1 <?xml version="1.0" encoding="UTF-8"?>
3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp"
4 xmlns="http://www.w3.org/2001/XMLSchema"
5 xmlns:afp="urn:mace:shibboleth:2.0:afp"
6 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
7 elementFormDefault="qualified">
9 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="classpath:/schema/xmldsig-core-schema.xsd" />
12 <documentation>Schema for the attribute filter policies.</documentation>
15 <element name="AttributeFilterPolicyGroup" type="afp:AttributeFilterPolicyGroupType">
18 Root element of the attribute filter policy. Represents a named group of filter policies.
22 <complexType name="AttributeFilterPolicyGroupType">
24 <extension base="afp:IdentityType">
26 <element ref="afp:PolicyRequirementRule" minOccurs="0" maxOccurs="unbounded">
29 Defines a set of applications requirements that may be reused across multiple filter
34 <element ref="afp:PermitValueRule" minOccurs="0" maxOccurs="unbounded">
37 Defines a permit value rule that may be reused across multiple attribute rules.
41 <element ref="afp:DenyValueRule" minOccurs="0" maxOccurs="unbounded">
44 Defines a deny value rule that may be reused across multiple attribute rules.
48 <element ref="afp:AttributeRule" minOccurs="0" maxOccurs="unbounded">
51 Defines an attribute rule that may be reused across multiple filter policies.
55 <element ref="afp:AttributeFilterPolicy" minOccurs="0" maxOccurs="unbounded">
58 A policy that defines the set of attribute value filters that will be applied if its
59 application requirements are met.
63 <element ref="ds:Signature" minOccurs="0">
66 Digital signature for the policy. Policies that are fetched from an external source,
67 such as a federation site, should be signed.
76 <element name="AttributeFilterPolicy" type="afp:AttributeFilterPolicyType">
79 A policy that defines a set of attribute value filters rules that should be used if given requirements
84 <complexType name="AttributeFilterPolicyType">
86 <extension base="afp:IdentityType">
89 <element ref="afp:PolicyRequirementRule">
92 A requirement that if met signals that this filter policy should be used.
96 <element name="PolicyRequirementRuleReference" type="afp:ReferenceType">
99 Reference to a PolicyRequirement defined within this policy group or another.
104 <choice minOccurs="0" maxOccurs="unbounded">
105 <element ref="afp:AttributeRule">
108 A rule that describes how values of an attribute will be filtered.
112 <element name="AttributeRuleReference" type="afp:ReferenceType">
115 Reference to a AttributeRule defined within this policy group or another.
125 <element name="AttributeRule" type="afp:AttributeRuleType">
127 <documentation>A rule that describes how values of an attribute will be filtered.</documentation>
130 <complexType name="AttributeRuleType">
132 <extension base="afp:IdentityType">
134 <choice minOccurs="0">
135 <element ref="afp:PermitValueRule" />
136 <element name="PermitValueRuleReference" type="afp:ReferenceType">
139 Reference to a PermitValueRule defined within this policy group or another.
144 <choice minOccurs="0">
145 <element ref="afp:DenyValueRule" />
146 <element name="DenyValueRuleReference" type="afp:ReferenceType">
149 Reference to a DenyValueRule defined within this policy group or another.
155 <attribute name="attributeID" type="string" use="required">
157 <documentation>The ID of the attribute to which this rule applies.</documentation>
164 <element name="PolicyRequirementRule" type="afp:MatchFunctorType">
166 <documentation>A requirement that if met signals that a filter policy should be used.</documentation>
169 <element name="PermitValueRule" type="afp:MatchFunctorType">
172 A filter for attribute values. If the filter evaluates to true the value is permitted to be released.
176 <element name="DenyValueRule" type="afp:MatchFunctorType">
179 A filter for attribute values. If the filter evaluates to true the value is denied and may not be released.
183 <complexType name="MatchFunctorType" abstract="true">
185 <extension base="afp:IdentityType" />
189 <complexType name="IdentityType">
190 <attribute name="id" type="string">
192 <documentation>An ID, unique within the policy and component type.</documentation>
197 <complexType name="ReferenceType">
198 <attribute name="ref" type="string">
200 <documentation>Used to reference a globally defined policy component.</documentation>