1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0">
3 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
7 <!-- Status-Related Information -->
10 The following SAML sub-status codes are defined in this namespace:
13 Used with samlp:Responder, signals user wants real-time attribute release
16 Used with samlp:Requester, signals AA did not recognize handle as valid
19 <element name="RealTimeReleaseURL" type="anyURI">
21 <documentation xml:lang="en">Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</documentation>
26 <!-- Relaxes SAML AttributeValue type definition -->
28 <complexType name="AttributeValueType" mixed="true">
30 <documentation xml:lang="en">By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</documentation>
33 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
35 <anyAttribute namespace="##any" processContents="lax"/>
39 <!-- Attribute Acceptance Policies -->
41 <simpleType name="AttributeRuleValueType">
42 <restriction base="string">
43 <enumeration value="literal"/>
44 <enumeration value="regexp"/>
45 <enumeration value="xpath"/>
49 <complexType name="SiteRuleType">
51 <element name="Scope" minOccurs="0" maxOccurs="unbounded">
54 <extension base="string">
55 <attribute name="Accept" type="boolean" use="optional" default="true"/>
56 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
61 <choice minOccurs="0">
62 <element name="AnyValue">
67 <element name="Value" maxOccurs="unbounded">
70 <extension base="string">
71 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
80 <element name="AnySite" type="shib:SiteRuleType"/>
81 <element name="SiteRule">
84 <extension base="shib:SiteRuleType">
85 <attribute name="Name" type="string" use="required"/>
91 <complexType name="AttributeRuleType">
93 <element ref="shib:AnySite" minOccurs="0"/>
94 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
96 <attribute name="Name" type="string" use="required"/>
97 <attribute name="Namespace" type="string" use="optional"/>
98 <attribute name="Factory" type="string" use="optional"/>
99 <attribute name="Alias" type="string" use="optional"/>
100 <attribute name="Header" type="string" use="optional"/>
103 <element name="AttributeRule" type="shib:AttributeRuleType">
104 <key name="SiteRuleKey">
105 <selector xpath="./shib:SiteRule"/>
106 <field xpath="@Name"/>
110 <element name="AttributeAcceptancePolicy">
113 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
119 <!-- Shibboleth Metadata -->
121 <complexType name="SiteType">
123 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
126 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
129 <extension base="string">
130 <attribute ref="xml:lang"/>
135 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
137 <attribute name="Name" type="string" use="required"/>
138 <attribute name="ErrorURL" type="anyURI" use="optional"/>
141 <simpleType name="ContactTypeType">
142 <restriction base="string">
143 <enumeration value="technical"/>
144 <enumeration value="administrative"/>
145 <enumeration value="billing"/>
146 <enumeration value="other"/>
150 <complexType name="ContactType">
151 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
153 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
154 <attribute name="Name" type="string" use="required"/>
155 <attribute name="Email" type="string" use="optional"/>
158 <complexType name="regexp_string">
160 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
163 <extension base="string">
164 <attribute name="regexp" type="boolean" use="optional" default="false"/>
169 <complexType name="AuthorityType">
171 <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
174 <attribute name="Name" type="string" use="required"/>
175 <attribute name="Location" type="anyURI" use="required"/>
178 <complexType name="OriginSiteType">
180 <documentation xml:lang="en">Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</documentation>
183 <extension base="shib:SiteType">
185 <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
186 <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
187 <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
193 <complexType name="SiteGroupType">
195 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
198 <choice maxOccurs="unbounded">
199 <element ref="shib:OriginSite"/>
200 <element ref="shib:DestinationSite"/>
201 <element ref="shib:SiteGroup"/>
203 <element ref="ds:Signature" minOccurs="0"/>
205 <attribute name="Name" type="string" use="required"/>
208 <element name="OriginSite" type="shib:OriginSiteType"/>
209 <element name="DestinationSite" type="shib:SiteType"/>
210 <element name="SiteGroup" type="shib:SiteGroupType"/>
212 <complexType name="KeyAuthorityType">
214 <documentation xml:lang="en">Binds a set of keying material to one or more named system entities.</documentation>
217 <element ref="ds:KeyInfo"/>
218 <element name="Subject" type="shib:regexp_string" maxOccurs="unbounded"/>
222 <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
224 <element name="Trust">
226 <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
230 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
231 <element ref="ds:Signature" minOccurs="0"/>