<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.5"/>
<title>opensaml-2.5.2: saml/binding/SecurityPolicyRule.h File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
$(document).ready(initResizable);
$(window).load(resizeHeight);
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td style="padding-left: 0.5em;">
<div id="projectname">opensaml-2.5.2
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.5 -->
<div id="navrow1" class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main Page</span></a></li>
<li><a href="pages.html"><span>Related Pages</span></a></li>
<li><a href="namespaces.html"><span>Namespaces</span></a></li>
<li><a href="annotated.html"><span>Classes</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
<div id="navrow2" class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File List</span></a></li>
<li><a href="globals.html"><span>File Members</span></a></li>
</ul>
</div>
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
<div id="nav-tree">
<div id="nav-tree-contents">
<div id="nav-sync" class="sync"></div>
</div>
</div>
<div id="splitbar" style="-moz-user-select:none;"
class="ui-resizable-handle">
</div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('a00076.html','');});
</script>
<div id="doc-content">
<div class="header">
<div class="summary">
<a href="#nested-classes">Classes</a> |
<a href="#namespaces">Namespaces</a> |
<a href="#define-members">Macros</a> |
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<div class="title">SecurityPolicyRule.h File Reference</div> </div>
</div><!--header-->
<div class="contents">
<p>Licensed to the University Corporation for Advanced Internet Development, Inc.
<a href="#details">More...</a></p>
<div class="textblock"><code>#include <<a class="el" href="a00070.html">saml/base.h</a>></code><br/>
</div><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
Classes</h2></td></tr>
<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">class  </td><td class="memItemRight" valign="bottom"><a class="el" href="a00061.html">opensaml::SecurityPolicyRule</a></td></tr>
<tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">A rule that a protocol request and message must meet in order to be valid and secure. <a href="a00061.html#details">More...</a><br/></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="namespaces"></a>
Namespaces</h2></td></tr>
<tr class="memitem:a00119"><td class="memItemLeft" align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="a00119.html">opensaml</a></td></tr>
<tr class="memdesc:a00119"><td class="mdescLeft"> </td><td class="mdescRight">Common classes for OpenSAML library. <br/></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
Macros</h2></td></tr>
<tr class="memitem:a71556d5899fa9c2a7eee515bd92d0e04"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a71556d5899fa9c2a7eee515bd92d0e04"></a>
#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a71556d5899fa9c2a7eee515bd92d0e04">AUDIENCE_POLICY_RULE</a>   "Audience"</td></tr>
<tr class="memdesc:a71556d5899fa9c2a7eee515bd92d0e04"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for evaluation of SAML AudienceRestriction Conditions. <br/></td></tr>
<tr class="separator:a71556d5899fa9c2a7eee515bd92d0e04"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ae118a43ed01c7ce366919a028bec2625"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="ae118a43ed01c7ce366919a028bec2625"></a>
#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#ae118a43ed01c7ce366919a028bec2625">DELEGATION_POLICY_RULE</a>   "Delegation"</td></tr>
<tr class="memdesc:ae118a43ed01c7ce366919a028bec2625"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for evaluation of SAML DelegationRestriction Conditions. <br/></td></tr>
<tr class="separator:ae118a43ed01c7ce366919a028bec2625"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a46014daed43833842e1389d1dc5f073d"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a46014daed43833842e1389d1dc5f073d">CLIENTCERTAUTH_POLICY_RULE</a>   "ClientCertAuth"</td></tr>
<tr class="memdesc:a46014daed43833842e1389d1dc5f073d"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for TLS client certificate authentication. <a href="#a46014daed43833842e1389d1dc5f073d">More...</a><br/></td></tr>
<tr class="separator:a46014daed43833842e1389d1dc5f073d"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a2024639da0090617812c154bfaf88d44"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a2024639da0090617812c154bfaf88d44"></a>
