Is this a metadata error?

Cantor, Scott cantor.2 at
Tue May 28 13:11:02 EDT 2013

On 5/28/13 12:58 PM, "Peter Schober" <peter.schober at> wrote:

>* David Gersic <dgersic at> [2013-05-28 18:42]:
>> The "Name" here is "urn:mace:incommon", which doesn't match the
>> groupID ("") in attribute-filter.xml. But I think it
>> should, at least if I've understood the doc for
>> AttributeRequesterInEntityGroup correctly.
>There's no magic involved. the Rule/@groupID value needs to exactly
>match the metadata's EntitiesDescriptor/@Name value.

Yes, assuming that's actually the basis of the policy you want to use. For
lots of reasons that isn't advisable unless you really understand what
that means, and Ian updated the example in the wiki that illustrates using
groups to reflect some of that.

The normal way of dealing with contractual arrangements is just to
explicitly define a policy for the SP. That's the least of the overhead
involved with B2B scenarios.

-- Scott

More information about the users mailing list