https://issues.shibboleth.net/jira/browse/SSPCPP-320

[shibboleth/cpp-sp.git] / schemas / shibboleth-2.0-afp-mf-saml.xsd

diff --git a/schemas/shibboleth-2.0-afp-mf-saml.xsd b/schemas/shibboleth-2.0-afp-mf-saml.xsd
index 9b98ed2..ab6b457 100644 (file)
--- a/schemas/shibboleth-2.0-afp-mf-saml.xsd
+++ b/schemas/shibboleth-2.0-afp-mf-saml.xsd
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns="http://www.w3.org/2001/XMLSchema"
-    xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp">
+    xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" version="2.0">
 
     <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
 
@@ -26,7 +26,7 @@
     <complexType name="AttributeIssuerInEntityGroup">
         <annotation>
             <documentation>
-                A match function that evaluates to true if the attribute producer is found in metadata and is a member
+                A match function that evaluates to true if the attribute issuer is found in metadata and is a member
                 of the given entity group.
             </documentation>
         </annotation>
@@ -35,7 +35,7 @@
         </complexContent>
     </complexType>
 
-    <complexType name="EntityGroupMatchType">
+    <complexType name="EntityGroupMatchType" abstract="true">
         <complexContent>
             <extension base="afp:MatchFunctorType">
                 <attribute name="groupID" type="string" use="required">
@@ -50,11 +50,46 @@
     <complexType name="AttributeScopeMatchesShibMDScope">
         <annotation>
             <documentation>
-                A match function that ensures that an attributes value's scope matches a scope given in metadata for the entity or role.
+                A match function that ensures that an attribute value's scope matches a scope given in metadata for the entity or role.
             </documentation>
         </annotation>
         <complexContent>
             <extension base="afp:MatchFunctorType" />
         </complexContent>
     </complexType>
+
+  <complexType name="NameIDQualifierString">
+    <annotation>
+      <documentation>
+        A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values.
+      </documentation>
+    </annotation>
+    <complexContent>
+      <extension base="afp:MatchFunctorType">
+        <attribute name="attributeID" type="string">
+          <annotation>
+            <documentation>
+              The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the
+              ID of the containing attribute rule is assumed.
+            </documentation>
+          </annotation>
+        </attribute>
+        <attribute name="NameQualifier" type="string">
+          <annotation>
+            <documentation>
+              A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID.
+            </documentation>
+          </annotation>
+        </attribute>
+        <attribute name="SPNameQualifier" type="string">
+          <annotation>
+            <documentation>
+              A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID.
+            </documentation>
+          </annotation>
+        </attribute>
+      </extension>
+    </complexContent>
+  </complexType>
+
 </schema>
\ No newline at end of file