SP schemas
authorgilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Oct 2004 13:50:29 +0000 (13:50 +0000)
committergilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Oct 2004 13:50:29 +0000 (13:50 +0000)
and SAML 2.0 standard schemas (slightly edited)

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1172 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

14 files changed:
src/schemas/cs-sstc-schema-assertion-01.xsd [new file with mode: 0644]
src/schemas/cs-sstc-schema-assertion-1.1.xsd [new file with mode: 0644]
src/schemas/cs-sstc-schema-protocol-01.xsd [new file with mode: 0644]
src/schemas/cs-sstc-schema-protocol-1.1.xsd [new file with mode: 0644]
src/schemas/shibboleth-targetconfig-1.0.xsd [new file with mode: 0644]
src/schemas/soap-envelope.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-assertion-2.0.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-dce-2.0.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-ecp-2.0.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-ldap-2.0.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-metadata-2.0.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-protocol-2.0.xsd [new file with mode: 0644]
src/schemas/sstc-saml-schema-xacml-2.0.xsd [new file with mode: 0644]
src/schemas/xenc-schema.xsd [new file with mode: 0644]

diff --git a/src/schemas/cs-sstc-schema-assertion-01.xsd b/src/schemas/cs-sstc-schema-assertion-01.xsd
new file mode 100644 (file)
index 0000000..c927ec5
--- /dev/null
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->\r
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">\r
+        <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>\r
+        <annotation>\r
+                <documentation>\r
+                Document identifier: cs-sstc-schema-assertion-01\r
+                Location: http://www.oasis-open.org/committees/security/docs/\r
+                </documentation>\r
+        </annotation>\r
+        <simpleType name="IDType">\r
+                <restriction base="string"/>\r
+        </simpleType>\r
+        <simpleType name="IDReferenceType">\r
+                <restriction base="string"/>\r
+        </simpleType>\r
+        <simpleType name="DecisionType">\r
+                <restriction base="string">\r
+                        <enumeration value="Permit"/>\r
+                        <enumeration value="Deny"/>\r
+                        <enumeration value="Indeterminate"/>\r
+                </restriction>\r
+        </simpleType>\r
+        <element name="AssertionIDReference" type="saml:IDReferenceType"/>\r
+        <element name="Assertion" type="saml:AssertionType"/>\r
+        <complexType name="AssertionType">\r
+                <sequence>\r
+                        <element ref="saml:Conditions" minOccurs="0"/>\r
+                        <element ref="saml:Advice" minOccurs="0"/>\r
+                        <choice maxOccurs="unbounded">\r
+                                <element ref="saml:Statement"/>\r
+                                <element ref="saml:SubjectStatement"/>\r
+                                <element ref="saml:AuthenticationStatement"/>\r
+                                <element ref="saml:AuthorizationDecisionStatement"/>\r
+                                <element ref="saml:AttributeStatement"/>\r
+                        </choice>\r
+                        <element ref="ds:Signature" minOccurs="0"/>\r
+                </sequence>\r
+                <attribute name="MajorVersion" type="integer" use="required"/>\r
+                <attribute name="MinorVersion" type="integer" use="required"/>\r
+                <attribute name="AssertionID" type="saml:IDType" use="required"/>\r
+                <attribute name="Issuer" type="string" use="required"/>\r
+                <attribute name="IssueInstant" type="dateTime" use="required"/>\r
+        </complexType>\r
+        <element name="Conditions" type="saml:ConditionsType"/>\r
+        <complexType name="ConditionsType">\r
+                <choice minOccurs="0" maxOccurs="unbounded">\r
+                        <element ref="saml:AudienceRestrictionCondition"/>\r
+                        <element ref="saml:Condition"/>\r
+                </choice>\r
+                <attribute name="NotBefore" type="dateTime" use="optional"/>\r
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
+        </complexType>\r
+        <element name="Condition" type="saml:ConditionAbstractType"/>\r
+        <complexType name="ConditionAbstractType" abstract="true"/>\r
+        <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>\r
+        <complexType name="AudienceRestrictionConditionType">\r
+                <complexContent>\r
+                        <extension base="saml:ConditionAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:Audience" maxOccurs="unbounded"/>\r
+                                </sequence>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="Audience" type="anyURI"/>\r
+        <element name="Advice" type="saml:AdviceType"/>\r
+        <complexType name="AdviceType">\r
+                <choice minOccurs="0" maxOccurs="unbounded">\r
+                        <element ref="saml:AssertionIDReference"/>\r
+                        <element ref="saml:Assertion"/>\r
+                        <any namespace="##other" processContents="lax"/>\r
+                </choice>\r
+        </complexType>\r
+        <element name="Statement" type="saml:StatementAbstractType"/>\r
+        <complexType name="StatementAbstractType" abstract="true"/>\r
+        <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>\r
+        <complexType name="SubjectStatementAbstractType" abstract="true">\r
+                <complexContent>\r
+                        <extension base="saml:StatementAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:Subject"/>\r
+                                </sequence>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="Subject" type="saml:SubjectType"/>\r
+        <complexType name="SubjectType">\r
+                <choice>\r
