Update to final, required pair of SAML 2.0 schemas
[java-idp.git] / src / schemas / saml-schema-metadata-2.0.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema
3     targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
4     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
5     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6     xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
7     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
8     xmlns="http://www.w3.org/2001/XMLSchema"
9     elementFormDefault="unqualified"
10     attributeFormDefault="unqualified"
11     blockDefault="substitution"
12     version="2.0">
13     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
14     <import namespace="http://www.w3.org/2001/04/xmlenc#" schemaLocation="xenc-schema.xsd"/>
15     <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
17     <annotation>
18         <documentation>
19             Document identifier: saml-schema-metadata-2.0
20             Location: http://docs.oasis-open.org/security/saml/v2.0/
21             Revision history:
22               V2.0 (March, 2005):
23                 Schema for SAML metadata, first published in SAML 2.0.
24         </documentation>
25     </annotation>
26
27     <simpleType name="entityIDType">
28         <restriction base="anyURI">
29             <maxLength value="1024"/>
30         </restriction>
31     </simpleType>
32     <complexType name="localizedNameType">
33         <simpleContent>
34             <extension base="string">
35                 <attribute ref="xml:lang" use="required"/>
36             </extension>
37         </simpleContent>
38     </complexType>
39     <complexType name="localizedURIType">
40         <simpleContent>
41             <extension base="anyURI">
42                 <attribute ref="xml:lang" use="required"/>
43             </extension>
44         </simpleContent>
45     </complexType>
46     
47     <element name="Extensions" type="md:ExtensionsType"/>
48     <complexType final="#all" name="ExtensionsType">
49         <sequence>
50             <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
51         </sequence>
52     </complexType>
53     
54     <complexType name="EndpointType">
55         <sequence>
56             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
57         </sequence>
58         <attribute name="Binding" type="anyURI" use="required"/>
59         <attribute name="Location" type="anyURI" use="required"/>
60         <attribute name="ResponseLocation" type="anyURI" use="optional"/>
61         <anyAttribute namespace="##other" processContents="lax"/>
62     </complexType>
63     
64     <complexType name="IndexedEndpointType">
65         <complexContent>
66             <extension base="md:EndpointType">
67                 <attribute name="index" type="unsignedShort" use="required"/>
68                 <attribute name="isDefault" type="boolean" use="optional"/>
69             </extension>
70         </complexContent>
71     </complexType>
72     
73     <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
74     <complexType name="EntitiesDescriptorType">
75         <sequence>
76             <element ref="ds:Signature" minOccurs="0"/>
77             <element ref="md:Extensions" minOccurs="0"/>
78             <choice minOccurs="1" maxOccurs="unbounded">
79                 <element ref="md:EntityDescriptor"/>
80                 <element ref="md:EntitiesDescriptor"/>
81             </choice>
82         </sequence>
83         <attribute name="validUntil" type="dateTime" use="optional"/>
84         <attribute name="cacheDuration" type="duration" use="optional"/>
85         <attribute name="ID" type="ID" use="optional"/>
86         <attribute name="Name" type="string" use="optional"/>
87     </complexType>
88
89     <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
90     <complexType name="EntityDescriptorType">
91         <sequence>
92             <element ref="ds:Signature" minOccurs="0"/>
93             <element ref="md:Extensions" minOccurs="0"/>
94             <choice>
95                 <choice maxOccurs="unbounded">
96                     <element ref="md:RoleDescriptor"/>
97                     <element ref="md:IDPSSODescriptor"/>
98                     <element ref="md:SPSSODescriptor"/>
99                     <element ref="md:AuthnAuthorityDescriptor"/>
100                     <element ref="md:AttributeAuthorityDescriptor"/>
101                     <element ref="md:PDPDescriptor"/>
102                 </choice>
103                 <element ref="md:AffiliationDescriptor"/>
104             </choice>
105             <element ref="md:Organization" minOccurs="0"/>
106             <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
107             <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
108         </sequence>
109         <attribute name="entityID" type="md:entityIDType" use="required"/>
110         <attribute name="validUntil" type="dateTime" use="optional"/>
111         <attribute name="cacheDuration" type="duration" use="optional"/>
112         <attribute name="ID" type="ID" use="optional"/>
113         <anyAttribute namespace="##other" processContents="lax"/>
114     </complexType>
115     
116     <element name="Organization" type="md:OrganizationType"/>
117     <complexType name="OrganizationType">
118         <sequence>
