1 <?xml version="1.0" encoding="UTF-8"?>
3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:afp="urn:mace:shibboleth:2.0:afp">
6 <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
8 <!-- Blanket Match Function -->
9 <complexType name="ANY">
11 <documentation>A match function that evaluates to true.</documentation>
14 <extension base="afp:MatchFunctorType" />
18 <!-- Boolean Match Functions -->
19 <complexType name="AND">
22 A match function that performs a logical AND on the results of all contained matching functions.
26 <extension base="afp:MatchFunctorType">
27 <choice minOccurs="2" maxOccurs="unbounded">
28 <element name="Rule" type="afp:MatchFunctorType">
31 The set of match function rules to be ANDed.
35 <element name="RuleReference" type="afp:ReferenceType">
38 The set of match function rules to be ANDed.
47 <complexType name="OR">
50 A match function that performs a logical OR on the results of all contained matching functions.
54 <extension base="afp:MatchFunctorType">
55 <choice minOccurs="2" maxOccurs="unbounded">
56 <element name="Rule" type="afp:MatchFunctorType">
59 The set of match function rules to be ANDed.
63 <element name="RuleReference" type="afp:ReferenceType">
66 The set of match function rules to be ANDed.
75 <complexType name="NOT">
78 A match function that performs a logical NOT on the resultof the contained matching function.
82 <extension base="afp:MatchFunctorType">
84 <element name="Rule" type="afp:MatchFunctorType">
87 The set of match function rules to be ANDed.
91 <element name="RuleReference" type="afp:ReferenceType">
94 The set of match function rules to be ANDed.
103 <!-- Literal String Match Functions -->
104 <complexType name="AttributeRequesterString">
107 A match function that matches the attribute request against the specified value.
111 <extension base="basic:StringMatchType" />
115 <complexType name="AttributeIssuerString">
118 A match function that matches the attribute issuer against the specified value.
122 <extension base="basic:StringMatchType" />
126 <complexType name="PrincipalNameString">
128 <documentation>A match function that matches the principal name against the specified value.</documentation>
131 <extension base="basic:StringMatchType" />
135 <complexType name="AuthenticationMethodString">
138 A match function that matches the authentication method against the specified value.
142 <extension base="basic:StringMatchType" />
146 <complexType name="AttributeValueString">
149 A match function that matches the value of an attribute against the specified value. This match
150 evaluates to true if the attribute contains the specified value.
154 <extension base="basic:AttributeTargetedStringMatchType" />
158 <complexType name="AttributeScopeString">
161 A match function that matches the attribute scope against the specified value.
165 <extension base="basic:AttributeTargetedStringMatchType" />
169 <complexType name="AttributeTargetedStringMatchType" abstract="true">
171 <extension base="basic:StringMatchType">
172 <attribute name="attributeID" type="string">
175 The ID of the attribute whose value should be matched. If no attribute ID is specified the
176 ID of the containing attribute rule is assumed.
184 <complexType name="StringMatchType" abstract="true">
186 <extension base="afp:MatchFunctorType">
187 <attribute name="value" type="string" use="required">
189 <documentation>The string value to match.</documentation>
192 <attribute name="ignoreCase" type="boolean" default="false">
195 A boolean flag indicating whether case should be ignored when evaluating the match.
203 <!-- Regular Expression Match Functions -->
204 <complexType name="AttributeRequesterRegex">
207 A match function that matches the attribute requester against the specified regular expression.
211 <extension base="basic:RegexMatchType" />
215 <complexType name="AttributeIssuerRegex">
218 A match function that matches the attribute issuer against the specified regular expression.
222 <extension base="basic:RegexMatchType" />
226 <complexType name="PrincipalNameRegex">
229 A match function that matches the principal name against the specified regular expression.
233 <extension base="basic:RegexMatchType" />
237 <complexType name="AuthenticationMethodRegex">
240 A match function that matches the authentication method against the specified regular expression.
244 <extension base="basic:RegexMatchType" />
248 <complexType name="AttributeValueRegex">
251 A match function that matches an attribute value against the specified regular expression. This function
252 evaluates to true if any value matches the given expression
256 <extension base="basic:AttributeTargetedRegexMatchType" />
260 <complexType name="AttributeScopeRegex">
263 A match function that matches the attribute scope against the specified regular expression.
267 <extension base="basic:AttributeTargetedRegexMatchType" />
271 <complexType name="AttributeTargetedRegexMatchType">
273 <extension base="basic:RegexMatchType">
274 <attribute name="attributeID" type="string">
277 The ID of the attribute whose value should be matched. If no attribute ID is specified the
278 ID of the containing attribute rule is assumed.
286 <complexType name="RegexMatchType" abstract="true">
288 <extension base="afp:MatchFunctorType">
289 <attribute name="regex" type="string" use="required">
291 <documentation>The regular expression values are matched against.</documentation>
294 <attribute name="options" type="string">
296 <documentation>The regular expression options to apply.</documentation>
303 <!-- Misc. Functions -->
304 <complexType name="Script">
307 A match function that evaluates a script to determine if some criteria is met. The script MUST return a
312 <extension base="afp:MatchFunctorType">
314 <element name="Script" type="string" minOccurs="0">
316 <documentation>The script to evaluate to construct the attribute.</documentation>
319 <element name="ScriptFile" type="string" minOccurs="0">
322 The filesystem path to the script to evaluate to construct the attribute.
327 <attribute name="language" type="string" default="javascript">
330 The JSR-233 name for the scripting language that will be used. By default "javascript" is
339 <complexType name="NumberOfAttributeValues">
342 A match function that evaluates to true if the given attribute has as a number of values that falls
343 between the minimum and maximum. This method may be used as a sanity check to ensure that an unexpected
344 number of values did not come from the attribute resolver and be released.
348 <extension base="afp:MatchFunctorType">
349 <attribute name="attributeID" type="string">
351 <documentation>The ID of the attribute whose value should be matched.</documentation>
354 <attribute name="minimum" type="nonNegativeInteger" default="0">
356 <documentation>Minimum number of values an attribute may have.</documentation>
359 <attribute name="maximum" type="positiveInteger" default="2147483647">
361 <documentation>Maximum number of values an attribute may have.</documentation>