Synched from /c.
[java-idp.git] / src / schemas / shibboleth.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.0">
3     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
4     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
5     
6     
7     <!-- Status-Related Information -->
8     
9     <!--
10     The following SAML sub-status codes are defined in this namespace:
11     
12         "RealTimeRelease"
13             Used with samlp:Responder, signals user wants real-time attribute release
14         
15         "InvalidHandle"
16             Used with samlp:Requester, signals AA did not recognize handle as valid
17     -->
18     
19     <element name="RealTimeReleaseURL" type="anyURI">
20         <annotation>
21                 <documentation xml:lang="en">Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</documentation>
22         </annotation>
23     </element>
24     
25
26     <!-- Relaxes SAML AttributeValue type definition -->
27
28         <complexType name="AttributeValueType" mixed="true">
29                 <annotation>
30                         <documentation xml:lang="en">By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</documentation>
31                 </annotation>
32                 <sequence>
33                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
34                 </sequence>
35                 <anyAttribute namespace="##any" processContents="lax"/>
36         </complexType>
37
38
39     <!-- Attribute Acceptance Policies -->
40         
41     <simpleType name="AttributeRuleValueType">
42         <restriction base="string">
43             <enumeration value="literal"/>
44             <enumeration value="regexp"/>
45             <enumeration value="xpath"/>
46         </restriction>
47     </simpleType>
48     
49     <complexType name="SiteRuleType">
50         <sequence>
51                 <element name="Scope" minOccurs="0" maxOccurs="unbounded">
52                         <complexType>
53                     <simpleContent>
54                         <extension base="string">
55                                 <attribute name="Accept" type="boolean" use="optional" default="true"/>
56                             <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
57                         </extension>
58                     </simpleContent>
59                         </complexType>
60                 </element>
61                 <choice minOccurs="0">
62                         <element name="AnyValue">
63                                 <complexType>
64                                         <sequence/>
65                                 </complexType>
66                         </element>
67                     <element name="Value" maxOccurs="unbounded">
68                         <complexType>
69                             <simpleContent>
70                                 <extension base="string">
71                                     <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
72                                 </extension>
73                             </simpleContent>
74                         </complexType>
75                     </element>
76                 </choice>
77         </sequence>
78     </complexType>
79
80     <element name="AnySite" type="shib:SiteRuleType"/>
81     <element name="SiteRule">
82         <complexType>
83             <complexContent>
84                 <extension base="shib:SiteRuleType">
85                     <attribute name="Name" type="string" use="required"/>
86                 </extension>
87             </complexContent>
88         </complexType>
89     </element>
90
91     <complexType name="AttributeRuleType">
92         <sequence>
93             <element ref="shib:AnySite" minOccurs="0"/>
94             <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
95         </sequence>
96         <attribute name="Name" type="string" use="required"/>
97         <attribute name="Namespace" type="string" use="optional"/>
98         <attribute name="Factory" type="string" use="optional"/>
99         <attribute name="Alias" type="string" use="optional"/>
100                 <attribute name="Header" type="string" use="optional"/>
101     </complexType>
102
103     <element name="AttributeRule" type="shib:AttributeRuleType">
104         <key name="SiteRuleKey">
105             <selector xpath="./shib:SiteRule"/>
106             <field xpath="@Name"/>
107         </key>
108     </element>
109
110     <element name="AttributeAcceptancePolicy">
111         <complexType>
112             <sequence>
113                 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
114             </sequence>
115         </complexType>
116     </element>
117
118
119     <!-- Shibboleth Metadata -->
120     
121     <complexType name="SiteType">
122         <annotation>
123                 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
124         </annotation>
125         <sequence>
126             <element name="Alias" minOccurs="0" maxOccurs="unbounded">
127                 <complexType>
128                     <simpleContent>
129                         <extension base="string">
130                             <attribute ref="xml:lang"/>
131                         </extension>
132                     </simpleContent>
133                 </complexType>
134             </element>
135             <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
136         </sequence>
137         <attribute name="Name" type="string" use="required"/>
138         <attribute name="ErrorURL" type="anyURI" use="optional"/>
139     </complexType>
140
141         <simpleType name="ContactTypeType">
142                 <restriction base="string">
143             <enumeration value="technical"/>
144             <enumeration value="administrative"/>
145             <enumeration value="billing"/>
146             <enumeration value="other"/>
147         </restriction>
148     </simpleType>
149
150         <complexType name="ContactType">
151                 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
152                 <sequence/>
153         <attribute name="Type" type="shib:ContactTypeType" use="required"/>
154         <attribute name="Name" type="string" use="required"/>
155         <attribute name="Email" type="string" use="optional"/>
156         </complexType>
157
158     <complexType name="regexp_string">
159         <annotation>
160                 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
161         </annotation>
162         <simpleContent>
163             <extension base="string">
164                 <attribute name="regexp" type="boolean" use="optional" default="false"/>
165             </extension>
166         </simpleContent>
167     </complexType>    
168
169         <complexType name="AuthorityType">
170                 <annotation>
171                         <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
172                 </annotation>
173         <sequence/>
174         <attribute name="Name" type="string" use="required"/>
175         <attribute name="Location" type="anyURI" use="required"/>
176         </complexType>
177
178     <complexType name="OriginSiteType">
179         <annotation>
180                 <documentation xml:lang="en">Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</documentation>
181         </annotation>
182         <complexContent>
183                 <extension base="shib:SiteType">
184                     <sequence>
185                         <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
186                         <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
187                         <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
188                     </sequence>
189                 </extension>
190         </complexContent>
191     </complexType>
192
193     <complexType name="SiteGroupType">
194         <annotation>
195                 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
196         </annotation>
197         <sequence>
198             <choice maxOccurs="unbounded">
199                 <element ref="shib:OriginSite"/>
200                 <element ref="shib:DestinationSite"/>
201                 <element ref="shib:SiteGroup"/>
202             </choice>
203             <element ref="ds:Signature" minOccurs="0"/>
204         </sequence>
205         <attribute name="Name" type="string" use="required"/>
206     </complexType>    
207
208     <element name="OriginSite" type="shib:OriginSiteType"/>
209     <element name="DestinationSite" type="shib:SiteType"/>
210     <element name="SiteGroup" type="shib:SiteGroupType"/>
211
212         <complexType name="KeyAuthorityType">
213                 <annotation>
214                         <documentation xml:lang="en">Binds a set of keying material to one or more named system entities.</documentation>
215                 </annotation>
216                 <sequence>
217                         <element ref="ds:KeyInfo"/>
218                         <element name="Subject" type="shib:regexp_string" maxOccurs="unbounded"/>
219                 </sequence>
220         </complexType>
221         
222         <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
223         
224         <element name="Trust">
225                 <annotation>
226                         <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
227                 </annotation>
228                 <complexType>
229                         <sequence>
230                                 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
231                                 <element ref="ds:Signature" minOccurs="0"/>
232                         </sequence>
233                 </complexType>
234         </element>
235         
236 </schema>