1 <?xml version="1.0" encoding="UTF-8"?>
3 <schema targetNamespace="urn:mace:shibboleth:2.0:afp" xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:afp="urn:mace:shibboleth:2.0:afp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
\r
6 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="classpath:/schema/xmldsig-core-schema.xsd" />
\r
9 <documentation>Schema for the attribute filter policies.</documentation>
12 <element name="AttributeFilterPolicyGroup" type="afp:AttributeFilterPolicyGroupType">
15 Root element of the attribute filter policy. Represents a named group of filter policies.
19 <complexType name="AttributeFilterPolicyGroupType">
21 <extension base="afp:IndentityType">
23 <element ref="afp:PolicyRequirementRule" minOccurs="0" maxOccurs="unbounded">
26 Defines a set of applications requirements that may be reused across multiple filter
31 <element ref="afp:AttributeRule" minOccurs="0" maxOccurs="unbounded">
34 Defines an attribute rule that may be reused across multiple filter policies.
38 <element ref="afp:PermitValueRule" minOccurs="0" maxOccurs="unbounded">
41 Defines an attribute value filter that may be reused across multiple attribtue rules.
45 <element ref="afp:AttributeFilterPolicy" minOccurs="0" maxOccurs="unbounded">
48 A policy that defines the set of attribute value filters that will be applied if its
49 application requirements are met.
53 <element ref="ds:Signature" minOccurs="0">
56 Digital signature for the policy. Policies that are fetched from an external source,
57 such as a federation site, should be signed.
66 <element name="AttributeFilterPolicy" type="afp:AttributeFilterPolicyType">
69 A policy that defines a set of attribute value filters rules that should be used if given requirements
74 <complexType name="AttributeFilterPolicyType">
76 <extension base="afp:IndentityType">
79 <element ref="afp:PolicyRequirementRule">
82 A requirement that if met signals that this filter policy should be used.
86 <element name="PolicyRequirementRuleReference" type="afp:ReferenceType">
89 Rerfence to a PolicyRequirement defined within this policy group or another.
94 <choice minOccurs="0" maxOccurs="unbounded">
95 <element ref="afp:AttributeRule">
98 A rule that describes how values of an attribute will be filtered.
102 <element name="AttributeRuleReference" type="afp:ReferenceType">
105 Rerfence to a AttribtueRule defined within this policy group or another.
115 <element name="AttributeRule" type="afp:AttributeRuleType">
117 <documentation>A rule that describes how values of an attribute will be filtered.</documentation>
120 <complexType name="AttributeRuleType">
122 <extension base="afp:IndentityType">
124 <element ref="afp:PermitValueRule">
127 A filter for attribute values. If the filter evaluates to true the value is permitted,
128 otherwise it is filtered out.
132 <element name="PermitValueRuleReference" type="afp:ReferenceType">
135 Rerfence to a PermitValueRule defined within this policy group or another.
140 <attribute name="attributeID" type="string" use="required">
142 <documentation>The ID of the attribute to which this rule applies.</documentation>
149 <element name="PolicyRequirementRule" type="afp:MatchFunctorType">
151 <documentation>A requirement that if met signals that a filter policy should be used.</documentation>
154 <element name="PermitValueRule" type="afp:MatchFunctorType">
157 A filter for attribtue values. If the filter evaluates to true the value is permitted, otherwise it is
162 <complexType name="MatchFunctorType" abstract="true">
164 <extension base="afp:IndentityType" />
168 <complexType name="IndentityType">
169 <attribute name="id" type="string">
171 <documentation>An ID, unique within the policy and component type.</documentation>
176 <complexType name="ReferenceType">
177 <attribute name="ref" type="string">
179 <documentation>Used to reference a globally defined policy component.</documentation>