119             <element ref="md:Extensions" minOccurs="0"/>
120             <element ref="md:OrganizationName" maxOccurs="unbounded"/>
121             <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
122             <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
123         </sequence>
124         <anyAttribute namespace="##other" processContents="lax"/>
125     </complexType>
126     <element name="OrganizationName" type="md:localizedNameType"/>
127     <element name="OrganizationDisplayName" type="md:localizedNameType"/>
128     <element name="OrganizationURL" type="md:localizedURIType"/>
129     <element name="ContactPerson" type="md:ContactType"/>
130     <complexType name="ContactType">
131         <sequence>
132             <element ref="md:Extensions" minOccurs="0"/>
133             <element ref="md:Company" minOccurs="0"/>
134             <element ref="md:GivenName" minOccurs="0"/>
135             <element ref="md:SurName" minOccurs="0"/>
136             <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
137             <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
138         </sequence>
139         <attribute name="contactType" type="md:ContactTypeType" use="required"/>
140         <anyAttribute namespace="##other" processContents="lax"/>
141     </complexType>
142     <element name="Company" type="string"/>
143     <element name="GivenName" type="string"/>
144     <element name="SurName" type="string"/>
145     <element name="EmailAddress" type="anyURI"/>
146     <element name="TelephoneNumber" type="string"/>
147     <simpleType name="ContactTypeType">
148         <restriction base="string">
149             <enumeration value="technical"/>
150             <enumeration value="support"/>
151             <enumeration value="administrative"/>
152             <enumeration value="billing"/>
153             <enumeration value="other"/>
154         </restriction>
155     </simpleType>
156
157     <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
158     <complexType name="AdditionalMetadataLocationType">
159         <simpleContent>
160             <extension base="anyURI">
161                 <attribute name="namespace" type="anyURI" use="required"/>
162             </extension>
163         </simpleContent>
164     </complexType>
165
166     <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
167     <complexType name="RoleDescriptorType" abstract="true">
168         <sequence>
169             <element ref="ds:Signature" minOccurs="0"/>
170             <element ref="md:Extensions" minOccurs="0"/>
171             <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
172             <element ref="md:Organization" minOccurs="0"/>
173             <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
174         </sequence>
175         <attribute name="ID" type="ID" use="optional"/>
176         <attribute name="validUntil" type="dateTime" use="optional"/>
177         <attribute name="cacheDuration" type="duration" use="optional"/>
178         <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
179         <attribute name="errorURL" type="anyURI" use="optional"/>
180         <anyAttribute namespace="##other" processContents="lax"/>
181     </complexType>
182     <simpleType name="anyURIListType">
183         <list itemType="anyURI"/>
184     </simpleType>
185
186     <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
187     <complexType name="KeyDescriptorType">
188         <sequence>
189             <element ref="ds:KeyInfo"/>
190             <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
191         </sequence>
192         <attribute name="use" type="md:KeyTypes" use="optional"/>
193     </complexType>
194     <simpleType name="KeyTypes">
195         <restriction base="string">
196             <enumeration value="encryption"/>
197             <enumeration value="signing"/>
198         </restriction>
199     </simpleType>
200     <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
201     
202     <complexType name="SSODescriptorType" abstract="true">
203         <complexContent>
204             <extension base="md:RoleDescriptorType">
205                 <sequence>
206                     <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
207                     <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
208                     <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
209                     <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
210                 </sequence>
211             </extension>
212         </complexContent>
213     </complexType>
214     <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
215     <element name="SingleLogoutService" type="md:EndpointType"/>
216     <element name="ManageNameIDService" type="md:EndpointType"/>
217     <element name="NameIDFormat" type="anyURI"/>
218
219     <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
220     <complexType name="IDPSSODescriptorType">
221         <complexContent>
222             <extension base="md:SSODescriptorType">
223                 <sequence>
224                     <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
225                     <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
226                     <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
