1 <?xml version="1.0" encoding="UTF-8"?>
3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:basic"
4 xmlns="http://www.w3.org/2001/XMLSchema"
5 xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
6 xmlns:afp="urn:mace:shibboleth:2.0:afp"
7 elementFormDefault="qualified">
9 <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
11 <!-- Blanket Match Function -->
12 <complexType name="ANY">
14 <documentation>A match function that evaluates to true.</documentation>
17 <extension base="afp:MatchFunctorType" />
21 <!-- Boolean Match Functions -->
22 <complexType name="AND">
25 A match function that performs a logical AND on the results of all contained matching functions.
29 <extension base="afp:MatchFunctorType">
30 <choice minOccurs="2" maxOccurs="unbounded">
31 <element name="Rule" type="afp:MatchFunctorType">
34 The set of match function rules to be ANDed.
38 <element name="RuleReference" type="afp:ReferenceType">
41 The set of match function rules to be ANDed.
50 <complexType name="OR">
53 A match function that performs a logical OR on the results of all contained matching functions.
57 <extension base="afp:MatchFunctorType">
58 <choice minOccurs="2" maxOccurs="unbounded">
59 <element name="Rule" type="afp:MatchFunctorType">
62 The set of match function rules to be ANDed.
66 <element name="RuleReference" type="afp:ReferenceType">
69 The set of match function rules to be ANDed.
78 <complexType name="NOT">
81 A match function that performs a logical NOT on the resultof the contained matching function.
85 <extension base="afp:MatchFunctorType">
87 <element name="Rule" type="afp:MatchFunctorType">
90 The set of match function rules to be ANDed.
94 <element name="RuleReference" type="afp:ReferenceType">
97 The set of match function rules to be ANDed.
106 <!-- Literal String Match Functions -->
107 <complexType name="AttributeRequesterString">
110 A match function that matches the attribute request against the specified value.
114 <extension base="basic:StringMatchType" />
118 <complexType name="AttributeIssuerString">
121 A match function that matches the attribute issuer against the specified value.
125 <extension base="basic:StringMatchType" />
129 <complexType name="PrincipalNameString">
131 <documentation>A match function that matches the principal name against the specified value.</documentation>
134 <extension base="basic:StringMatchType" />
138 <complexType name="AuthenticationMethodString">
141 A match function that matches the authentication method against the specified value.
145 <extension base="basic:StringMatchType" />
149 <complexType name="AttributeValueString">
152 A match function that matches the value of an attribute against the specified value. This match
153 evaluates to true if the attribute contains the specified value.
157 <extension base="basic:AttributeTargetedStringMatchType" />
161 <complexType name="AttributeScopeString">
164 A match function that matches the attribute scope against the specified value.
168 <extension base="basic:AttributeTargetedStringMatchType" />
172 <complexType name="AttributeTargetedStringMatchType" abstract="true">
174 <extension base="basic:StringMatchType">
175 <attribute name="attributeID" type="string">
178 The ID of the attribute whose value should be matched. If no attribute ID is specified the
179 ID of the containing attribute rule is assumed.
187 <complexType name="StringMatchType" abstract="true">
189 <extension base="afp:MatchFunctorType">
190 <attribute name="value" type="string" use="required">
192 <documentation>The string value to match.</documentation>
195 <attribute name="ignoreCase" type="boolean" default="false">
198 A boolean flag indicating whether case should be ignored when evaluating the match.
206 <!-- Regular Expression Match Functions -->
207 <complexType name="AttributeRequesterRegex">
210 A match function that matches the attribute requester against the specified regular expression.
214 <extension base="basic:RegexMatchType" />
218 <complexType name="AttributeIssuerRegex">
221 A match function that matches the attribute issuer against the specified regular expression.
225 <extension base="basic:RegexMatchType" />
229 <complexType name="PrincipalNameRegex">
232 A match function that matches the principal name against the specified regular expression.
236 <extension base="basic:RegexMatchType" />
240 <complexType name="AuthenticationMethodRegex">
243 A match function that matches the authentication method against the specified regular expression.
247 <extension base="basic:RegexMatchType" />
251 <complexType name="AttributeValueRegex">
254 A match function that matches an attribute value against the specified regular expression. This function
255 evaluates to true if any value matches the given expression
259 <extension base="basic:AttributeTargetedRegexMatchType" />
263 <complexType name="AttributeScopeRegex">
266 A match function that matches the attribute scope against the specified regular expression.
270 <extension base="basic:AttributeTargetedRegexMatchType" />
274 <complexType name="AttributeTargetedRegexMatchType">
276 <extension base="basic:RegexMatchType">
277 <attribute name="attributeID" type="string">
280 The ID of the attribute whose value should be matched. If no attribute ID is specified the
281 ID of the containing attribute rule is assumed.
289 <complexType name="RegexMatchType" abstract="true">
291 <extension base="afp:MatchFunctorType">
292 <attribute name="regex" type="string" use="required">
294 <documentation>The regular expression values are matched against.</documentation>
297 <attribute name="options" type="string">
299 <documentation>The regular expression options to apply.</documentation>
306 <!-- Misc. Functions -->
307 <complexType name="Script">
310 A match function that evaluates a script to determine if some criteria is met. The script MUST return a
315 <extension base="afp:MatchFunctorType">
317 <element name="Script" type="string" minOccurs="0">
319 <documentation>The script to evaluate to construct the attribute.</documentation>
322 <element name="ScriptFile" type="string" minOccurs="0">
325 The filesystem path to the script to evaluate to construct the attribute.
330 <attribute name="language" type="string" default="javascript">
333 The JSR-233 name for the scripting language that will be used. By default "javascript" is
342 <complexType name="NumberOfAttributeValues">
345 A match function that evaluates to true if the given attribute has as a number of values that falls
346 between the minimum and maximum. This method may be used as a sanity check to ensure that an unexpected
347 number of values did not come from the attribute resolver and be released.
351 <extension base="afp:MatchFunctorType">
352 <attribute name="attributeID" type="string" use="required">
354 <documentation>The ID of the attribute whose value should be matched.</documentation>
357 <attribute name="minimum" type="nonNegativeInteger" default="0">
359 <documentation>Minimum number of values an attribute may have.</documentation>
362 <attribute name="maximum" type="positiveInteger" default="2147483647">
364 <documentation>Maximum number of values an attribute may have.</documentation>