+                        <sequence>\r
+                                <element ref="saml:NameIdentifier"/>\r
+                                <element ref="saml:SubjectConfirmation" minOccurs="0"/>\r
+                        </sequence>\r
+                        <element ref="saml:SubjectConfirmation"/>\r
+                </choice>\r
+        </complexType>\r
+        <element name="NameIdentifier" type="saml:NameIdentifierType"/>\r
+        <complexType name="NameIdentifierType">\r
+                <simpleContent>\r
+                        <extension base="string">\r
+                                <attribute name="NameQualifier" type="string" use="optional"/>\r
+                                <attribute name="Format" type="anyURI" use="optional"/>\r
+                        </extension>\r
+                </simpleContent>\r
+        </complexType>\r
+        <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>\r
+        <complexType name="SubjectConfirmationType">\r
+                <sequence>\r
+                        <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>\r
+                        <element ref="saml:SubjectConfirmationData" minOccurs="0"/>\r
+                        <element ref="ds:KeyInfo" minOccurs="0"/>\r
+                </sequence>\r
+        </complexType>\r
+        <element name="SubjectConfirmationData" type="anyType"/>\r
+        <element name="ConfirmationMethod" type="anyURI"/>\r
+        <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>\r
+        <complexType name="AuthenticationStatementType">\r
+                <complexContent>\r
+                        <extension base="saml:SubjectStatementAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:SubjectLocality" minOccurs="0"/>\r
+                                        <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>\r
+                                </sequence>\r
+                                <attribute name="AuthenticationMethod" type="anyURI" use="required"/>\r
+                                <attribute name="AuthenticationInstant" type="dateTime" use="required"/>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="SubjectLocality" type="saml:SubjectLocalityType"/>\r
+        <complexType name="SubjectLocalityType">\r
+                <attribute name="IPAddress" type="string" use="optional"/>\r
+                <attribute name="DNSAddress" type="string" use="optional"/>\r
+        </complexType>\r
+        <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>\r
+        <complexType name="AuthorityBindingType">\r
+                <attribute name="AuthorityKind" type="QName" use="required"/>\r
+                <attribute name="Location" type="anyURI" use="required"/>\r
+                <attribute name="Binding" type="anyURI" use="required"/>\r
+        </complexType>\r
+        <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>\r
+        <complexType name="AuthorizationDecisionStatementType">\r
+                <complexContent>\r
+                        <extension base="saml:SubjectStatementAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:Action" maxOccurs="unbounded"/>\r
+                                        <element ref="saml:Evidence" minOccurs="0"/>\r
+                                </sequence>\r
+                                <attribute name="Resource" type="anyURI" use="required"/>\r
+                                <attribute name="Decision" type="saml:DecisionType" use="required"/>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="Action" type="saml:ActionType"/>\r
+        <complexType name="ActionType">\r
+                <simpleContent>\r
+                        <extension base="string">\r
+                                <attribute name="Namespace" type="anyURI"/>\r
+                        </extension>\r
+                </simpleContent>\r
+        </complexType>\r
+        <element name="Evidence" type="saml:EvidenceType"/>\r
+        <complexType name="EvidenceType">\r
+                <choice maxOccurs="unbounded">\r
+                        <element ref="saml:AssertionIDReference"/>\r
+                        <element ref="saml:Assertion"/>\r
+                </choice>\r
+        </complexType>\r
+        <element name="AttributeStatement" type="saml:AttributeStatementType"/>\r
+        <complexType name="AttributeStatementType">\r
+                <complexContent>\r
+                        <extension base="saml:SubjectStatementAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:Attribute" maxOccurs="unbounded"/>\r
+                                </sequence>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>\r
+        <complexType name="AttributeDesignatorType">\r
+                <attribute name="AttributeName" type="string" use="required"/>\r
+                <attribute name="AttributeNamespace" type="anyURI" use="required"/>\r
+        </complexType>\r
+        <element name="Attribute" type="saml:AttributeType"/>\r
+        <complexType name="AttributeType">\r
+                <complexContent>\r
+                        <extension base="saml:AttributeDesignatorType">\r
+                                <sequence>\r
+                                        <element ref="saml:AttributeValue" maxOccurs="unbounded"/>\r
+                                </sequence>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="AttributeValue" type="anyType"/>\r
+</schema>\r
diff --git a/src/schemas/cs-sstc-schema-assertion-1.1.xsd b/src/schemas/cs-sstc-schema-assertion-1.1.xsd
new file mode 100644 (file)
index 0000000..26f9458
--- /dev/null
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
+       <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+       <annotation>
+               <documentation>
+                Document identifier: sstc-saml-schema-assertion-1.1-draft-02
+                Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+                Revision history:
+                draft-01 (Eve Maler):
+                  Note that V1.1 of this schema has the same namespace as V1.0.
