1 <?xml version="1.0" encoding="UTF-8"?>
3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:basic"
4 xmlns="http://www.w3.org/2001/XMLSchema"
5 xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
6 xmlns:afp="urn:mace:shibboleth:2.0:afp"
7 elementFormDefault="qualified"
10 <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
12 <!-- Blanket Match Function -->
13 <complexType name="ANY">
15 <documentation>A match function that evaluates to true.</documentation>
18 <extension base="afp:MatchFunctorType" />
22 <!-- Boolean Match Functions -->
23 <complexType name="AND">
26 A match function that performs a logical AND on the results of all contained matching functions.
30 <extension base="afp:MatchFunctorType">
31 <choice minOccurs="2" maxOccurs="unbounded">
32 <element name="Rule" type="afp:MatchFunctorType">
35 The set of match function rules to be ANDed.
39 <element name="RuleReference" type="afp:ReferenceType">
42 The set of match function rules to be ANDed.
51 <complexType name="OR">
54 A match function that performs a logical OR on the results of all contained matching functions.
58 <extension base="afp:MatchFunctorType">
59 <choice minOccurs="2" maxOccurs="unbounded">
60 <element name="Rule" type="afp:MatchFunctorType">
63 The set of match function rules to be ANDed.
67 <element name="RuleReference" type="afp:ReferenceType">
70 The set of match function rules to be ANDed.
79 <complexType name="NOT">
82 A match function that performs a logical NOT on the result of the contained matching function.
86 <extension base="afp:MatchFunctorType">
88 <element name="Rule" type="afp:MatchFunctorType">
91 The set of match function rules to be ANDed.
95 <element name="RuleReference" type="afp:ReferenceType">
98 The set of match function rules to be ANDed.
107 <!-- Literal String Match Functions -->
108 <complexType name="AttributeRequesterString">
111 A match function that matches the attribute request against the specified value.
115 <extension base="basic:StringMatchType" />
119 <complexType name="AttributeIssuerString">
122 A match function that matches the attribute issuer against the specified value.
126 <extension base="basic:StringMatchType" />
130 <complexType name="PrincipalNameString">
132 <documentation>A match function that matches the principal name against the specified value.</documentation>
135 <extension base="basic:StringMatchType" />
139 <complexType name="AuthenticationMethodString">
142 A match function that matches the authentication method against the specified value.
146 <extension base="basic:StringMatchType" />
150 <complexType name="AttributeValueString">
153 A match function that matches the value of an attribute against the specified value. This match
154 evaluates to true if the attribute contains the specified value.
158 <extension base="basic:AttributeTargetedStringMatchType" />
162 <complexType name="AttributeScopeString">
165 A match function that matches the attribute scope against the specified value.
169 <extension base="basic:AttributeTargetedStringMatchType" />
173 <complexType name="AttributeTargetedStringMatchType" abstract="true">
175 <extension base="basic:StringMatchType">
176 <attribute name="attributeID" type="string">
179 The ID of the attribute whose value should be matched. If no attribute ID is specified the
180 ID of the containing attribute rule is assumed.
188 <complexType name="StringMatchType" abstract="true">
190 <extension base="afp:MatchFunctorType">
191 <attribute name="value" type="string" use="required">
193 <documentation>The string value to match.</documentation>
196 <attribute name="ignoreCase" type="boolean">
199 A boolean flag indicating whether case should be ignored when evaluating the match.
207 <!-- Regular Expression Match Functions -->
208 <complexType name="AttributeRequesterRegex">
211 A match function that matches the attribute requester against the specified regular expression.
215 <extension base="basic:RegexMatchType" />
219 <complexType name="AttributeIssuerRegex">
222 A match function that matches the attribute issuer against the specified regular expression.
226 <extension base="basic:RegexMatchType" />
230 <complexType name="PrincipalNameRegex">
233 A match function that matches the principal name against the specified regular expression.
237 <extension base="basic:RegexMatchType" />
241 <complexType name="AuthenticationMethodRegex">
244 A match function that matches the authentication method against the specified regular expression.
248 <extension base="basic:RegexMatchType" />
252 <complexType name="AttributeValueRegex">
255 A match function that matches an attribute value against the specified regular expression. This function
256 evaluates to true if any value matches the given expression.
260 <extension base="basic:AttributeTargetedRegexMatchType" />
264 <complexType name="AttributeScopeRegex">
267 A match function that matches the attribute scope against the specified regular expression.
271 <extension base="basic:AttributeTargetedRegexMatchType" />
275 <complexType name="AttributeTargetedRegexMatchType" abstract="true">
277 <extension base="basic:RegexMatchType">
278 <attribute name="attributeID" type="string">
281 The ID of the attribute whose value should be matched. If no attribute ID is specified the
282 ID of the containing attribute rule is assumed.
290 <complexType name="RegexMatchType" abstract="true">
292 <extension base="afp:MatchFunctorType">
293 <attribute name="regex" type="string" use="required">
295 <documentation>The regular expression values are matched against.</documentation>
298 <attribute name="options" type="string">
300 <documentation>The regular expression options to apply.</documentation>
307 <!-- Misc. Functions -->
308 <complexType name="Script">
311 A match function that evaluates a script to determine if some criteria is met. The script MUST return a
316 <extension base="afp:MatchFunctorType">
318 <element name="Script" type="string" minOccurs="0">
320 <documentation>The script to evaluate to construct the attribute.</documentation>
323 <element name="ScriptFile" type="string" minOccurs="0">
326 The filesystem path to the script to evaluate to construct the attribute.
331 <attribute name="language" type="string">
334 The JSR-233 name for the scripting language that will be used. By default "javascript" is
343 <complexType name="NumberOfAttributeValues">
346 A match function that evaluates to true if the given attribute has as a number of values that falls
347 between the minimum and maximum. This method may be used as a sanity check to ensure that an unexpected
348 number of values did not come from the attribute resolver and be released.
352 <extension base="afp:MatchFunctorType">
353 <attribute name="attributeID" type="string" use="required">
355 <documentation>The ID of the attribute whose value should be matched.</documentation>
358 <attribute name="minimum" type="nonNegativeInteger">
360 <documentation>Minimum number of values an attribute may have.</documentation>
363 <attribute name="maximum" type="positiveInteger">
365 <documentation>Maximum number of values an attribute may have.</documentation>