-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="US-ASCII"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
- schemaLocation="xmldsig-core-schema.xsd"/>
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
- schemaLocation="xenc-schema.xsd"/>
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<annotation>
<documentation>
Document identifier: sstc-saml-schema-assertion-2.0
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
- V2.0 (August, 2004):
- New assertion schema based in a SAML V2.0 namespace.
+ V2.0 CD-04 (January, 2005):
+ New assertion schema for SAML V2.0 namespace.
</documentation>
</annotation>
- <group name="EncryptedType">
- <sequence>
- <element ref="xenc:EncryptedData"/>
- <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </group>
+ <attributeGroup name="IDNameQualifiers">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ </attributeGroup>
<element name="BaseID" type="saml:BaseIDAbstractType"/>
- <complexType name="BaseIDAbstractType" abstract="true" mixed="true">
- <complexContent>
- <extension base="anyType">
- <attribute name="NameQualifier" type="string" use="optional"/>
- <attribute name="SPNameQualifier" type="string" use="optional"/>
- </extension>
- </complexContent>
+ <complexType name="BaseIDAbstractType" abstract="true">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
</complexType>
<element name="NameID" type="saml:NameIDType"/>
- <complexType name="NameIDType" mixed="false">
+ <complexType name="NameIDType">
<simpleContent>
- <restriction base="saml:BaseIDAbstractType">
- <simpleType>
- <restriction base="string"/>
- </simpleType>
+ <extension base="string">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPProvidedID" type="string" use="optional"/>
- </restriction>
+ </extension>
</simpleContent>
</complexType>
- <element name="EncryptedID" type="saml:EncryptedIDType"/>
- <complexType name="EncryptedIDType" mixed="false">
- <complexContent>
- <restriction base="saml:BaseIDAbstractType">
- <group ref="saml:EncryptedType"/>
- </restriction>
- </complexContent>
+ <complexType name="EncryptedElementType">
+ <sequence>
+ <element ref="xenc:EncryptedData"/>
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
</complexType>
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>
<element name="Issuer" type="saml:NameIDType"/>
<element name="AssertionIDRef" type="NCName"/>
<element name="AssertionURIRef" type="anyURI"/>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
+ <choice minOccurs="0">
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
</sequence>
<attribute name="Method" type="anyURI" use="required"/>
<element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
<complexType name="SubjectConfirmationDataType" mixed="true">
<complexContent>
- <extension base="anyType">
+ <restriction base="anyType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
<attribute name="Recipient" type="anyURI" use="optional"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Address" type="string" use="optional"/>
- </extension>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </restriction>
</complexContent>
</complexType>
<complexType name="KeyInfoConfirmationDataType" mixed="false">
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
- <element name="EncryptedAssertion" type="saml:EncryptedAssertionType"/>
- <complexType name="EncryptedAssertionType">
- <group ref="saml:EncryptedType"/>
- </complexType>
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="AuthnStatement" type="saml:AuthnStatementType"/>
<attribute name="FriendlyName" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
- <element name="AttributeValue" type="anyType"/>
- <element name="EncryptedAttribute" type="saml:EncryptedAttributeType"/>
- <complexType name="EncryptedAttributeType">
- <group ref="saml:EncryptedType"/>
- </complexType>
+ <element name="AttributeValue" type="anyType" nillable="true"/>
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
</schema>
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
- schemaLocation="xmldsig-core-schema.xsd"/>
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
- schemaLocation="xenc-schema.xsd"/>
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="sstc-saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/XML/1998/namespace"
- schemaLocation="xml.xsd"/>
+ schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<annotation>
<documentation>
Document identifier: sstc-saml-schema-metadata-2.0
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
Revision history:
- V2.0 (August, 2004):
- Schema for SAML metadata, first published in SAML 2.0.
+ V2.0 CD-04 (January, 2005):
+ Schema for SAML metadata, first published in SAML 2.0.
</documentation>
</annotation>
<element ref="md:SPSSODescriptor"/>
<element ref="md:AuthnAuthorityDescriptor"/>
<element ref="md:AttributeAuthorityDescriptor"/>
- <element ref="md:AttributeConsumerDescriptor"/>
<element ref="md:PDPDescriptor"/>
- <any namespace="##other" processContents="lax"/>
</choice>
<element ref="md:AffiliationDescriptor"/>
</choice>
<attribute name="ID" type="ID" use="optional"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
- <attribute name="protocolSupportEnumeration" type="NMTOKENS" use="required"/>
+ <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
<attribute name="errorURL" type="anyURI" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
+ <simpleType name="anyURIListType">
+ <list itemType="anyURI"/>
+ </simpleType>
+
<element name="KeyDescriptor" type="md:KeyDescriptorType"/>
<complexType name="KeyDescriptorType">
<sequence>
<sequence>
<element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
<element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
</extension>
</complexType>
<element name="SingleSignOnService" type="md:EndpointType"/>
<element name="NameIDMappingService" type="md:EndpointType"/>
+ <element name="AssertionIDRequestService" type="md:EndpointType"/>
+ <element name="AttributeProfile" type="anyURI"/>
<element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
<complexType name="SPSSODescriptorType">
<extension base="md:SSODescriptorType">
<sequence>
<element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
+ <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
<attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
</complexContent>
</complexType>
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
+ <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
+ <complexType name="AttributeConsumingServiceType">
+ <sequence>
+ <element ref="md:ServiceName" maxOccurs="unbounded"/>
+ <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="index" type="unsignedShort" use="required"/>
+ <attribute name="isDefault" type="boolean" use="optional"/>
+ </complexType>
+ <element name="ServiceName" type="md:localizedNameType"/>
+ <element name="ServiceDescription" type="md:localizedNameType"/>
+ <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
+ <complexType name="RequestedAttributeType">
+ <complexContent>
+ <extension base="saml:AttributeType">
+ <attribute name="isRequired" type="boolean" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
<element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
<complexType name="AuthnAuthorityDescriptorType">
</complexContent>
</complexType>
<element name="AuthnQueryService" type="md:EndpointType"/>
- <element name="AssertionIDRequestService" type="md:EndpointType"/>
<element name="PDPDescriptor" type="md:PDPDescriptorType"/>
<complexType name="PDPDescriptorType">
<sequence>
<element ref="md:AttributeService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeService" type="md:EndpointType"/>
- <element name="AttributeProfile" type="anyURI"/>
-
- <element name="AttributeConsumerDescriptor" type="md:AttributeConsumerDescriptorType"/>
- <complexType name="AttributeConsumerDescriptorType">
- <complexContent>
- <extension base="md:RoleDescriptorType">
- <sequence>
- <element ref="md:AttributeConsumingService" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
- <complexType name="AttributeConsumingServiceType">
- <sequence>
- <element ref="md:ServiceName" maxOccurs="unbounded"/>
- <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="index" type="unsignedShort" use="required"/>
- <attribute name="isDefault" type="boolean" use="optional"/>
- <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
- </complexType>
- <element name="ServiceName" type="md:localizedNameType"/>
- <element name="ServiceDescription" type="md:localizedNameType"/>
- <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
- <complexType name="RequestedAttributeType">
- <complexContent>
- <extension base="saml:AttributeType">
- <attribute name="isRequired" type="boolean" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
-
+
<element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
<complexType name="AffiliationDescriptorType">
<sequence>