1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
3 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
7 <!-- Status-Related Information -->
10 The following SAML sub-status codes are defined in this namespace:
13 Used with samlp:Responder, signals user wants real-time attribute release
16 Used with samlp:Requester, signals AA did not recognize handle as valid
19 <element name="RealTimeReleaseURL" type="anyURI">
20 <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
24 <!-- Relaxes SAML AttributeValue type definition -->
26 <complexType name="AttributeValueType" mixed="true">
27 <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
29 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
31 <anyAttribute namespace="##any" processContents="lax"/>
35 <!-- Attribute Acceptance Policies -->
37 <simpleType name="AttributeRuleValueType">
38 <restriction base="string">
39 <enumeration value="literal"/>
40 <enumeration value="regexp"/>
41 <enumeration value="xpath"/>
45 <complexType name="SiteRuleType">
47 <element name="Value" maxOccurs="unbounded">
50 <extension base="string">
51 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
59 <element name="AnySite" type="shib:SiteRuleType"/>
60 <element name="SiteRule">
63 <extension base="shib:SiteRuleType">
64 <attribute name="Name" type="string" use="required"/>
70 <complexType name="AttributeRuleType">
72 <element ref="shib:AnySite" minOccurs="0"/>
73 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
75 <attribute name="Name" type="anyURI"/>
78 <element name="AttributeRule" type="shib:AttributeRuleType">
79 <key name="SiteRuleKey">
80 <selector xpath="./shib:SiteRule"/>
81 <field xpath="@Name"/>
85 <element name="AttributeAcceptancePolicy">
88 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
91 <key name="AttributeNameKey">
92 <selector xpath="./shib:AttributeRule"/>
93 <field xpath="@Name"/>
98 <!-- Shibboleth Metadata -->
100 <complexType name="SiteType">
101 <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
103 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
106 <extension base="string">
107 <attribute ref="xml:lang"/>
112 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
114 <attribute name="Name" type="string" use="required"/>
115 <attribute name="ErrorURL" type="anyURI" use="optional"/>
118 <simpleType name="ContactTypeType">
119 <restriction base="string">
120 <enumeration value="technical"/>
121 <enumeration value="administrative"/>
122 <enumeration value="billing"/>
123 <enumeration value="other"/>
127 <complexType name="ContactType">
128 <annotation>A human contact for a site.</annotation>
130 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
131 <attribute name="Name" type="string" use="required"/>
132 <attribute name="Email" type="string" use="optional"/>
135 <complexType name="regexp_string">
136 <annotation> A string element with an optional attribute signaling regexp content. </annotation>
138 <extension base="string">
139 <attribute name="regexp" type="boolean" use="optional" default="false"/>
144 <complexType name="OriginSiteType">
145 <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
147 <extension base="shib:SiteType">
149 <element name="HandleService" maxOccurs="unbounded">
152 <element ref="ds:KeyInfo" minOccurs="0"/>
154 <attribute name="Name" type="string" use="required"/>
155 <attribute name="Location" type="anyURI" use="required"/>
158 <element name="AttributeAuthority" minOccurs="0" maxOccurs="unbounded">
161 <element ref="ds:KeyInfo" minOccurs="0"/>
163 <attribute name="Name" type="string" use="required"/>
164 <attribute name="Location" type="anyURI" use="required"/>
167 <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
173 <complexType name="SiteGroupType">
174 <annotation>Used to logically group sites together.</annotation>
176 <choice maxOccurs="unbounded">
177 <element ref="shib:OriginSite"/>
178 <element ref="shib:DestinationSite"/>
179 <element ref="shib:SiteGroup"/>
181 <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
183 <attribute name="Name" type="string" use="required"/>
186 <element name="OriginSite" type="shib:OriginSiteType"/>
187 <element name="DestinationSite" type="shib:SiteType"/>
188 <element name="SiteGroup" type="shib:SiteGroupType"/>
190 <element name="Sites">
191 <annotation>The registry of sites plus an optional enveloped signature.</annotation>
194 <choice maxOccurs="unbounded">
195 <element ref="shib:OriginSite"/>
196 <element ref="shib:DestinationSite"/>
197 <element ref="shib:SiteGroup"/>
199 <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
200 <element ref="ds:Signature" minOccurs="0"/>