856609b1f6b7baaad8ce4b4da82e9ba57d599085
[java-idp.git] / src / schemas / shibboleth.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0">
3     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
5     
6     
7     <!-- Status-Related Information -->
8     
9     <!--
10     The following SAML sub-status codes are defined in this namespace:
11     
12         "RealTimeRelease"
13             Used with samlp:Responder, signals user wants real-time attribute release
14         
15         "InvalidHandle"
16             Used with samlp:Requester, signals AA did not recognize handle as valid
17     -->
18     
19     <element name="RealTimeReleaseURL" type="anyURI">
20         <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
21     </element>
22     
23
24     <!-- Relaxes SAML AttributeValue type definition -->
25
26         <complexType name="AttributeValueType" mixed="true">
27                 <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
28                 <sequence>
29                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
30                 </sequence>
31                 <anyAttribute namespace="##any" processContents="lax"/>
32         </complexType>
33
34
35     <!-- Attribute Acceptance Policies -->
36         
37     <simpleType name="AttributeRuleValueType">
38         <restriction base="string">
39             <enumeration value="literal"/>
40             <enumeration value="regexp"/>
41             <enumeration value="xpath"/>
42         </restriction>
43     </simpleType>
44     
45     <complexType name="SiteRuleType">
46         <choice>
47                 <element name="AnyValue">
48                         <complexType>
49                                 <sequence/>
50                         </complexType>
51                 </element>
52             <element name="Value" maxOccurs="unbounded">
53                 <complexType>
54                     <simpleContent>
55                         <extension base="string">
56                             <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
57                         </extension>
58                     </simpleContent>
59                 </complexType>
60             </element>
61         </choice>
62     </complexType>
63
64     <element name="AnySite" type="shib:SiteRuleType"/>
65     <element name="SiteRule">
66         <complexType>
67             <complexContent>
68                 <extension base="shib:SiteRuleType">
69                     <attribute name="Name" type="string" use="required"/>
70                 </extension>
71             </complexContent>
72         </complexType>
73     </element>
74
75     <complexType name="AttributeRuleType">
76         <sequence>
77             <element ref="shib:AnySite" minOccurs="0"/>
78             <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
79         </sequence>
80         <attribute name="Name" type="anyURI"/>
81     </complexType>
82
83     <element name="AttributeRule" type="shib:AttributeRuleType">
84         <key name="SiteRuleKey">
85             <selector xpath="./shib:SiteRule"/>
86             <field xpath="@Name"/>
87         </key>
88     </element>
89
90     <element name="AttributeAcceptancePolicy">
91         <complexType>
92             <sequence>
93                 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
94             </sequence>
95         </complexType>
96         <key name="AttributeNameKey">
97             <selector xpath="./shib:AttributeRule"/>
98             <field xpath="@Name"/>
99         </key>
100     </element>
101
102
103     <!-- Shibboleth Metadata -->
104     
105     <complexType name="SiteType">
106         <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
107         <sequence>
108             <element name="Alias" minOccurs="0" maxOccurs="unbounded">
109                 <complexType>
110                     <simpleContent>
111                         <extension base="string">
112                             <attribute ref="xml:lang"/>
113                         </extension>
114                     </simpleContent>
115                 </complexType>
116             </element>
117             <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
118         </sequence>
119         <attribute name="Name" type="string" use="required"/>
120         <attribute name="ErrorURL" type="anyURI" use="optional"/>
121     </complexType>
122
123         <simpleType name="ContactTypeType">
124                 <restriction base="string">
125             <enumeration value="technical"/>
126             <enumeration value="administrative"/>
127             <enumeration value="billing"/>
128             <enumeration value="other"/>
129         </restriction>
130     </simpleType>
131
132         <complexType name="ContactType">
133                 <annotation>A human contact for a site.</annotation>
134                 <sequence/>
135         <attribute name="Type" type="shib:ContactTypeType" use="required"/>
136         <attribute name="Name" type="string" use="required"/>
137         <attribute name="Email" type="string" use="optional"/>
138         </complexType>
139
140     <complexType name="regexp_string">
141         <annotation>A string element with an optional attribute signaling regexp content.</annotation>
142         <simpleContent>
143             <extension base="string">
144                 <attribute name="regexp" type="boolean" use="optional" default="false"/>
145             </extension>
146         </simpleContent>
147     </complexType>    
148
149         <complexType name="AuthorityType">
150                 <annotation>Metadata about a SAML authority.</annotation>
151         <sequence/>
152         <attribute name="Name" type="string" use="required"/>
153         <attribute name="Location" type="anyURI" use="required"/>
154         </complexType>
155
156     <complexType name="OriginSiteType">
157         <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
158         <complexContent>
159                 <extension base="shib:SiteType">
160                     <sequence>
161                         <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
162                         <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
163                         <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
164                     </sequence>
165                 </extension>
166         </complexContent>
167     </complexType>
168
169     <complexType name="SiteGroupType">
170         <annotation>Used to logically group sites together, optionally signed.</annotation>
171         <sequence>
172             <choice maxOccurs="unbounded">
173                 <element ref="shib:OriginSite"/>
174                 <element ref="shib:DestinationSite"/>
175                 <element ref="shib:SiteGroup"/>
176             </choice>
177             <element ref="ds:Signature" minOccurs="0"/>
178         </sequence>
179         <attribute name="Name" type="string" use="required"/>
180     </complexType>    
181
182     <element name="OriginSite" type="shib:OriginSiteType"/>
183     <element name="DestinationSite" type="shib:SiteType"/>
184     <element name="SiteGroup" type="shib:SiteGroupType"/>
185
186         <complexType name="KeyAuthorityType">
187                 <annotation>Binds a set of keying material to one or more named system entities.</annotation>
188                 <sequence>
189                         <element ref="ds:KeyInfo"/>
190                         <element name="Subject" type="shib:regexp_string" maxOccurs="unbounded"/>
191                 </sequence>
192         </complexType>
193         
194         <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
195         
196         <element name="Trust">
197                 <annotation>An optionally signed collection of KeyAuthority data.</annotation>
198                 <complexType>
199                         <sequence>
200                                 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
201                                 <element ref="ds:Signature" minOccurs="0"/>
202                         </sequence>
203                 </complexType>
204         </element>
205         
206 </schema>