#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a2024639da0090617812c154bfaf88d44">CONDITIONS_POLICY_RULE</a>   "Conditions"</td></tr>
<tr class="memdesc:a2024639da0090617812c154bfaf88d44"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for evaluation of SAML Conditions. <br/></td></tr>
<tr class="separator:a2024639da0090617812c154bfaf88d44"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:acfc58373ee9fe34a4c9a87d9074bdb4d"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="acfc58373ee9fe34a4c9a87d9074bdb4d"></a>
#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#acfc58373ee9fe34a4c9a87d9074bdb4d">IGNORE_POLICY_RULE</a>   "Ignore"</td></tr>
<tr class="memdesc:acfc58373ee9fe34a4c9a87d9074bdb4d"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for ignoring a SAML Condition. <br/></td></tr>
<tr class="separator:acfc58373ee9fe34a4c9a87d9074bdb4d"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a7bfa878a43995fe5fc200fcb000aa90f"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a7bfa878a43995fe5fc200fcb000aa90f">MESSAGEFLOW_POLICY_RULE</a>   "MessageFlow"</td></tr>
<tr class="memdesc:a7bfa878a43995fe5fc200fcb000aa90f"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for replay detection and freshness checking. <a href="#a7bfa878a43995fe5fc200fcb000aa90f">More...</a><br/></td></tr>
<tr class="separator:a7bfa878a43995fe5fc200fcb000aa90f"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a2c6d592f663cee4e494984cae8055e74"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a2c6d592f663cee4e494984cae8055e74">NULLSECURITY_POLICY_RULE</a>   "NullSecurity"</td></tr>
<tr class="memdesc:a2c6d592f663cee4e494984cae8055e74"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for disabling security. <a href="#a2c6d592f663cee4e494984cae8055e74">More...</a><br/></td></tr>
<tr class="separator:a2c6d592f663cee4e494984cae8055e74"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a33547285acc816ce627c5b5c74470c13"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a33547285acc816ce627c5b5c74470c13">SIMPLESIGNING_POLICY_RULE</a>   "SimpleSigning"</td></tr>
<tr class="memdesc:a33547285acc816ce627c5b5c74470c13"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for protocol message "blob" signing. <a href="#a33547285acc816ce627c5b5c74470c13">More...</a><br/></td></tr>
<tr class="separator:a33547285acc816ce627c5b5c74470c13"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:af3ae19557bca0fa80db28a6166aa1642"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#af3ae19557bca0fa80db28a6166aa1642">XMLSIGNING_POLICY_RULE</a>   "XMLSigning"</td></tr>
<tr class="memdesc:af3ae19557bca0fa80db28a6166aa1642"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for protocol message XML signing. <a href="#af3ae19557bca0fa80db28a6166aa1642">More...</a><br/></td></tr>
<tr class="separator:af3ae19557bca0fa80db28a6166aa1642"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:aec1f117f08ebf332890cf33b69c55d94"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#aec1f117f08ebf332890cf33b69c55d94">SAML1BROWSERSSO_POLICY_RULE</a>   "SAML1BrowserSSO"</td></tr>
<tr class="memdesc:aec1f117f08ebf332890cf33b69c55d94"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for SAML 1.x Browser SSO profile validation. <a href="#aec1f117f08ebf332890cf33b69c55d94">More...</a><br/></td></tr>
<tr class="separator:aec1f117f08ebf332890cf33b69c55d94"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a050debb12286016a155e2f4b0fc5b9be"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="a00076.html#a050debb12286016a155e2f4b0fc5b9be">BEARER_POLICY_RULE</a>   "Bearer"</td></tr>
<tr class="memdesc:a050debb12286016a155e2f4b0fc5b9be"><td class="mdescLeft"> </td><td class="mdescRight">SecurityPolicyRule for SAML 2.0 bearer SubjectConfirmation. <a href="#a050debb12286016a155e2f4b0fc5b9be">More...</a><br/></td></tr>
<tr class="separator:a050debb12286016a155e2f4b0fc5b9be"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
Functions</h2></td></tr>
<tr class="memitem:a0cae3fcb284f9a7a4c5b666e4b015a2e"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="a0cae3fcb284f9a7a4c5b666e4b015a2e"></a>
void </td><td class="memItemRight" valign="bottom"><a class="el" href="a00119.html#a0cae3fcb284f9a7a4c5b666e4b015a2e">opensaml::registerSecurityPolicyRules</a> ()</td></tr>
<tr class="memdesc:a0cae3fcb284f9a7a4c5b666e4b015a2e"><td class="mdescLeft"> </td><td class="mdescRight">Registers <a class="el" href="a00061.html" title="A rule that a protocol request and message must meet in order to be valid and secure. ">SecurityPolicyRule</a> plugins into the runtime. <br/></td></tr>