+                  Minor cosmetic updates.
+                  Changed IDType to restrict from xsd:ID.
+                  Changed IDReferenceType to restrict from xsd:IDREF.
+                  Set version attribute on schema element to 1.1.
+                draft-02 (Prateek Mishra, Rob Philpott):
+                  Added DoNotCacheCondition element and DoNotCacheConditionType
+                draft-03 (Scott Cantor)
+                                 Rebased ID content directly on XML Schema types
+                </documentation>
+       </annotation>
+       <simpleType name="DecisionType">
+               <restriction base="string">
+                       <enumeration value="Permit"/>
+                       <enumeration value="Deny"/>
+                       <enumeration value="Indeterminate"/>
+               </restriction>
+       </simpleType>
+       <element name="AssertionIDReference" type="NCName"/>
+       <element name="Assertion" type="saml:AssertionType"/>
+       <complexType name="AssertionType">
+               <sequence>
+                       <element ref="saml:Conditions" minOccurs="0"/>
+                       <element ref="saml:Advice" minOccurs="0"/>
+                       <choice maxOccurs="unbounded">
+                               <element ref="saml:Statement"/>
+                               <element ref="saml:SubjectStatement"/>
+                               <element ref="saml:AuthenticationStatement"/>
+                               <element ref="saml:AuthorizationDecisionStatement"/>
+                               <element ref="saml:AttributeStatement"/>
+                       </choice>
+                       <element ref="ds:Signature" minOccurs="0"/>
+               </sequence>
+               <attribute name="MajorVersion" type="integer" use="required"/>
+               <attribute name="MinorVersion" type="integer" use="required"/>
+               <attribute name="AssertionID" type="ID" use="required"/>
+               <attribute name="Issuer" type="string" use="required"/>
+               <attribute name="IssueInstant" type="dateTime" use="required"/>
+       </complexType>
+       <element name="Conditions" type="saml:ConditionsType"/>
+       <complexType name="ConditionsType">
+               <choice minOccurs="0" maxOccurs="unbounded">
+                       <element ref="saml:AudienceRestrictionCondition"/>
+                       <element ref="saml:DoNotCacheCondition"/>
+                       <element ref="saml:Condition"/>
+               </choice>
+               <attribute name="NotBefore" type="dateTime" use="optional"/>
+               <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+       </complexType>
+       <element name="Condition" type="saml:ConditionAbstractType"/>
+       <complexType name="ConditionAbstractType" abstract="true"/>
+       <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+       <complexType name="AudienceRestrictionConditionType">
+               <complexContent>
+                       <extension base="saml:ConditionAbstractType">
+                               <sequence>
+                                       <element ref="saml:Audience" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Audience" type="anyURI"/>
+       <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType" />
+       <complexType name="DoNotCacheConditionType">
+               <complexContent>
+                       <extension base="saml:ConditionAbstractType"/>
+               </complexContent>
+       </complexType>
+       <element name="Advice" type="saml:AdviceType"/>
+       <complexType name="AdviceType">
+               <choice minOccurs="0" maxOccurs="unbounded">
+                       <element ref="saml:AssertionIDReference"/>
+                       <element ref="saml:Assertion"/>
+                       <any namespace="##other" processContents="lax"/>
+               </choice>
+       </complexType>
+       <element name="Statement" type="saml:StatementAbstractType"/>
+       <complexType name="StatementAbstractType" abstract="true"/>
+       <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+       <complexType name="SubjectStatementAbstractType" abstract="true">
+               <complexContent>
+                       <extension base="saml:StatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:Subject"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Subject" type="saml:SubjectType"/>
+       <complexType name="SubjectType">
+               <choice>
+                       <sequence>
+                               <element ref="saml:NameIdentifier"/>
+                               <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+                       </sequence>
+                       <element ref="saml:SubjectConfirmation"/>
+               </choice>
+       </complexType>
+       <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+       <complexType name="NameIdentifierType">
+               <simpleContent>
+                       <extension base="string">
+                               <attribute name="NameQualifier" type="string" use="optional"/>
+                               <attribute name="Format" type="anyURI" use="optional"/>
