From 1bd53a888d71d2c3af2bb9df02846f92dae9c5ee Mon Sep 17 00:00:00 2001
From: Mischa Salle <msalle@nikhef.nl>
Date: Fri, 5 Aug 2016 15:29:33 +0200
Subject: [PATCH] Add two new attributes for IOTA CA support.

Add two new attributes
- http://authz-interop.org/xacml/subject/ca-policy-oid
- http://authz-interop.org/xacml/subject/ca-policy-names
which are needed to create policies which selectively allow VO+CA combinations.
---
 src/main/config/attribute-mappings.ini | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/main/config/attribute-mappings.ini b/src/main/config/attribute-mappings.ini
index cb20b93..0c52191 100644
--- a/src/main/config/attribute-mappings.ini
+++ b/src/main/config/attribute-mappings.ini
@@ -31,6 +31,18 @@ pfqan.xacml-datatype = http://glite.org/xacml/datatype/fqan
 pfqan.xacml-target-element = subject
 pfqan.xacml-match-function = http://glite.org/xacml/algorithm/fqan-match
 
+id = ca-policy-oid
+ca-policy-oid.xacml-id = http://authz-interop.org/xacml/subject/ca-policy-oid
+ca-policy-oid.xacml-datatype = http://www.w3.org/2001/XMLSchema#string
+ca-policy-oid.xacml-target-element = subject
+ca-policy-oid.xacml-match-function = urn:oasis:names:tc:xacml:1.0:function:string-equal
+
+id = ca-policy-names
+ca-policy-names.xacml-id = http://authz-interop.org/xacml/subject/ca-policy-names
+ca-policy-names.xacml-datatype = http://www.w3.org/2001/XMLSchema#string
+ca-policy-names.xacml-target-element = subject
+ca-policy-names.xacml-match-function = urn:oasis:names:tc:xacml:1.0:function:string-equal
+
 id = resource
 resource.xacml-id = urn:oasis:names:tc:xacml:1.0:resource:resource-id
 resource.xacml-datatype = http://www.w3.org/2001/XMLSchema#string