1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
5 xmlns:xml="http://www.w3.org/XML/1998/namespace"
6 xmlns:shib="urn:mace:shibboleth:1.0"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
11 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
12 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
15 <!-- Status-Related Information -->
18 The following SAML sub-status codes are defined in this namespace:
21 Used with samlp:Requester, signals AA did not recognize handle as valid
24 <!-- Relaxes SAML AttributeValue type definition -->
26 <complexType name="AttributeValueType" mixed="true">
28 <documentation xml:lang="en">By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</documentation>
31 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
33 <anyAttribute namespace="##any" processContents="lax"/>
36 <!-- Attribute Acceptance Policies -->
38 <simpleType name="AttributeRuleValueType">
39 <restriction base="string">
40 <enumeration value="literal"/>
41 <enumeration value="regexp"/>
42 <enumeration value="xpath"/>
46 <complexType name="SiteRuleType">
48 <element name="Scope" minOccurs="0" maxOccurs="unbounded">
51 <extension base="string">
52 <attribute name="Accept" type="boolean" use="optional" default="true"/>
53 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
54 <anyAttribute namespace="##any" processContents="lax"/>
59 <choice minOccurs="0">
60 <element name="AnyValue">
63 <anyAttribute namespace="##any" processContents="lax"/>
66 <element name="Value" maxOccurs="unbounded">
69 <extension base="string">
70 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
71 <anyAttribute namespace="##any" processContents="lax"/>
80 <element name="AnySite" type="shib:SiteRuleType"/>
81 <element name="SiteRule">
84 <extension base="shib:SiteRuleType">
85 <attribute name="Name" type="string" use="required"/>
86 <anyAttribute namespace="##any" processContents="lax"/>
92 <complexType name="AttributeRuleType">
94 <element ref="shib:AnySite" minOccurs="0"/>
95 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
97 <attribute name="Name" type="string" use="required"/>
98 <attribute name="Namespace" type="string" use="optional"/>
99 <attribute name="Factory" type="string" use="optional"/>
100 <attribute name="Alias" type="string" use="optional"/>
101 <attribute name="Header" type="string" use="optional"/>
102 <anyAttribute namespace="##any" processContents="lax"/>
105 <element name="AttributeRule" type="shib:AttributeRuleType">
106 <key name="SiteRuleKey">
107 <selector xpath="./shib:SiteRule"/>
108 <field xpath="@Name"/>
112 <element name="AttributeAcceptancePolicy">
115 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
117 <anyAttribute namespace="##any" processContents="lax"/>
122 <!-- Shibboleth Metadata -->
124 <complexType name="SiteType">
126 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
129 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
132 <extension base="string">
133 <attribute ref="xml:lang"/>
138 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
140 <attribute name="Name" type="string" use="required"/>
141 <attribute name="ErrorURL" type="anyURI" use="optional"/>
142 <anyAttribute namespace="##any" processContents="lax"/>
145 <simpleType name="ContactTypeType">
146 <restriction base="string">
147 <enumeration value="technical"/>
148 <enumeration value="support"/>
149 <enumeration value="administrative"/>
150 <enumeration value="billing"/>
151 <enumeration value="other"/>
155 <complexType name="ContactType">
156 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
158 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
159 <attribute name="Name" type="string" use="required"/>
160 <attribute name="Email" type="string" use="optional"/>
163 <complexType name="regexp_string">
165 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
168 <extension base="string">
169 <attribute name="regexp" type="boolean" use="optional" default="false"/>
174 <complexType name="AuthorityType">
176 <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
179 <attribute name="Name" type="string" use="required"/>
180 <attribute name="Location" type="anyURI" use="required"/>
181 <anyAttribute namespace="##any" processContents="lax"/>
184 <complexType name="OriginSiteType">
186 <documentation xml:lang="en">
187 Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping.
191 <extension base="shib:SiteType">
193 <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
194 <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
195 <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
201 <complexType name="DestinationSiteType">
203 <documentation xml:lang="en">
204 Destination sites add at least one attribute requester (with a name).
208 <extension base="shib:SiteType">
210 <element name="AssertionConsumerServiceURL" maxOccurs="unbounded">
213 <attribute name="Location" type="string" use="required"/>
214 <attribute name="Id" type="string" use="optional"/>
215 <anyAttribute namespace="##any" processContents="lax"/>
218 <element name="AttributeRequester" maxOccurs="unbounded">
221 <attribute name="Name" type="string" use="required"/>
222 <anyAttribute namespace="##any" processContents="lax"/>
230 <complexType name="SiteGroupType">
232 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
235 <choice maxOccurs="unbounded">
236 <element ref="shib:OriginSite"/>
237 <element ref="shib:DestinationSite"/>
238 <element ref="shib:SiteGroup"/>
240 <element ref="ds:Signature" minOccurs="0"/>
242 <attribute name="Name" type="string" use="required"/>
243 <attribute name="lastChanged" type="dateTime" use="optional"/>
244 <attribute name="validUntil" type="dateTime" use="optional"/>
245 <attribute name="cacheDuration" type="duration" use="optional"/>
246 <anyAttribute namespace="##any" processContents="lax"/>
249 <element name="OriginSite" type="shib:OriginSiteType"/>
250 <element name="DestinationSite" type="shib:DestinationSiteType"/>
251 <element name="SiteGroup" type="shib:SiteGroupType"/>
254 <!-- Old (pre 1.2) Trust Metadata -->
256 <complexType name="KeyAuthorityType">
258 <documentation xml:lang="en">
259 Binds a set of keying material to one or more named system entities.
263 <element ref="ds:KeyInfo"/>
264 <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
266 <anyAttribute namespace="##any" processContents="lax"/>
268 <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
270 <element name="Trust">
272 <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
276 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
277 <element ref="ds:Signature" minOccurs="0"/>
279 <attribute name="lastChanged" type="dateTime" use="optional"/>
280 <attribute name="validUntil" type="dateTime" use="optional"/>
281 <attribute name="cacheDuration" type="duration" use="optional"/>
282 <anyAttribute namespace="##any" processContents="lax"/>