schemas/shibboleth.xsd

   1 <?xml version="1.0" encoding="US-ASCII"?>
   2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
   3     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
   4     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
   5
   6
   7     <!-- Status-Related Information -->
   8
   9     <!--
  10     The following SAML sub-status codes are defined in this namespace:
  11
  12         "RealTimeRelease"
  13             Used with samlp:Responder, signals user wants real-time attribute release
  14
  15         "InvalidHandle"
  16             Used with samlp:Requester, signals AA did not recognize handle as valid
  17     -->
  18
  19     <element name="RealTimeReleaseURL" type="anyURI">
  20         <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
  21     </element>
  22
  23
  24     <!-- Relaxes SAML AttributeValue type definition -->
  25
  26         <complexType name="AttributeValueType" mixed="true">
  27                 <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
  28                 <sequence>
  29                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  30                 </sequence>
  31                 <anyAttribute namespace="##any" processContents="lax"/>
  32         </complexType>
  33
  34
  35     <!-- Attribute Acceptance Policies -->
  36
  37     <simpleType name="AttributeRuleValueType">
  38         <restriction base="string">
  39             <enumeration value="literal"/>
  40             <enumeration value="regexp"/>
  41             <enumeration value="xpath"/>
  42         </restriction>
  43     </simpleType>
  44
  45     <complexType name="SiteRuleType">
  46         <sequence>
  47             <element name="Value" maxOccurs="unbounded">
  48                 <complexType>
  49                     <simpleContent>
  50                         <extension base="string">
  51                             <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
  52                         </extension>
  53                     </simpleContent>
  54                 </complexType>
  55             </element>
  56         </sequence>
  57     </complexType>
  58
  59     <element name="AnySite" type="shib:SiteRuleType"/>
  60     <element name="SiteRule">
  61         <complexType>
  62             <complexContent>
  63                 <extension base="shib:SiteRuleType">
  64                     <attribute name="Name" type="string" use="required"/>
  65                 </extension>
  66             </complexContent>
  67         </complexType>
  68     </element>
  69
  70     <complexType name="AttributeRuleType">
  71         <sequence>
  72             <element ref="shib:AnySite" minOccurs="0"/>
  73             <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
  74         </sequence>
  75         <attribute name="Name" type="anyURI"/>
  76     </complexType>
  77
  78     <element name="AttributeRule" type="shib:AttributeRuleType">
  79         <key name="SiteRuleKey">
  80             <selector xpath="./shib:SiteRule"/>
  81             <field xpath="@Name"/>
  82         </key>
  83     </element>
  84
  85     <element name="AttributeAcceptancePolicy">
  86         <complexType>
  87             <sequence>
  88                 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
  89             </sequence>
  90         </complexType>
  91         <key name="AttributeNameKey">
  92             <selector xpath="./shib:AttributeRule"/>
  93             <field xpath="@Name"/>
  94         </key>
  95     </element>
  96
  97
  98     <!-- Shibboleth Metadata -->
  99
 100     <complexType name="SiteType">
 101         <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
 102         <sequence>
 103             <element name="Alias" minOccurs="0" maxOccurs="unbounded">
 104                 <complexType>
 105                     <simpleContent>
 106                         <extension base="string">
 107                             <attribute ref="xml:lang"/>
 108                         </extension>
 109                     </simpleContent>
 110                 </complexType>
 111             </element>
 112             <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
 113         </sequence>
 114         <attribute name="Name" type="string" use="required"/>
 115         <attribute name="ErrorURL" type="anyURI" use="optional"/>
 116     </complexType>
 117
 118         <simpleType name="ContactTypeType">
 119                 <restriction base="string">
 120             <enumeration value="technical"/>
 121             <enumeration value="administrative"/>
 122             <enumeration value="billing"/>
 123             <enumeration value="other"/>
 124         </restriction>
 125     </simpleType>
 126
 127         <complexType name="ContactType">
 128                 <annotation>A human contact for a site.</annotation>
 129                 <sequence/>
 130         <attribute name="Type" type="shib:ContactTypeType" use="required"/>
 131         <attribute name="Name" type="string" use="required"/>
 132         <attribute name="Email" type="string" use="optional"/>
 133         </complexType>
 134
 135     <complexType name="regexp_string">
 136         <annotation> A string element with an optional attribute signaling regexp content. </annotation>
 137         <simpleContent>
 138             <extension base="string">
 139                 <attribute name="regexp" type="boolean" use="optional" default="false"/>
 140             </extension>
 141         </simpleContent>
 142     </complexType>
 143
 144     <complexType name="OriginSiteType">
 145         <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
 146         <complexContent>
 147             <extension base="shib:SiteType">
 148                 <sequence>
 149                     <element name="HandleService" maxOccurs="unbounded">
 150                         <complexType>
 151                             <sequence>
 152                                 <element ref="ds:KeyInfo" minOccurs="0"/>
 153                             </sequence>
 154                             <attribute name="Name" type="string" use="required"/>
 155                             <attribute name="Location" type="anyURI" use="required"/>
 156                         </complexType>
 157                     </element>
 158                     <element name="AttributeAuthority" minOccurs="0" maxOccurs="unbounded">
 159                         <complexType>
 160                             <sequence>
 161                                 <element ref="ds:KeyInfo" minOccurs="0"/>
 162                             </sequence>
 163                             <attribute name="Name" type="string" use="required"/>
 164                             <attribute name="Location" type="anyURI" use="required"/>
 165                         </complexType>
 166                     </element>
 167                     <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
 168                 </sequence>
 169             </extension>
 170         </complexContent>
 171     </complexType>
 172
 173     <complexType name="SiteGroupType">
 174         <annotation>Used to logically group sites together.</annotation>
 175         <sequence>
 176             <choice maxOccurs="unbounded">
 177                 <element ref="shib:OriginSite"/>
 178                 <element ref="shib:DestinationSite"/>
 179                 <element ref="shib:SiteGroup"/>
 180             </choice>
 181             <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
 182         </sequence>
 183         <attribute name="Name" type="string" use="required"/>
 184     </complexType>
 185
 186     <element name="OriginSite" type="shib:OriginSiteType"/>
 187     <element name="DestinationSite" type="shib:SiteType"/>
 188     <element name="SiteGroup" type="shib:SiteGroupType"/>
 189
 190     <element name="Sites">
 191         <annotation>The registry of sites plus an optional enveloped signature.</annotation>
 192         <complexType>
 193             <sequence>
 194                 <choice maxOccurs="unbounded">
 195                     <element ref="shib:OriginSite"/>
 196                     <element ref="shib:DestinationSite"/>
 197                     <element ref="shib:SiteGroup"/>
 198                 </choice>
 199                 <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
 200                 <element ref="ds:Signature" minOccurs="0"/>
 201             </sequence>
 202         </complexType>
 203     </element>
 204 </schema>