1 <?xml version="1.0" encoding="UTF-8"?>
3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp"
4 xmlns="http://www.w3.org/2001/XMLSchema"
5 xmlns:afp="urn:mace:shibboleth:2.0:afp"
6 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
7 elementFormDefault="qualified">
\r
9 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="classpath:/schema/xmldsig-core-schema.xsd" />
\r
12 <documentation>Schema for the attribute filter policies.</documentation>
15 <element name="AttributeFilterPolicyGroup" type="afp:AttributeFilterPolicyGroupType">
18 Root element of the attribute filter policy. Represents a named group of filter policies.
22 <complexType name="AttributeFilterPolicyGroupType">
24 <extension base="afp:IdentityType">
26 <element ref="afp:PolicyRequirementRule" minOccurs="0" maxOccurs="unbounded">
29 Defines a set of applications requirements that may be reused across multiple filter
34 <element ref="afp:PermitValueRule" minOccurs="0" maxOccurs="unbounded">
37 Defines an attribute value filter that may be reused across multiple attribute rules.
41 <element ref="afp:AttributeRule" minOccurs="0" maxOccurs="unbounded">
44 Defines an attribute rule that may be reused across multiple filter policies.
48 <element ref="afp:AttributeFilterPolicy" minOccurs="0" maxOccurs="unbounded">
51 A policy that defines the set of attribute value filters that will be applied if its
52 application requirements are met.
56 <element ref="ds:Signature" minOccurs="0">
59 Digital signature for the policy. Policies that are fetched from an external source,
60 such as a federation site, should be signed.
69 <element name="AttributeFilterPolicy" type="afp:AttributeFilterPolicyType">
72 A policy that defines a set of attribute value filters rules that should be used if given requirements
77 <complexType name="AttributeFilterPolicyType">
79 <extension base="afp:IdentityType">
82 <element ref="afp:PolicyRequirementRule">
85 A requirement that if met signals that this filter policy should be used.
89 <element name="PolicyRequirementRuleReference" type="afp:ReferenceType">
92 Rerfence to a PolicyRequirement defined within this policy group or another.
97 <choice minOccurs="0" maxOccurs="unbounded">
98 <element ref="afp:AttributeRule">
101 A rule that describes how values of an attribute will be filtered.
105 <element name="AttributeRuleReference" type="afp:ReferenceType">
108 Rerfence to a AttribtueRule defined within this policy group or another.
118 <element name="AttributeRule" type="afp:AttributeRuleType">
120 <documentation>A rule that describes how values of an attribute will be filtered.</documentation>
123 <complexType name="AttributeRuleType">
125 <extension base="afp:IdentityType">
127 <element ref="afp:PermitValueRule">
130 A filter for attribute values. If the filter evaluates to true the value is permitted,
131 otherwise it is filtered out.
135 <element name="PermitValueRuleReference" type="afp:ReferenceType">
138 Rerfence to a PermitValueRule defined within this policy group or another.
143 <attribute name="attributeID" type="string" use="required">
145 <documentation>The ID of the attribute to which this rule applies.</documentation>
152 <element name="PolicyRequirementRule" type="afp:MatchFunctorType">
154 <documentation>A requirement that if met signals that a filter policy should be used.</documentation>
157 <element name="PermitValueRule" type="afp:MatchFunctorType">
160 A filter for attribtue values. If the filter evaluates to true the value is permitted, otherwise it is
165 <complexType name="MatchFunctorType" abstract="true">
167 <extension base="afp:IdentityType" />
171 <complexType name="IdentityType">
172 <attribute name="id" type="string">
174 <documentation>An ID, unique within the policy and component type.</documentation>
179 <complexType name="ReferenceType">
180 <attribute name="ref" type="string">
182 <documentation>Used to reference a globally defined policy component.</documentation>