Added contact info to site metadata.
[java-idp.git] / src / schemas / shibboleth.xsd
index 1652288..07dbdb7 100644 (file)
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="US-ASCII"?>
-<schema targetNamespace="urn:mace:shibboleth:1.0" xmlns:shib="urn:mace:shibboleth:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+<schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
     <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
     
-    <!-- Used by AA in samlp:StatusDetail to signal user wants real-time attribute release. -->
-    <element name="RealTimeReleaseURL" type="anyURI"/>
+    
+    <!-- Status-Related Information -->
     
     <!--
     The following SAML sub-status codes are defined in this namespace:
             Used with samlp:Requester, signals AA did not recognize handle as valid
     -->
     
-    <!--
-    Identifies a Shibboleth origin site's name, handle service (w/ optional key),
-    authorized domains it may assert attributes for besides itself, and any WAYF aliases preferred.
-    -->
-    <element name="OriginSite">
+    <element name="RealTimeReleaseURL" type="anyURI">
+        <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
+    </element>
+    
+
+    <!-- Relaxes SAML AttributeValue type definition -->
+
+       <complexType name="AttributeValueType" mixed="true">
+               <annotation>By convention, all Shibboleth attribute values carry this unconstrained xsi:type.</annotation>
+               <sequence>
+                       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+               </sequence>
+               <anyAttribute namespace="##any" processContents="lax"/>
+       </complexType>
+
+
+    <!-- Attribute Acceptance Policies -->
+       
+    <simpleType name="AttributeRuleValueType">
+        <restriction base="string">
+            <enumeration value="literal"/>
+            <enumeration value="regexp"/>
+            <enumeration value="xpath"/>
+        </restriction>
+    </simpleType>
+    
+    <complexType name="SiteRuleType">
+        <sequence>
+            <element name="Value" maxOccurs="unbounded">
+                <complexType>
+                    <simpleContent>
+                        <extension base="string">
+                            <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
+                        </extension>
+                    </simpleContent>
+                </complexType>
+            </element>
+        </sequence>
+    </complexType>
+
+    <element name="AnySite" type="shib:SiteRuleType"/>
+    <element name="SiteRule">
+        <complexType>
+            <complexContent>
+                <extension base="shib:SiteRuleType">
+                    <attribute name="Name" type="string" use="required"/>
+                </extension>
+            </complexContent>
+        </complexType>
+    </element>
+
+    <complexType name="AttributeRuleType">
+        <sequence>
+            <element ref="shib:AnySite" minOccurs="0"/>
+            <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Name" type="anyURI"/>
+    </complexType>
+
+    <element name="AttributeRule" type="shib:AttributeRuleType">
+        <key name="SiteRuleKey">
+            <selector xpath="./shib:SiteRule"/>
+            <field xpath="@Name"/>
+        </key>
+    </element>
+
+    <element name="AttributeAcceptancePolicy">
         <complexType>
             <sequence>
-                <element name="HandleService" maxOccurs="unbounded">
-                    <complexType>
-                        <sequence>
-                            <element ref="ds:KeyInfo" minOccurs="0"/>
-                        </sequence>
-                        <attribute name="Name" type="string" use="required"/>
-                    </complexType>
-                </element>
-                <element name="Domains" type="string" minOccurs="0" maxOccurs="unbounded"/>
-                <element name="Alias" minOccurs="0" maxOccurs="unbounded">
-                    <complexType>
-                        <simpleContent>
-                            <extension base="string">
-                                <attribute ref="xml:lang"/>
-                            </extension>
-                        </simpleContent>
-                    </complexType>
-                </element>
+                <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
             </sequence>
-            <attribute name="Name" type="string" use="required"/>
         </complexType>
+        <key name="AttributeNameKey">
+            <selector xpath="./shib:AttributeRule"/>
+            <field xpath="@Name"/>
+        </key>
     </element>
+
+
+    <!-- Shibboleth Metadata -->
     
-    <!-- The registry of origin sites plus an optional signature. -->
-    <element name="OriginSites">
+    <complexType name="SiteType">
+        <annotation>All sites have a Name attribute, plus optional i18n-ized aliases.</annotation>
+        <sequence>
+            <element name="Alias" minOccurs="0" maxOccurs="unbounded">
+                <complexType>
+                    <simpleContent>
+                        <extension base="string">
+                            <attribute ref="xml:lang"/>
+                        </extension>
+                    </simpleContent>
+                </complexType>
+            </element>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="ContactName" type="string" use="optional"/>
+        <attribute name="ContactEmail" type="string" use="optional"/>
+        <attribute name="ErrorURL" type="anyURI" use="optional"/>
+    </complexType>
+
+    <complexType name="regexp_string">
+        <annotation> A string element with an optional attribute signaling regexp content. </annotation>
+        <simpleContent>
+            <extension base="string">
+                <attribute name="regexp" type="boolean" use="optional" default="false"/>
+            </extension>
+        </simpleContent>
+    </complexType>    
+
+    <complexType name="OriginSiteType">
+        <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
+        <complexContent>
+            <extension base="shib:SiteType">
+                <sequence>
+                    <element name="HandleService" maxOccurs="unbounded">
+                        <complexType>
+                            <sequence>
+                                <element ref="ds:KeyInfo" minOccurs="0"/>
+                            </sequence>
+                            <attribute name="Name" type="string" use="required"/>
+                            <attribute name="Location" type="anyURI" use="required"/>
+                        </complexType>
+                    </element>
+                    <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+
+    <complexType name="SiteGroupType">
+        <annotation>Used to logically group sites together.</annotation>
+        <sequence>
+            <choice maxOccurs="unbounded">
+                <element ref="shib:OriginSite"/>
+                <element ref="shib:DestinationSite"/>
+                <element ref="shib:SiteGroup"/>
+            </choice>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+    </complexType>    
+
+    <element name="OriginSite" type="shib:OriginSiteType"/>
+    <element name="DestinationSite" type="shib:SiteType"/>
+    <element name="SiteGroup" type="shib:SiteGroupType"/>
+
+    <element name="Sites">
+        <annotation>The registry of sites plus an optional enveloped signature.</annotation>
         <complexType>
             <sequence>
-                <element ref="shib:OriginSite" maxOccurs="unbounded"/>
+                <choice maxOccurs="unbounded">
+                    <element ref="shib:OriginSite"/>
+                    <element ref="shib:DestinationSite"/>
+                    <element ref="shib:SiteGroup"/>
+                </choice>
                 <element ref="ds:Signature" minOccurs="0"/>
             </sequence>
         </complexType>