Sync up with latest C++ version
[java-idp.git] / src / schemas / shibboleth.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
5         xmlns:xml="http://www.w3.org/XML/1998/namespace"
6         xmlns:shib="urn:mace:shibboleth:1.0"
7         elementFormDefault="qualified"
8         attributeFormDefault="unqualified"
9         version="1.2">
10
11     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
12     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
13     
14     
15     <!-- Status-Related Information -->
16     
17     <!--
18     The following SAML sub-status codes are defined in this namespace:
19     
20         "InvalidHandle"
21             Used with samlp:Requester, signals AA did not recognize handle as valid
22     -->
23
24     <!-- Relaxes SAML AttributeValue type definition -->
25
26         <complexType name="AttributeValueType" mixed="true">
27                 <annotation>
28                         <documentation xml:lang="en">By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</documentation>
29                 </annotation>
30                 <sequence>
31                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
32                 </sequence>
33                 <anyAttribute namespace="##any" processContents="lax"/>
34         </complexType>
35     
36     <!-- Attribute Acceptance Policies -->
37         
38     <simpleType name="AttributeRuleValueType">
39         <restriction base="string">
40             <enumeration value="literal"/>
41             <enumeration value="regexp"/>
42             <enumeration value="xpath"/>
43         </restriction>
44     </simpleType>
45     
46     <complexType name="SiteRuleType">
47         <sequence>
48                 <element name="Scope" minOccurs="0" maxOccurs="unbounded">
49                         <complexType>
50                     <simpleContent>
51                         <extension base="string">
52                                 <attribute name="Accept" type="boolean" use="optional" default="true"/>
53                             <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
54                             <anyAttribute namespace="##any" processContents="lax"/>
55                         </extension>
56                     </simpleContent>
57                         </complexType>
58                 </element>
59                 <choice minOccurs="0">
60                         <element name="AnyValue">
61                                 <complexType>
62                                         <sequence/>
63                                         <anyAttribute namespace="##any" processContents="lax"/>
64                                 </complexType>
65                         </element>
66                     <element name="Value" maxOccurs="unbounded">
67                         <complexType>
68                             <simpleContent>
69                                 <extension base="string">
70                                     <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
71                                     <anyAttribute namespace="##any" processContents="lax"/>
72                                 </extension>
73                             </simpleContent>
74                         </complexType>
75                     </element>
76                 </choice>
77         </sequence>
78     </complexType>
79
80     <element name="AnySite" type="shib:SiteRuleType"/>
81     <element name="SiteRule">
82         <complexType>
83             <complexContent>
84                 <extension base="shib:SiteRuleType">
85                     <attribute name="Name" type="string" use="required"/>
86                     <anyAttribute namespace="##any" processContents="lax"/>
87                 </extension>
88             </complexContent>
89         </complexType>
90     </element>
91
92     <complexType name="AttributeRuleType">
93         <sequence>
94             <element ref="shib:AnySite" minOccurs="0"/>
95             <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
96         </sequence>
97         <attribute name="Name" type="string" use="required"/>
98         <attribute name="Namespace" type="string" use="optional"/>
99         <attribute name="Factory" type="string" use="optional"/>
100         <attribute name="Alias" type="string" use="optional"/>
101                 <attribute name="Header" type="string" use="optional"/>
102                 <anyAttribute namespace="##any" processContents="lax"/>
103     </complexType>
104
105     <element name="AttributeRule" type="shib:AttributeRuleType">
106         <key name="SiteRuleKey">
107             <selector xpath="./shib:SiteRule"/>
108             <field xpath="@Name"/>
109         </key>
110     </element>
111
112     <element name="AttributeAcceptancePolicy">
113         <complexType>
114             <sequence>
115                 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
116             </sequence>
117             <anyAttribute namespace="##any" processContents="lax"/>
118         </complexType>
119     </element>
120
121
122     <!-- Shibboleth Metadata -->
123     
124     <complexType name="SiteType">
125         <annotation>
126                 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
127         </annotation>
128         <sequence>
129             <element name="Alias" minOccurs="0" maxOccurs="unbounded">
130                 <complexType>
131                     <simpleContent>
132                         <extension base="string">
133                             <attribute ref="xml:lang"/>
134                         </extension>
135                     </simpleContent>
136                 </complexType>
137             </element>
138             <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
139         </sequence>
140         <attribute name="Name" type="string" use="required"/>
141         <attribute name="ErrorURL" type="anyURI" use="optional"/>
142         <anyAttribute namespace="##any" processContents="lax"/>
143     </complexType>
144
145         <simpleType name="ContactTypeType">
146                 <restriction base="string">
147             <enumeration value="technical"/>
148             <enumeration value="support"/>
149             <enumeration value="administrative"/>
150             <enumeration value="billing"/>
151             <enumeration value="other"/>
152         </restriction>
153     </simpleType>
154
155         <complexType name="ContactType">
156                 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
157                 <sequence/>
158         <attribute name="Type" type="shib:ContactTypeType" use="required"/>
159         <attribute name="Name" type="string" use="required"/>
160         <attribute name="Email" type="string" use="optional"/>
161         </complexType>
162
163     <complexType name="regexp_string">
164         <annotation>
165                 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
166         </annotation>
167         <simpleContent>
168             <extension base="string">
169                 <attribute name="regexp" type="boolean" use="optional" default="false"/>
170             </extension>
171         </simpleContent>
172     </complexType>    
173
174         <complexType name="AuthorityType">
175                 <annotation>
176                         <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
177                 </annotation>
178         <sequence/>
179         <attribute name="Name" type="string" use="required"/>
180         <attribute name="Location" type="anyURI" use="required"/>
181         <anyAttribute namespace="##any" processContents="lax"/>
182         </complexType>
183
184     <complexType name="OriginSiteType">
185         <annotation>
186                 <documentation xml:lang="en">
187                 Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping.
