This attribute allows you to specify a policy-related directive for a resource. If a service provider wants to use an unsupported directive, the request will fail. The following table describes the available options.
Table 7–1 Policy-Related Directives
Directive |
Purpose |
---|---|
AuthorizeRequester |
The Discovery Service should include a SAML assertion (containing an AuthenticationStatement) in its responses to enable the client to authenticate to the service instance hosting the resource. |
AuthenticateSessionContext |
The Discovery Service should include a SAML assertion (containing a SessionContextStatement) in its responses that indicate the status of the session. |
AuthorizeRequestor |
The Discovery Service should include a SAML assertion (containing a ResourceAccessStatement) in its responses that indicate whether the client is allowed to access the resource. |
EncryptResourceID |
The Discovery Service should encrypt the resource identifier in responses to all clients. |
GenerateBearerToken |
For use with Bearer Token Authentication, the Discovery Service should generate a token that grants the bearer permission to access the resource. |