schemas/shibboleth.xsd

   1 <?xml version="1.0" encoding="US-ASCII"?>
   2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
   3     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
   4     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
   5
   6
   7     <!-- Status-Related Information -->
   8
   9     <!--
  10     The following SAML sub-status codes are defined in this namespace:
  11
  12         "RealTimeRelease"
  13             Used with samlp:Responder, signals user wants real-time attribute release
  14
  15         "InvalidHandle"
  16             Used with samlp:Requester, signals AA did not recognize handle as valid
  17     -->
  18
  19     <element name="RealTimeReleaseURL" type="anyURI">
  20         <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
  21     </element>
  22
  23
  24     <!-- Relaxes SAML AttributeValue type definition -->
  25
  26         <complexType name="AttributeValueType" mixed="true">
  27                 <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
  28                 <sequence>
  29                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  30                 </sequence>
  31                 <anyAttribute namespace="##any" processContents="lax"/>
  32         </complexType>
  33
  34
  35     <!-- Attribute Acceptance Policies -->
  36
  37     <simpleType name="AttributeRuleValueType">
  38         <restriction base="string">
  39             <enumeration value="literal"/>
  40             <enumeration value="regexp"/>
  41             <enumeration value="xpath"/>
  42         </restriction>
  43     </simpleType>
  44
  45     <complexType name="SiteRuleType">
  46         <choice>
  47                 <element name="AnyValue">
  48                         <complexType>
  49                                 <sequence/>
  50                         </complexType>
  51                 </element>
  52             <element name="Value" maxOccurs="unbounded">
  53                 <complexType>
  54                     <simpleContent>
  55                         <extension base="string">
  56                             <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
  57                         </extension>
  58                     </simpleContent>
  59                 </complexType>
  60             </element>
  61         </choice>
  62     </complexType>
  63
  64     <element name="AnySite" type="shib:SiteRuleType"/>
  65     <element name="SiteRule">
  66         <complexType>
  67             <complexContent>
  68                 <extension base="shib:SiteRuleType">
  69                     <attribute name="Name" type="string" use="required"/>
  70                 </extension>
  71             </complexContent>
  72         </complexType>
  73     </element>
  74
  75     <complexType name="AttributeRuleType">
  76         <sequence>
  77             <element ref="shib:AnySite" minOccurs="0"/>
  78             <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
  79         </sequence>
  80         <attribute name="Name" type="anyURI"/>
  81     </complexType>
  82
  83     <element name="AttributeRule" type="shib:AttributeRuleType">
  84         <key name="SiteRuleKey">
  85             <selector xpath="./shib:SiteRule"/>
  86             <field xpath="@Name"/>
  87         </key>
  88     </element>
  89
  90     <element name="AttributeAcceptancePolicy">
  91         <complexType>
  92             <sequence>
  93                 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
  94             </sequence>
  95         </complexType>
  96         <key name="AttributeNameKey">
  97             <selector xpath="./shib:AttributeRule"/>
  98             <field xpath="@Name"/>
  99         </key>
 100     </element>
 101
 102
 103     <!-- Shibboleth Metadata -->
 104
 105     <complexType name="SiteType">
 106         <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
 107         <sequence>
 108             <element name="Alias" minOccurs="0" maxOccurs="unbounded">
 109                 <complexType>
 110                     <simpleContent>
 111                         <extension base="string">
 112                             <attribute ref="xml:lang"/>
 113                         </extension>
 114                     </simpleContent>
 115                 </complexType>
 116             </element>
 117             <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
 118         </sequence>
 119         <attribute name="Name" type="string" use="required"/>
 120         <attribute name="ErrorURL" type="anyURI" use="optional"/>
 121     </complexType>
 122
 123         <simpleType name="ContactTypeType">
 124                 <restriction base="string">
 125             <enumeration value="technical"/>
 126             <enumeration value="administrative"/>
 127             <enumeration value="billing"/>
 128             <enumeration value="other"/>
 129         </restriction>
 130     </simpleType>
 131
 132         <complexType name="ContactType">
 133                 <annotation>A human contact for a site.</annotation>
 134                 <sequence/>
 135         <attribute name="Type" type="shib:ContactTypeType" use="required"/>
 136         <attribute name="Name" type="string" use="required"/>
 137         <attribute name="Email" type="string" use="optional"/>
 138         </complexType>
 139
 140     <complexType name="regexp_string">
 141         <annotation> A string element with an optional attribute signaling regexp content. </annotation>
 142         <simpleContent>
 143             <extension base="string">
 144                 <attribute name="regexp" type="boolean" use="optional" default="false"/>
 145             </extension>
 146         </simpleContent>
 147     </complexType>
 148
 149     <complexType name="OriginSiteType">
 150         <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
 151         <complexContent>
 152             <extension base="shib:SiteType">
 153                 <sequence>
 154                     <element name="HandleService" maxOccurs="unbounded">
 155                         <complexType>
 156                             <sequence>
 157                                 <element ref="ds:KeyInfo" minOccurs="0"/>
 158                             </sequence>
 159                             <attribute name="Name" type="string" use="required"/>
 160                             <attribute name="Location" type="anyURI" use="required"/>
 161                         </complexType>
 162                     </element>
 163                     <element name="AttributeAuthority" minOccurs="0" maxOccurs="unbounded">
 164                         <complexType>
 165                             <sequence>
 166                                 <element ref="ds:KeyInfo" minOccurs="0"/>
 167                             </sequence>
 168                             <attribute name="Name" type="string" use="required"/>
 169                             <attribute name="Location" type="anyURI" use="required"/>
 170                         </complexType>
 171                     </element>
 172                     <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
 173                 </sequence>
 174             </extension>
 175         </complexContent>
 176     </complexType>
 177
 178     <complexType name="SiteGroupType">
 179         <annotation>Used to logically group sites together.</annotation>
 180         <sequence>
 181             <choice maxOccurs="unbounded">
 182                 <element ref="shib:OriginSite"/>
 183                 <element ref="shib:DestinationSite"/>
 184                 <element ref="shib:SiteGroup"/>
 185             </choice>
 186             <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
 187         </sequence>
 188         <attribute name="Name" type="string" use="required"/>
 189     </complexType>
 190
 191     <element name="OriginSite" type="shib:OriginSiteType"/>
 192     <element name="DestinationSite" type="shib:SiteType"/>
 193     <element name="SiteGroup" type="shib:SiteGroupType"/>
 194
 195     <element name="Sites">
 196         <annotation>The registry of sites plus an optional enveloped signature.</annotation>
 197         <complexType>
 198             <sequence>
 199                 <choice maxOccurs="unbounded">
 200                     <element ref="shib:OriginSite"/>
 201                     <element ref="shib:DestinationSite"/>
 202                     <element ref="shib:SiteGroup"/>
 203                 </choice>
 204                 <element name="TrustList" type="ds:KeyInfoType" minOccurs="0"/>
 205                 <element ref="ds:Signature" minOccurs="0"/>
 206             </sequence>
 207         </complexType>
 208     </element>
 209 </schema>