Clarify documentation on whitelists and blacklists

Some references to whitelisting and blacklisting was confusing in the mapping documentation. This commit attempts to clarify the wording and purpose for both whitelists and blacklists. Change-Id: I09f4762f03824acc689600c8561fe99ea113ad9a Closes-Bug: 1693690
2017-07-26 20:48:19 +00:00 · 2017-07-26 20:48:19 +00:00 · 0331a11842
parent 7569c0a6bf
commit 0331a11842
1 changed files with 7 additions and 5 deletions
--- a/doc/source/advanced-topics/federation/mapping_combinations.rst
+++ b/doc/source/advanced-topics/federation/mapping_combinations.rst
@ -208,12 +208,14 @@ is passed as input.
 in the remote attribute type. Condition result is boolean, not the argument that
 is passed as input.

-``blacklist``: The rule allows all except a specified set of groups. Condition
-result is the argument(s) passed as input minus what was matched in the
-blacklist.
+``blacklist``: This rule removes all groups matched from the assertion. It is
+not intended to be used as a way to prevent users, or groups of users, from
+accessing the service provider. The output from filtering through a blacklist
+will be all groups from the assertion that were not listed in the blacklist.

-``whitelist``: The rules allows a specified set of groups. Condition result is
-the argument(s) passed as input and is/are also present in the whitelist.
+``whitelist``: This rule explicitly states which groups should be carried over
+from the assertion. The result is the groups present in the assertion and in
+the whitelist.

 .. NOTE::