1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
3 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
7 <!-- Status-Related Information -->
10 The following SAML sub-status codes are defined in this namespace:
13 Used with samlp:Responder, signals user wants real-time attribute release
16 Used with samlp:Requester, signals AA did not recognize handle as valid
19 <element name="RealTimeReleaseURL" type="anyURI">
20 <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
24 <!-- Relaxes SAML AttributeValue type definition -->
26 <complexType name="AttributeValueType" mixed="true">
27 <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
29 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
31 <anyAttribute namespace="##any" processContents="lax"/>
35 <!-- Attribute Acceptance Policies -->
37 <simpleType name="AttributeRuleValueType">
38 <restriction base="string">
39 <enumeration value="literal"/>
40 <enumeration value="regexp"/>
41 <enumeration value="xpath"/>
45 <complexType name="SiteRuleType">
47 <element name="AnyValue">
52 <element name="Value" maxOccurs="unbounded">
55 <extension base="string">
56 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
64 <element name="AnySite" type="shib:SiteRuleType"/>
65 <element name="SiteRule">
68 <extension base="shib:SiteRuleType">
69 <attribute name="Name" type="string" use="required"/>
75 <complexType name="AttributeRuleType">
77 <element ref="shib:AnySite" minOccurs="0"/>
78 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
80 <attribute name="Name" type="anyURI"/>
83 <element name="AttributeRule" type="shib:AttributeRuleType">
84 <key name="SiteRuleKey">
85 <selector xpath="./shib:SiteRule"/>
86 <field xpath="@Name"/>
90 <element name="AttributeAcceptancePolicy">
93 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
96 <key name="AttributeNameKey">
97 <selector xpath="./shib:AttributeRule"/>
98 <field xpath="@Name"/>
103 <!-- Shibboleth Metadata -->
105 <complexType name="SiteType">
106 <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
108 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
111 <extension base="string">
112 <attribute ref="xml:lang"/>
117 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
119 <attribute name="Name" type="string" use="required"/>
120 <attribute name="ErrorURL" type="anyURI" use="optional"/>
123 <simpleType name="ContactTypeType">
124 <restriction base="string">
125 <enumeration value="technical"/>
126 <enumeration value="administrative"/>
127 <enumeration value="billing"/>
128 <enumeration value="other"/>
132 <complexType name="ContactType">
133 <annotation>A human contact for a site.</annotation>
135 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
136 <attribute name="Name" type="string" use="required"/>
137 <attribute name="Email" type="string" use="optional"/>
140 <complexType name="regexp_string">
141 <annotation> A string element with an optional attribute signaling regexp content. </annotation>
143 <extension base="string">
144 <attribute name="regexp" type="boolean" use="optional" default="false"/>
149 <complexType name="OriginSiteType">
150 <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
152 <extension base="shib:SiteType">
154 <element name="HandleService" maxOccurs="unbounded">
157 <element ref="ds:KeyInfo" minOccurs="0"/>
159 <attribute name="Name" type="string" use="required"/>
160 <attribute name="Location" type="anyURI" use="required"/>
163 <element name="AttributeAuthority" minOccurs="0" maxOccurs="unbounded">
166 <element ref="ds:KeyInfo" minOccurs="0"/>
168 <attribute name="Name" type="string" use="required"/>
169 <attribute name="Location" type="anyURI" use="required"/>
172 <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
178 <complexType name="SiteGroupType">
179 <annotation>Used to logically group sites together.</annotation>
181 <choice maxOccurs="unbounded">
182 <element ref="shib:OriginSite"/>
183 <element ref="shib:DestinationSite"/>
184 <element ref="shib:SiteGroup"/>
186 <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
188 <attribute name="Name" type="string" use="required"/>
191 <element name="OriginSite" type="shib:OriginSiteType"/>
192 <element name="DestinationSite" type="shib:SiteType"/>
193 <element name="SiteGroup" type="shib:SiteGroupType"/>
195 <element name="Sites">
196 <annotation>The registry of sites plus an optional enveloped signature.</annotation>
199 <choice maxOccurs="unbounded">
200 <element ref="shib:OriginSite"/>
201 <element ref="shib:DestinationSite"/>
202 <element ref="shib:SiteGroup"/>
204 <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
205 <element ref="ds:Signature" minOccurs="0"/>