<tr class="separator:a0cae3fcb284f9a7a4c5b666e4b015a2e"><td class="memSeparator" colspan="2"> </td></tr>
</table>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<div class="textblock"><p>Licensed to the University Corporation for Advanced Internet Development, Inc. </p>
<p>(UCAID) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership.</p>
<p>UCAID licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at</p>
<p><a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a></p>
<p>Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.</p>
<p>Policy rules that secure and authenticate bindings. </p>
</div><h2 class="groupheader">Macro Definition Documentation</h2>
<a class="anchor" id="a050debb12286016a155e2f4b0fc5b9be"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define BEARER_POLICY_RULE   "Bearer"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for SAML 2.0 bearer SubjectConfirmation. </p>
<p>Optionally enforces message delivery requirements based on SubjectConfirmationData.</p>
<p>The XML attributes "checkValidity", "checkRecipient", and "checkCorrelation" can be set "false" to disable checks of NotBefore/NotOnOrAfter, Recipient, and InResponseTo confirmation data respectively. </p>
</div>
</div>
<a class="anchor" id="a46014daed43833842e1389d1dc5f073d"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define CLIENTCERTAUTH_POLICY_RULE   "ClientCertAuth"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for TLS client certificate authentication. </p>
<p>Evaluates client certificates against the issuer's metadata. </p>
</div>
</div>
<a class="anchor" id="a7bfa878a43995fe5fc200fcb000aa90f"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define MESSAGEFLOW_POLICY_RULE   "MessageFlow"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for replay detection and freshness checking. </p>
<p>A ReplayCache instance must be available from the runtime, unless a "checkReplay" XML attribute is set to "0" or "false" when instantiating the policy rule.</p>
<p>Messages must have been issued in the past, but no more than 60 seconds ago, or up to a number of seconds set by an "expires" XML attribute when instantiating the policy rule. </p>
</div>
</div>
<a class="anchor" id="a2c6d592f663cee4e494984cae8055e74"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define NULLSECURITY_POLICY_RULE   "NullSecurity"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for disabling security. </p>
<p>Allows the message issuer to be authenticated regardless of the message or transport. Used mainly for debugging or in situations that I wouldn't care to comment on. </p>
</div>
</div>
<a class="anchor" id="aec1f117f08ebf332890cf33b69c55d94"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define SAML1BROWSERSSO_POLICY_RULE   "SAML1BrowserSSO"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for SAML 1.x Browser SSO profile validation. </p>
<p>Enforces presence of time conditions and proper subject confirmation. </p>
</div>
</div>
<a class="anchor" id="a33547285acc816ce627c5b5c74470c13"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define SIMPLESIGNING_POLICY_RULE   "SimpleSigning"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for protocol message "blob" signing. </p>
<p>Allows the message issuer to be authenticated using a non-XML digital signature over the message body. The transport layer is not considered. </p>
</div>
</div>
<a class="anchor" id="af3ae19557bca0fa80db28a6166aa1642"></a>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define XMLSIGNING_POLICY_RULE   "XMLSigning"</td>
</tr>
</table>
</div><div class="memdoc">
<p>SecurityPolicyRule for protocol message XML signing. </p>
<p>Allows the message issuer to be authenticated using an XML digital signature over the message. The transport layer is not considered. </p>
</div>
</div>
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<ul>
<li class="navelem"><a class="el" href="dir_46c84e960abbb361e03e3b971d112f49.html">saml</a></li><li class="navelem"><a class="el" href="dir_99f898c0794a93aa9682cf4a20a19b78.html">binding</a></li><li class="navelem"><a class="el" href="a00076.html">SecurityPolicyRule.h</a></li>
<li class="footer">Generated on Sat Oct 19 2013 08:32:20 for opensaml-2.5.2 by
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.5 </li>
</ul>
</div>
</body>
</html>
