Shawn, A while back we discussed adding a new type of Role Constraint to support "attribute" based permissions (http://mail-archives.apache.org/mod_mbox/directory-fortress/201601.mbox/browser). I think I'm almost ready to merge into master, but would like you to take a look since there are a lot of changes. (https://github.com/PennState/directory-fortress-core-1/tree/feature/addPermAttrAndUserRoleConstraints).
The high level overview 1. Permissions can now point at one to many Permission Attribute Sets (paSet) 2. A paSet defines one to many Permission Attributes (pa) 3. There is now a new FILTER role constraint type. Fortress doesn't care about the actual value of the role constraint, so it is up to client to set and use the constraint data however they want. Thanks, ~Chris P.
