07dbdb79082792a8c42a58113d88e7f2588a4737
[java-idp.git] / src / schemas / shibboleth.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
3     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
5     
6     
7     <!-- Status-Related Information -->
8     
9     <!--
10     The following SAML sub-status codes are defined in this namespace:
11     
12         "RealTimeRelease"
13             Used with samlp:Responder, signals user wants real-time attribute release
14         
15         "InvalidHandle"
16             Used with samlp:Requester, signals AA did not recognize handle as valid
17     -->
18     
19     <element name="RealTimeReleaseURL" type="anyURI">
20         <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
21     </element>
22     
23
24     <!-- Relaxes SAML AttributeValue type definition -->
25
26         <complexType name="AttributeValueType" mixed="true">
27                 <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
28                 <sequence>
29                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
30                 </sequence>
31                 <anyAttribute namespace="##any" processContents="lax"/>
32         </complexType>
33
34
35     <!-- Attribute Acceptance Policies -->
36         
37     <simpleType name="AttributeRuleValueType">
38         <restriction base="string">
39             <enumeration value="literal"/>
40             <enumeration value="regexp"/>
41             <enumeration value="xpath"/>
42         </restriction>
43     </simpleType>
44     
45     <complexType name="SiteRuleType">
46         <sequence>
47             <element name="Value" maxOccurs="unbounded">
48                 <complexType>
49                     <simpleContent>
50                         <extension base="string">
51                             <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
52                         </extension>
53                     </simpleContent>
54                 </complexType>
55             </element>
56         </sequence>
57     </complexType>
58
59     <element name="AnySite" type="shib:SiteRuleType"/>
60     <element name="SiteRule">
61         <complexType>
62             <complexContent>
63                 <extension base="shib:SiteRuleType">
64                     <attribute name="Name" type="string" use="required"/>
65                 </extension>
66             </complexContent>
67         </complexType>
68     </element>
69
70     <complexType name="AttributeRuleType">
71         <sequence>
72             <element ref="shib:AnySite" minOccurs="0"/>
73             <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
74         </sequence>
75         <attribute name="Name" type="anyURI"/>
76     </complexType>
77
78     <element name="AttributeRule" type="shib:AttributeRuleType">
79         <key name="SiteRuleKey">
80             <selector xpath="./shib:SiteRule"/>
81             <field xpath="@Name"/>
82         </key>
83     </element>
84
85     <element name="AttributeAcceptancePolicy">
86         <complexType>
87             <sequence>
88                 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
89             </sequence>
90         </complexType>
91         <key name="AttributeNameKey">
92             <selector xpath="./shib:AttributeRule"/>
93             <field xpath="@Name"/>
94         </key>
95     </element>
96
97
98     <!-- Shibboleth Metadata -->
99     
100     <complexType name="SiteType">
101         <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
102         <sequence>
103             <element name="Alias" minOccurs="0" maxOccurs="unbounded">
104                 <complexType>
105                     <simpleContent>
106                         <extension base="string">
107                             <attribute ref="xml:lang"/>
108                         </extension>
109                     </simpleContent>
110                 </complexType>
111             </element>
112         </sequence>
113         <attribute name="Name" type="string" use="required"/>
114         <attribute name="ContactName" type="string" use="optional"/>
115         <attribute name="ContactEmail" type="string" use="optional"/>
116         <attribute name="ErrorURL" type="anyURI" use="optional"/>
117     </complexType>
118
119     <complexType name="regexp_string">
120         <annotation> A string element with an optional attribute signaling regexp content. </annotation>
121         <simpleContent>
122             <extension base="string">
123                 <attribute name="regexp" type="boolean" use="optional" default="false"/>
124             </extension>
125         </simpleContent>
126     </complexType>    
127
128     <complexType name="OriginSiteType">
129         <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
130         <complexContent>
131             <extension base="shib:SiteType">
132                 <sequence>
133                     <element name="HandleService" maxOccurs="unbounded">
134                         <complexType>
135                             <sequence>
136                                 <element ref="ds:KeyInfo" minOccurs="0"/>
137                             </sequence>
138                             <attribute name="Name" type="string" use="required"/>
139                             <attribute name="Location" type="anyURI" use="required"/>
140                         </complexType>
141                     </element>
142                     <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
143                 </sequence>
144             </extension>
145         </complexContent>
146     </complexType>
147
148     <complexType name="SiteGroupType">
149         <annotation>Used to logically group sites together.</annotation>
150         <sequence>
151             <choice maxOccurs="unbounded">
152                 <element ref="shib:OriginSite"/>
153                 <element ref="shib:DestinationSite"/>
154                 <element ref="shib:SiteGroup"/>
155             </choice>
156         </sequence>
157         <attribute name="Name" type="string" use="required"/>
158     </complexType>    
159
160     <element name="OriginSite" type="shib:OriginSiteType"/>
161     <element name="DestinationSite" type="shib:SiteType"/>
162     <element name="SiteGroup" type="shib:SiteGroupType"/>
163
164     <element name="Sites">
165         <annotation>The registry of sites plus an optional enveloped signature.</annotation>
166         <complexType>
167             <sequence>
168                 <choice maxOccurs="unbounded">
169                     <element ref="shib:OriginSite"/>
170                     <element ref="shib:DestinationSite"/>
171                     <element ref="shib:SiteGroup"/>
172                 </choice>
173                 <element ref="ds:Signature" minOccurs="0"/>
174             </sequence>
175         </complexType>
176     </element>
177 </schema>