schemas/shibboleth-2.0-afp.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp"
   4     xmlns="http://www.w3.org/2001/XMLSchema"
   5     xmlns:afp="urn:mace:shibboleth:2.0:afp"
   6     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   7     elementFormDefault="qualified">
   8
   9     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="classpath:/schema/xmldsig-core-schema.xsd" />
  10
  11     <annotation>
  12         <documentation>Schema for the attribute filter policies.</documentation>
  13     </annotation>
  14
  15     <element name="AttributeFilterPolicyGroup" type="afp:AttributeFilterPolicyGroupType">
  16         <annotation>
  17             <documentation>
  18                 Root element of the attribute filter policy. Represents a named group of filter policies.
  19             </documentation>
  20         </annotation>
  21     </element>
  22     <complexType name="AttributeFilterPolicyGroupType">
  23         <complexContent>
  24             <extension base="afp:IdentityType">
  25                 <sequence>
  26                     <element ref="afp:PolicyRequirementRule" minOccurs="0" maxOccurs="unbounded">
  27                         <annotation>
  28                             <documentation>
  29                                 Defines a set of applications requirements that may be reused across multiple filter
  30                                 policies.
  31                             </documentation>
  32                         </annotation>
  33                     </element>
  34                     <element ref="afp:PermitValueRule" minOccurs="0" maxOccurs="unbounded">
  35                         <annotation>
  36                             <documentation>
  37                                 Defines a permit value rule that may be reused across multiple attribute rules.
  38                             </documentation>
  39                         </annotation>
  40                     </element>
  41                     <element ref="afp:DenyValueRule" minOccurs="0" maxOccurs="unbounded">
  42                         <annotation>
  43                             <documentation>
  44                                 Defines a deny value rule that may be reused across multiple attribute rules.
  45                             </documentation>
  46                         </annotation>
  47                     </element>
  48                     <element ref="afp:AttributeRule" minOccurs="0" maxOccurs="unbounded">
  49                         <annotation>
  50                             <documentation>
  51                                 Defines an attribute rule that may be reused across multiple filter policies.
  52                             </documentation>
  53                         </annotation>
  54                     </element>
  55                     <element ref="afp:AttributeFilterPolicy" minOccurs="0" maxOccurs="unbounded">
  56                         <annotation>
  57                             <documentation>
  58                                 A policy that defines the set of attribute value filters that will be applied if its
  59                                 application requirements are met.
  60                             </documentation>
  61                         </annotation>
  62                     </element>
  63                     <element ref="ds:Signature" minOccurs="0">
  64                         <annotation>
  65                             <documentation>
  66                                 Digital signature for the policy. Policies that are fetched from an external source,
  67                                 such as a federation site, should be signed.
  68                             </documentation>
  69                         </annotation>
  70                     </element>
  71                 </sequence>
  72             </extension>
  73         </complexContent>
  74     </complexType>
  75
  76     <element name="AttributeFilterPolicy" type="afp:AttributeFilterPolicyType">
  77         <annotation>
  78             <documentation>
  79                 A policy that defines a set of attribute value filters rules that should be used if given requirements
  80                 are met.
  81             </documentation>
  82         </annotation>
  83     </element>
  84     <complexType name="AttributeFilterPolicyType">
  85         <complexContent>
  86             <extension base="afp:IdentityType">
  87                 <sequence>
  88                     <choice>
  89                         <element ref="afp:PolicyRequirementRule">
  90                             <annotation>
  91                                 <documentation>
  92                                     A requirement that if met signals that this filter policy should be used.
  93                                 </documentation>
  94                             </annotation>
  95                         </element>
  96                         <element name="PolicyRequirementRuleReference" type="afp:ReferenceType">
  97                             <annotation>
  98                                 <documentation>
  99                                     Reference to a PolicyRequirement defined within this policy group or another.
 100                                 </documentation>
 101                             </annotation>
 102                         </element>
 103                     </choice>
 104                     <choice minOccurs="0" maxOccurs="unbounded">
 105                         <element ref="afp:AttributeRule">
 106                             <annotation>
 107                                 <documentation>
 108                                     A rule that describes how values of an attribute will be filtered.
 109                                 </documentation>
 110                             </annotation>
 111                         </element>
 112                         <element name="AttributeRuleReference" type="afp:ReferenceType">
 113                             <annotation>
 114                                 <documentation>
 115                                     Reference to a AttributeRule defined within this policy group or another.
 116                                 </documentation>
 117                             </annotation>
 118                         </element>
 119                     </choice>
 120                 </sequence>
 121             </extension>
 122         </complexContent>
 123     </complexType>
 124
 125     <element name="AttributeRule" type="afp:AttributeRuleType">
 126         <annotation>
 127             <documentation>A rule that describes how values of an attribute will be filtered.</documentation>
 128         </annotation>
 129     </element>
 130     <complexType name="AttributeRuleType">
 131         <complexContent>
 132             <extension base="afp:IdentityType">
 133                 <choice>
 134                     <choice minOccurs="0">
 135                         <element ref="afp:PermitValueRule" />
 136                         <element name="PermitValueRuleReference" type="afp:ReferenceType">
 137                             <annotation>
 138                                 <documentation>
 139                                     Reference to a PermitValueRule defined within this policy group or another.
 140                                 </documentation>
 141                             </annotation>
 142                         </element>
 143                     </choice>
 144                     <choice minOccurs="0">
 145                         <element ref="afp:DenyValueRule" />
 146                         <element name="DenyValueRuleReference" type="afp:ReferenceType">
 147                             <annotation>
 148                                 <documentation>
 149                                     Reference to a DenyValueRule defined within this policy group or another.
 150                                 </documentation>
 151                             </annotation>
 152                         </element>
 153                     </choice>
 154                 </choice>
 155                 <attribute name="attributeID" type="string" use="required">
 156                     <annotation>
 157                         <documentation>The ID of the attribute to which this rule applies.</documentation>
 158                     </annotation>
 159                 </attribute>
 160             </extension>
 161         </complexContent>
 162     </complexType>
 163
 164     <element name="PolicyRequirementRule" type="afp:MatchFunctorType">
 165         <annotation>
 166             <documentation>A requirement that if met signals that a filter policy should be used.</documentation>
 167         </annotation>
 168     </element>
 169     <element name="PermitValueRule" type="afp:MatchFunctorType">
 170         <annotation>
 171             <documentation>
 172                 A filter for attribute values. If the filter evaluates to true the value is permitted to be released.
 173             </documentation>
 174         </annotation>
 175     </element>
 176     <element name="DenyValueRule" type="afp:MatchFunctorType">
 177         <annotation>
 178             <documentation>
 179                 A filter for attribute values. If the filter evaluates to true the value is denied and may not be released.
 180             </documentation>
 181         </annotation>
 182     </element>
 183     <complexType name="MatchFunctorType" abstract="true">
 184         <complexContent>
 185             <extension base="afp:IdentityType" />
 186         </complexContent>
 187     </complexType>
 188
 189     <complexType name="IdentityType">
 190         <attribute name="id" type="string">
 191             <annotation>
 192                 <documentation>An ID, unique within the policy and component type.</documentation>
 193             </annotation>
 194         </attribute>
 195     </complexType>
 196
 197     <complexType name="ReferenceType">
 198         <attribute name="ref" type="string">
 199             <annotation>
 200                 <documentation>Used to reference a globally defined policy component.</documentation>
 201             </annotation>
 202         </attribute>
 203     </complexType>
 204
 205 </schema>