1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0">
3 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
7 <!-- Status-Related Information -->
10 The following SAML sub-status codes are defined in this namespace:
13 Used with samlp:Responder, signals user wants real-time attribute release
16 Used with samlp:Requester, signals AA did not recognize handle as valid
19 <element name="RealTimeReleaseURL" type="anyURI">
21 <documentation xml:lang="en">Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</documentation>
26 <!-- Relaxes SAML AttributeValue type definition -->
28 <complexType name="AttributeValueType" mixed="true">
30 <documentation xml:lang="en">By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</documentation>
33 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
35 <anyAttribute namespace="##any" processContents="lax"/>
39 <!-- Attribute Acceptance Policies -->
41 <simpleType name="AttributeRuleValueType">
42 <restriction base="string">
43 <enumeration value="literal"/>
44 <enumeration value="regexp"/>
45 <enumeration value="xpath"/>
49 <complexType name="SiteRuleType">
51 <element name="AnyValue">
56 <element name="Value" maxOccurs="unbounded">
59 <extension base="string">
60 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
68 <element name="AnySite" type="shib:SiteRuleType"/>
69 <element name="SiteRule">
72 <extension base="shib:SiteRuleType">
73 <attribute name="Name" type="string" use="required"/>
79 <complexType name="AttributeRuleType">
81 <element ref="shib:AnySite" minOccurs="0"/>
82 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
84 <attribute name="Name" type="string" use="required"/>
85 <attribute name="Namespace" type="string" use="optional"/>
86 <attribute name="Factory" type="string" use="optional"/>
87 <attribute name="Alias" type="string" use="optional"/>
88 <attribute name="Header" type="string" use="optional"/>
91 <element name="AttributeRule" type="shib:AttributeRuleType">
92 <key name="SiteRuleKey">
93 <selector xpath="./shib:SiteRule"/>
94 <field xpath="@Name"/>
98 <element name="AttributeAcceptancePolicy">
101 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
107 <!-- Shibboleth Metadata -->
109 <complexType name="SiteType">
111 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
114 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
117 <extension base="string">
118 <attribute ref="xml:lang"/>
123 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
125 <attribute name="Name" type="string" use="required"/>
126 <attribute name="ErrorURL" type="anyURI" use="optional"/>
129 <simpleType name="ContactTypeType">
130 <restriction base="string">
131 <enumeration value="technical"/>
132 <enumeration value="administrative"/>
133 <enumeration value="billing"/>
134 <enumeration value="other"/>
138 <complexType name="ContactType">
139 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
141 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
142 <attribute name="Name" type="string" use="required"/>
143 <attribute name="Email" type="string" use="optional"/>
146 <complexType name="regexp_string">
148 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
151 <extension base="string">
152 <attribute name="regexp" type="boolean" use="optional" default="false"/>
157 <complexType name="AuthorityType">
159 <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
162 <attribute name="Name" type="string" use="required"/>
163 <attribute name="Location" type="anyURI" use="required"/>
166 <complexType name="OriginSiteType">
168 <documentation xml:lang="en">Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</documentation>
171 <extension base="shib:SiteType">
173 <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
174 <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
175 <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
181 <complexType name="SiteGroupType">
183 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
186 <choice maxOccurs="unbounded">
187 <element ref="shib:OriginSite"/>
188 <element ref="shib:DestinationSite"/>
189 <element ref="shib:SiteGroup"/>
191 <element ref="ds:Signature" minOccurs="0"/>
193 <attribute name="Name" type="string" use="required"/>
196 <element name="OriginSite" type="shib:OriginSiteType"/>
197 <element name="DestinationSite" type="shib:SiteType"/>
198 <element name="SiteGroup" type="shib:SiteGroupType"/>
200 <complexType name="KeyAuthorityType">
202 <documentation xml:lang="en">Binds a set of keying material to one or more named system entities.</documentation>
205 <element ref="ds:KeyInfo"/>
206 <element name="Subject" type="shib:regexp_string" maxOccurs="unbounded"/>
210 <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
212 <element name="Trust">
214 <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
218 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
219 <element ref="ds:Signature" minOccurs="0"/>