Restrict pre-2.4 use of new require rules

[shibboleth/cpp-sp.git] / schemas / shibboleth-2.0-attribute-map.xsd
diff --git a/schemas/shibboleth-2.0-attribute-map.xsd b/schemas/shibboleth-2.0-attribute-map.xsd

index bf95425..8409f55 100644 (file)
--- a/schemas/shibboleth-2.0-attribute-map.xsd
+++ b/schemas/shibboleth-2.0-attribute-map.xsd
@@ -4,7 +4,7 @@
          xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
          xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
          elementFormDefault="qualified"
-        version="2.3">
+        version="2.5">
  
      <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
  
@@ -38,25 +38,41 @@
          <anyAttribute namespace="##any" processContents="lax"/>
      </complexType>
      
+    <element name="GSSAPIContext" type="base64Binary">
+        <annotation>
+            <documentation>A wrapper element for GSS-API contexts.</documentation>
+        </annotation>
+    </element>
+
+    <element name="GSSAPIName" type="base64Binary">
+        <annotation>
+            <documentation>A wrapper element for GSS-API composite names.</documentation>
+        </annotation>
+    </element>
+    
      <element name="Attributes">
          <annotation>
-            <documentation>The set of SAML 1/2 attribute mappings.</documentation>
+            <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
          </annotation>
          <complexType>
              <sequence>
                  <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
                  <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
                  <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
-                <element name="Attribute" type="am:AttributeType" maxOccurs="unbounded"/>
+                <choice maxOccurs="unbounded">
+                    <element name="Attribute" type="am:AttributeType"/>
+                    <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
+                </choice>
                  <element ref="ds:Signature" minOccurs="0"/>
              </sequence>
+            <attribute name="metadataAttributeCaching" type="boolean"/>
              <attribute name="metadataPolicyId" type="am:string"/>
          </complexType>
      </element>
  
      <complexType name="AttributeType">
          <annotation>
-            <documentation>Rule for mapping a SAML 1/2 attribute to an internal attribute.</documentation>
+            <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
          </annotation>
          <sequence>
              <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
@@ -92,6 +108,44 @@
            </annotation>
          </attribute>
      </complexType>
+
+    <complexType name="GSSAPIAttributeType">
+        <annotation>
+            <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
+        </annotation>
+        <attribute name="id" type="am:string" use="required">
+            <annotation>
+                <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
+            </annotation>
+        </attribute>
+        <attribute name="aliases" type="am:listOfStrings">
+            <annotation>
+                <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
+            </annotation>
+        </attribute>
+        <attribute name="name" type="am:string" use="required">
+            <annotation>
+                <documentation>The name of the naming attribute.</documentation>
+            </annotation>
+        </attribute>
+        <attribute name="authenticated" type="boolean">
+            <annotation>
+                <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
+            </annotation>
+        </attribute>
+        <attribute name="binary" type="boolean">
+            <annotation>
+                <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
+            </annotation>
+        </attribute>
+        <attribute name="scopeDelimiter" type="am:string">
+            <annotation>
+                <documentation>
+                    The character(s) used to delimit the scoped information from the scope.
+                </documentation>
+            </annotation>
+        </attribute>
+    </complexType>
      
      <complexType name="AttributeDecoderType" abstract="true">
          <annotation>
@@ -108,7 +162,16 @@
          </attribute>
          <attribute name="internal" type="boolean">
              <annotation>
-                <documentation>Flag controlling whether the resulting attribute should be exported for CGI use.</documentation>
+                <documentation>
+                    Flag controlling whether the resulting attribute should be exported for CGI use.
+                </documentation>
+            </annotation>
+        </attribute>
+        <attribute name="langAware" type="boolean">
+            <annotation>
+                <documentation>
+                    Flag controlling whether the decoder should select only the best matching value by language.
+                </documentation>
              </annotation>
          </attribute>
          <attribute name="hashAlg" type="am:string">
@@ -281,4 +344,15 @@
          </complexContent>
      </complexType>
  
+    <complexType name="Base64AttributeDecoder">
+        <annotation>
+            <documentation>
+                Decoder for attributes with base64-encoded string values.
+            </documentation>
+        </annotation>
+        <complexContent>
+            <extension base="am:AttributeDecoderType" />
+        </complexContent>
+    </complexType>
+
  </schema>