evaluates to true the value is permitted to be released. + + + + + + + A filter for attribute values. If the filter evaluates to true the value is denied and may not be released. -- 2.1.4