1 <?xml version="1.0" encoding="US-ASCII"?>
\r
3 targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
\r
4 xmlns="http://www.w3.org/2001/XMLSchema"
\r
5 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
\r
6 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
\r
7 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
\r
8 elementFormDefault="unqualified"
\r
9 attributeFormDefault="unqualified"
\r
10 blockDefault="substitution"
\r
12 <import namespace="http://www.w3.org/2000/09/xmldsig#"
\r
13 schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
\r
14 <import namespace="http://www.w3.org/2001/04/xmlenc#"
\r
15 schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
\r
18 Document identifier: saml-schema-assertion-2.0
\r
19 Location: http://docs.oasis-open.org/security/saml/v2.0/
\r
21 V1.0 (November, 2002):
\r
22 Initial Standard Schema.
\r
23 V1.1 (September, 2003):
\r
24 Updates within the same V1.0 namespace.
\r
26 New assertion schema for SAML V2.0 namespace.
\r
29 <attributeGroup name="IDNameQualifiers">
\r
30 <attribute name="NameQualifier" type="string" use="optional"/>
\r
31 <attribute name="SPNameQualifier" type="string" use="optional"/>
\r
33 <element name="BaseID" type="saml:BaseIDAbstractType"/>
\r
34 <complexType name="BaseIDAbstractType" abstract="true">
\r
35 <attributeGroup ref="saml:IDNameQualifiers"/>
\r
37 <element name="NameID" type="saml:NameIDType"/>
\r
38 <complexType name="NameIDType">
\r
40 <extension base="string">
\r
41 <attributeGroup ref="saml:IDNameQualifiers"/>
\r
42 <attribute name="Format" type="anyURI" use="optional"/>
\r
43 <attribute name="SPProvidedID" type="string" use="optional"/>
\r
47 <complexType name="EncryptedElementType">
\r
49 <element ref="xenc:EncryptedData"/>
\r
50 <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
\r
53 <element name="EncryptedID" type="saml:EncryptedElementType"/>
\r
54 <element name="Issuer" type="saml:NameIDType"/>
\r
55 <element name="AssertionIDRef" type="NCName"/>
\r
56 <element name="AssertionURIRef" type="anyURI"/>
\r
57 <element name="Assertion" type="saml:AssertionType"/>
\r
58 <complexType name="AssertionType">
\r
60 <element ref="saml:Issuer"/>
\r
61 <element ref="ds:Signature" minOccurs="0"/>
\r
62 <element ref="saml:Subject" minOccurs="0"/>
\r
63 <element ref="saml:Conditions" minOccurs="0"/>
\r
64 <element ref="saml:Advice" minOccurs="0"/>
\r
65 <choice minOccurs="0" maxOccurs="unbounded">
\r
66 <element ref="saml:Statement"/>
\r
67 <element ref="saml:AuthnStatement"/>
\r
68 <element ref="saml:AuthzDecisionStatement"/>
\r
69 <element ref="saml:AttributeStatement"/>
\r
72 <attribute name="Version" type="string" use="required"/>
\r
73 <attribute name="ID" type="ID" use="required"/>
\r
74 <attribute name="IssueInstant" type="dateTime" use="required"/>
\r
76 <element name="Subject" type="saml:SubjectType"/>
\r
77 <complexType name="SubjectType">
\r
81 <element ref="saml:BaseID"/>
\r
82 <element ref="saml:NameID"/>
\r
83 <element ref="saml:EncryptedID"/>
\r
85 <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
\r
87 <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
\r
90 <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
\r
91 <complexType name="SubjectConfirmationType">
\r
93 <choice minOccurs="0">
\r
94 <element ref="saml:BaseID"/>
\r
95 <element ref="saml:NameID"/>
\r
96 <element ref="saml:EncryptedID"/>
\r
98 <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
\r
100 <attribute name="Method" type="anyURI" use="required"/>
\r
102 <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
\r
103 <complexType name="SubjectConfirmationDataType" mixed="true">
\r
105 <restriction base="anyType">
\r
107 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
109 <attribute name="NotBefore" type="dateTime" use="optional"/>
\r
110 <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
\r
111 <attribute name="Recipient" type="anyURI" use="optional"/>
\r
112 <attribute name="InResponseTo" type="NCName" use="optional"/>
\r
113 <attribute name="Address" type="string" use="optional"/>
\r
114 <anyAttribute namespace="##other" processContents="lax"/>
\r
118 <complexType name="KeyInfoConfirmationDataType" mixed="false">
\r
120 <restriction base="saml:SubjectConfirmationDataType">
\r
122 <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
\r
127 <element name="Conditions" type="saml:ConditionsType"/>
\r
128 <complexType name="ConditionsType">
\r
129 <choice minOccurs="0" maxOccurs="unbounded">
\r
130 <element ref="saml:Condition"/>
\r
131 <element ref="saml:AudienceRestriction"/>
\r
132 <element ref="saml:OneTimeUse"/>
\r
133 <element ref="saml:ProxyRestriction"/>
\r
135 <attribute name="NotBefore" type="dateTime" use="optional"/>
\r
136 <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
\r