188                 </documentation>
189         </annotation>
190         <complexContent>
191                 <extension base="shib:SiteType">
192                     <sequence>
193                         <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
194                         <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
195                         <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
196                     </sequence>
197                 </extension>
198         </complexContent>
199     </complexType>
200
201     <complexType name="DestinationSiteType">
202         <annotation>
203                 <documentation xml:lang="en">
204                 Destination sites add at least one attribute requester (with a name).
205                 </documentation>
206         </annotation>
207         <complexContent>
208                 <extension base="shib:SiteType">
209                     <sequence>
210                         <element name="AssertionConsumerServiceURL" maxOccurs="unbounded">
211                                 <complexType>
212                                         <sequence/>
213                                         <attribute name="Location" type="string" use="required"/>
214                                                 <attribute name="Id" type="string" use="optional"/>
215                                                 <anyAttribute namespace="##any" processContents="lax"/>
216                                 </complexType>
217                         </element>
218                         <element name="AttributeRequester" maxOccurs="unbounded">
219                                 <complexType>
220                                         <sequence/>
221                                         <attribute name="Name" type="string" use="required"/>
222                                                 <anyAttribute namespace="##any" processContents="lax"/>
223                                 </complexType>
224                         </element>
225                     </sequence>
226                 </extension>
227         </complexContent>
228     </complexType>
229
230     <complexType name="SiteGroupType">
231         <annotation>
232                 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
233         </annotation>
234         <sequence>
235             <choice maxOccurs="unbounded">
236                 <element ref="shib:OriginSite"/>
237                 <element ref="shib:DestinationSite"/>
238                 <element ref="shib:SiteGroup"/>
239             </choice>
240             <element ref="ds:Signature" minOccurs="0"/>
241         </sequence>
242         <attribute name="Name" type="string" use="required"/>
243         <attribute name="lastChanged" type="dateTime" use="optional"/>
244         <attribute name="validUntil" type="dateTime" use="optional"/>
245         <attribute name="cacheDuration" type="duration" use="optional"/>
246         <anyAttribute namespace="##any" processContents="lax"/>
247     </complexType>    
248
249     <element name="OriginSite" type="shib:OriginSiteType"/>
250     <element name="DestinationSite" type="shib:DestinationSiteType"/>
251     <element name="SiteGroup" type="shib:SiteGroupType"/>
252
253
254         <!-- Old (pre 1.2) Trust Metadata -->
255
256         <complexType name="KeyAuthorityType">
257                 <annotation>
258                         <documentation xml:lang="en">
259                         Binds a set of keying material to one or more named system entities.
260                         </documentation>
261                 </annotation>
262                 <sequence>
263                         <element ref="ds:KeyInfo"/>
264                         <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
265                 </sequence>
266                 <anyAttribute namespace="##any" processContents="lax"/>
267         </complexType>
268         <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
269
270         <element name="Trust">
271                 <annotation>
272                         <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
273                 </annotation>
274                 <complexType>
275                         <sequence>
276                                 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
277                                 <element ref="ds:Signature" minOccurs="0"/>
278                         </sequence>
279                 <attribute name="lastChanged" type="dateTime" use="optional"/>
280                 <attribute name="validUntil" type="dateTime" use="optional"/>
281                 <attribute name="cacheDuration" type="duration" use="optional"/>
282                 <anyAttribute namespace="##any" processContents="lax"/>
283                 </complexType>
284         </element>
285
286 </schema>