1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0">
3 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
7 <!-- Status-Related Information -->
10 The following SAML sub-status codes are defined in this namespace:
13 Used with samlp:Responder, signals user wants real-time attribute release
16 Used with samlp:Requester, signals AA did not recognize handle as valid
19 <element name="RealTimeReleaseURL" type="anyURI">
21 <documentation xml:lang="en">Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</documentation>
26 <!-- Relaxes SAML AttributeValue type definition -->
28 <complexType name="AttributeValueType" mixed="true">
30 <documentation xml:lang="en">By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</documentation>
33 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
35 <anyAttribute namespace="##any" processContents="lax"/>
39 <!-- Attribute Acceptance Policies -->
41 <simpleType name="AttributeRuleValueType">
42 <restriction base="string">
43 <enumeration value="literal"/>
44 <enumeration value="regexp"/>
45 <enumeration value="xpath"/>
49 <complexType name="SiteRuleType">
51 <element name="Scope" minOccurs="0" maxOccurs="unbounded">
54 <extension base="string">
55 <attribute name="Accept" type="boolean" use="optional" default="true"/>
56 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
61 <choice minOccurs="0">
62 <element name="AnyValue">
67 <element name="Value" maxOccurs="unbounded">
70 <extension base="string">
71 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
80 <element name="AnySite" type="shib:SiteRuleType"/>
81 <element name="SiteRule">
84 <extension base="shib:SiteRuleType">
85 <attribute name="Name" type="string" use="required"/>
91 <complexType name="AttributeRuleType">
93 <element ref="shib:AnySite" minOccurs="0"/>
94 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
96 <attribute name="Name" type="string" use="required"/>
97 <attribute name="Namespace" type="string" use="optional"/>
98 <attribute name="Factory" type="string" use="optional"/>
99 <attribute name="Alias" type="string" use="optional"/>
100 <attribute name="Header" type="string" use="optional"/>
103 <element name="AttributeRule" type="shib:AttributeRuleType">
104 <key name="SiteRuleKey">
105 <selector xpath="./shib:SiteRule"/>
106 <field xpath="@Name"/>
110 <element name="AttributeAcceptancePolicy">
113 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
119 <!-- Shibboleth Metadata -->
121 <complexType name="SiteType">
123 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
126 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
129 <extension base="string">
130 <attribute ref="xml:lang"/>
135 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
137 <attribute name="Name" type="string" use="required"/>
138 <attribute name="ErrorURL" type="anyURI" use="optional"/>
141 <simpleType name="ContactTypeType">
142 <restriction base="string">
143 <enumeration value="technical"/>
144 <enumeration value="administrative"/>
145 <enumeration value="billing"/>
146 <enumeration value="other"/>
150 <complexType name="ContactType">
151 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
153 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
154 <attribute name="Name" type="string" use="required"/>
155 <attribute name="Email" type="string" use="optional"/>
158 <complexType name="regexp_string">
160 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
163 <extension base="string">
164 <attribute name="regexp" type="boolean" use="optional" default="false"/>
169 <complexType name="AuthorityType">
171 <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
174 <attribute name="Name" type="string" use="required"/>
175 <attribute name="Location" type="anyURI" use="required"/>
178 <complexType name="OriginSiteType">
180 <documentation xml:lang="en">Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</documentation>
183 <extension base="shib:SiteType">
185 <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
186 <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
187 <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
193 <complexType name="SiteGroupType">
195 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
198 <choice maxOccurs="unbounded">
199 <element ref="shib:OriginSite"/>
200 <element ref="shib:DestinationSite"/>
201 <element ref="shib:SiteGroup"/>
203 <element ref="ds:Signature" minOccurs="0"/>
205 <attribute name="Name" type="string" use="required"/>
206 <attribute name="lastChanged" type="datetime" use="optional"/>
207 <attribute name="validUntil" type="datetime" use="optional"/>
208 <attribute name="cacheDuration" type="duration" use="optional"/>
212 <element name="OriginSite" type="shib:OriginSiteType"/>
213 <element name="DestinationSite" type="shib:SiteType"/>
214 <element name="SiteGroup" type="shib:SiteGroupType"/>
217 <!-- Trust Metadata -->
219 <complexType name="KeyAuthorityType">
221 <documentation xml:lang="en">
222 Binds a set of keying material to one or more named system entities.
226 <element ref="ds:KeyInfo"/>
227 <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
229 <attribute name="VerifyDepth" type="unsignedByte" use="optional"/>
230 <attribute name="Type" use="optional" default="authority">
231 <restriction base="string">
232 <enumeration value="authority"/>
233 <enumeration value="entity"/>
237 <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
239 <element name="Trust">
241 <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
245 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
246 <element ref="ds:Signature" minOccurs="0"/>
249 <attribute name="lastChanged" type="datetime" use="optional"/>
250 <attribute name="validUntil" type="datetime" use="optional"/>
251 <attribute name="cacheDuration" type="duration" use="optional"/>
255 <complexType name="JavaKeyInfoType">
257 <documentation xml:lang="en">Describes a credential in a Java keystore.</documentation>
260 <attribute name="KeyStore" type="string" use="required"/>
261 <attribute name="KeyStoreType" type="string" use="optional" default="JKS"/>
262 <attribute name="KeyStorePassword" type="string" use="required"/>
263 <attribute name="Alias" type="string" use="required"/>
264 <attribute name="AliasPassword" type="string" use="optional"/>
266 <element name="JavaKeyValue" type="shib:JavaKeyInfoType"/>
267 <element name="JavaX509Data" type="shib:JavaKeyInfoType"/>
269 <complexType name="KeyUseType">
271 <documentation xml:lang="en">
272 Binds a set of credentials to one or more named system entities with additional controls over
273 which relying parties are capable of accepting them.
276 <extension base="shib:KeyAuthorityType">
278 <element name="RelyingParty" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
282 <element name="KeyUse" type="shib:KeyUseType"/>
284 <element name="Credentials">
286 <documentation xml:lang="en">A set of KeyUse data that provides local credentials.</documentation>
290 <element ref="shib:KeyUse" maxOccurs="unbounded"/>