138 <element name="Condition" type="saml:ConditionAbstractType"/>
\r
139 <complexType name="ConditionAbstractType" abstract="true"/>
\r
140 <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
\r
141 <complexType name="AudienceRestrictionType">
\r
143 <extension base="saml:ConditionAbstractType">
\r
145 <element ref="saml:Audience" maxOccurs="unbounded"/>
\r
150 <element name="Audience" type="anyURI"/>
\r
151 <element name="OneTimeUse" type="saml:OneTimeUseType" />
\r
152 <complexType name="OneTimeUseType">
\r
154 <extension base="saml:ConditionAbstractType"/>
\r
157 <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
\r
158 <complexType name="ProxyRestrictionType">
\r
160 <extension base="saml:ConditionAbstractType">
\r
162 <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
\r
164 <attribute name="Count" type="nonNegativeInteger" use="optional"/>
\r
168 <element name="Advice" type="saml:AdviceType"/>
\r
169 <complexType name="AdviceType">
\r
170 <choice minOccurs="0" maxOccurs="unbounded">
\r
171 <element ref="saml:AssertionIDRef"/>
\r
172 <element ref="saml:AssertionURIRef"/>
\r
173 <element ref="saml:Assertion"/>
\r
174 <element ref="saml:EncryptedAssertion"/>
\r
175 <any namespace="##other" processContents="lax"/>
\r
178 <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
\r
179 <element name="Statement" type="saml:StatementAbstractType"/>
\r
180 <complexType name="StatementAbstractType" abstract="true"/>
\r
181 <element name="AuthnStatement" type="saml:AuthnStatementType"/>
\r
182 <complexType name="AuthnStatementType">
\r
184 <extension base="saml:StatementAbstractType">
\r
186 <element ref="saml:SubjectLocality" minOccurs="0"/>
\r
187 <element ref="saml:AuthnContext"/>
\r
189 <attribute name="AuthnInstant" type="dateTime" use="required"/>
\r
190 <attribute name="SessionIndex" type="string" use="optional"/>
\r
191 <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
\r
195 <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
\r
196 <complexType name="SubjectLocalityType">
\r
197 <attribute name="Address" type="string" use="optional"/>
\r
198 <attribute name="DNSName" type="string" use="optional"/>
\r
200 <element name="AuthnContext" type="saml:AuthnContextType"/>
\r
201 <complexType name="AuthnContextType">
\r
205 <element ref="saml:AuthnContextClassRef"/>
\r
206 <choice minOccurs="0">
\r
207 <element ref="saml:AuthnContextDecl"/>
\r
208 <element ref="saml:AuthnContextDeclRef"/>
\r
212 <element ref="saml:AuthnContextDecl"/>
\r
213 <element ref="saml:AuthnContextDeclRef"/>
\r
216 <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
\r
219 <element name="AuthnContextClassRef" type="anyURI"/>
\r
220 <element name="AuthnContextDeclRef" type="anyURI"/>
\r
221 <element name="AuthnContextDecl" type="anyType"/>
\r
222 <element name="AuthenticatingAuthority" type="anyURI"/>
\r
223 <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
\r
224 <complexType name="AuthzDecisionStatementType">
\r
226 <extension base="saml:StatementAbstractType">
\r
228 <element ref="saml:Action" maxOccurs="unbounded"/>
\r
229 <element ref="saml:Evidence" minOccurs="0"/>
\r
231 <attribute name="Resource" type="anyURI" use="required"/>
\r
232 <attribute name="Decision" type="saml:DecisionType" use="required"/>
\r
236 <simpleType name="DecisionType">
\r
237 <restriction base="string">
\r
238 <enumeration value="Permit"/>
\r
239 <enumeration value="Deny"/>
\r
240 <enumeration value="Indeterminate"/>
\r
243 <element name="Action" type="saml:ActionType"/>
\r
244 <complexType name="ActionType">
\r
246 <extension base="string">
\r
247 <attribute name="Namespace" type="anyURI" use="required"/>
\r
251 <element name="Evidence" type="saml:EvidenceType"/>
\r
252 <complexType name="EvidenceType">
\r
253 <choice maxOccurs="unbounded">
\r
254 <element ref="saml:AssertionIDRef"/>
\r
255 <element ref="saml:AssertionURIRef"/>
\r
256 <element ref="saml:Assertion"/>
\r
257 <element ref="saml:EncryptedAssertion"/>
\r
260 <element name="AttributeStatement" type="saml:AttributeStatementType"/>
\r
261 <complexType name="AttributeStatementType">
\r
263 <extension base="saml:StatementAbstractType">
\r
264 <choice maxOccurs="unbounded">
\r
265 <element ref="saml:Attribute"/>
\r
266 <element ref="saml:EncryptedAttribute"/>
\r
271 <element name="Attribute" type="saml:AttributeType"/>
\r
272 <complexType name="AttributeType">
\r
274 <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
\r
276 <attribute name="Name" type="string" use="required"/>
\r
277 <attribute name="NameFormat" type="anyURI" use="optional"/>
\r
278 <attribute name="FriendlyName" type="string" use="optional"/>
\r
279 <anyAttribute namespace="##other" processContents="lax"/>
\r
281 <element name="AttributeValue" type="anyType" nillable="true"/>
\r
282 <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
\r