227                     <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
228                     <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
229                 </sequence>
230                 <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
231             </extension>
232         </complexContent>
233     </complexType>
234     <element name="SingleSignOnService" type="md:EndpointType"/>
235     <element name="NameIDMappingService" type="md:EndpointType"/>
236     <element name="AssertionIDRequestService" type="md:EndpointType"/>
237     <element name="AttributeProfile" type="anyURI"/>
238     
239     <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
240     <complexType name="SPSSODescriptorType">
241         <complexContent>
242             <extension base="md:SSODescriptorType">
243                 <sequence>
244                     <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
245                     <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
246                 </sequence>
247                 <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
248                 <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
249             </extension>
250         </complexContent>
251     </complexType>
252     <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
253     <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
254     <complexType name="AttributeConsumingServiceType">
255         <sequence>
256             <element ref="md:ServiceName" maxOccurs="unbounded"/>
257             <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
258             <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
259         </sequence>
260         <attribute name="index" type="unsignedShort" use="required"/>
261         <attribute name="isDefault" type="boolean" use="optional"/>
262     </complexType>
263     <element name="ServiceName" type="md:localizedNameType"/>
264     <element name="ServiceDescription" type="md:localizedNameType"/>
265     <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
266     <complexType name="RequestedAttributeType">
267         <complexContent>
268             <extension base="saml:AttributeType">
269                 <attribute name="isRequired" type="boolean" use="optional"/>
270             </extension>
271         </complexContent>
272     </complexType>
273   
274     <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
275     <complexType name="AuthnAuthorityDescriptorType">
276         <complexContent>
277             <extension base="md:RoleDescriptorType">
278                 <sequence>
279                     <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
280                     <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
281                     <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
282                 </sequence>
283             </extension>
284         </complexContent>
285     </complexType>
286     <element name="AuthnQueryService" type="md:EndpointType"/>
287
288     <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
289     <complexType name="PDPDescriptorType">
290         <complexContent>
291             <extension base="md:RoleDescriptorType">
292                 <sequence>
293                     <element ref="md:AuthzService" maxOccurs="unbounded"/>
294                     <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
295                     <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
296                 </sequence>
297             </extension>
298         </complexContent>
299     </complexType>
300     <element name="AuthzService" type="md:EndpointType"/>
301
302     <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
303     <complexType name="AttributeAuthorityDescriptorType">
304         <complexContent>
305             <extension base="md:RoleDescriptorType">
306                 <sequence>
307                     <element ref="md:AttributeService" maxOccurs="unbounded"/>
308                     <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
309                     <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
310                     <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
311                     <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
312                 </sequence>
313             </extension>
314         </complexContent>
315     </complexType>
316     <element name="AttributeService" type="md:EndpointType"/>
317    
318     <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
319     <complexType name="AffiliationDescriptorType">
320         <sequence>
321             <element ref="ds:Signature" minOccurs="0"/>
322             <element ref="md:Extensions" minOccurs="0"/>
323             <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
324             <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
325         </sequence>
326         <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
327         <attribute name="validUntil" type="dateTime" use="optional"/>
328         <attribute name="cacheDuration" type="duration" use="optional"/>
329         <attribute name="ID" type="ID" use="optional"/>
330         <anyAttribute namespace="##other" processContents="lax"/>
331     </complexType>
332     <element name="AffiliateMember" type="md:entityIDType"/>
333 </schema>