+                       </extension>
+               </simpleContent>
+       </complexType>
+       <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+       <complexType name="SubjectConfirmationType">
+               <sequence>
+                       <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+                       <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+                       <element ref="ds:KeyInfo" minOccurs="0"/>
+               </sequence>
+       </complexType>
+       <element name="SubjectConfirmationData" type="anyType"/>
+       <element name="ConfirmationMethod" type="anyURI"/>
+       <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+       <complexType name="AuthenticationStatementType">
+               <complexContent>
+                       <extension base="saml:SubjectStatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:SubjectLocality" minOccurs="0"/>
+                                       <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+                               </sequence>
+                               <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+                               <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+       <complexType name="SubjectLocalityType">
+               <attribute name="IPAddress" type="string" use="optional"/>
+               <attribute name="DNSAddress" type="string" use="optional"/>
+       </complexType>
+       <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+       <complexType name="AuthorityBindingType">
+               <attribute name="AuthorityKind" type="QName" use="required"/>
+               <attribute name="Location" type="anyURI" use="required"/>
+               <attribute name="Binding" type="anyURI" use="required"/>
+       </complexType>
+       <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+       <complexType name="AuthorizationDecisionStatementType">
+               <complexContent>
+                       <extension base="saml:SubjectStatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:Action" maxOccurs="unbounded"/>
+                                       <element ref="saml:Evidence" minOccurs="0"/>
+                               </sequence>
+                               <attribute name="Resource" type="anyURI" use="required"/>
+                               <attribute name="Decision" type="saml:DecisionType" use="required"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Action" type="saml:ActionType"/>
+       <complexType name="ActionType">
+               <simpleContent>
+                       <extension base="string">
+                               <attribute name="Namespace" type="anyURI"/>
+                       </extension>
+               </simpleContent>
+       </complexType>
+       <element name="Evidence" type="saml:EvidenceType"/>
+       <complexType name="EvidenceType">
+               <choice maxOccurs="unbounded">
+                       <element ref="saml:AssertionIDReference"/>
+                       <element ref="saml:Assertion"/>
+               </choice>
+       </complexType>
+       <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+       <complexType name="AttributeStatementType">
+               <complexContent>
+                       <extension base="saml:SubjectStatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:Attribute" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+       <complexType name="AttributeDesignatorType">
+               <attribute name="AttributeName" type="string" use="required"/>
+               <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+       </complexType>
+       <element name="Attribute" type="saml:AttributeType"/>
+       <complexType name="AttributeType">
+               <complexContent>
+                       <extension base="saml:AttributeDesignatorType">
+                               <sequence>
+                                       <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AttributeValue" type="anyType"/>
+</schema>
diff --git a/src/schemas/cs-sstc-schema-protocol-01.xsd b/src/schemas/cs-sstc-schema-protocol-01.xsd
new file mode 100644 (file)
index 0000000..701a511
--- /dev/null
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>\r
+<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->\r
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">\r
+        <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>\r
+        <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>\r
+        <annotation>\r
+                <documentation>\r
+                Document identifier: cs-sstc-schema-protocol-01\r
+                Location: http://www.oasis-open.org/committees/security/docs/\r
+                </documentation>\r
+        </annotation>\r
+        <complexType name="RequestAbstractType" abstract="true">\r
+                <sequence>\r
+                        <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>\r
+                        <element ref="ds:Signature" minOccurs="0"/>\r
+                </sequence>\r
+                <attribute name="RequestID" type="saml:IDType" use="required"/>\r
+                <attribute name="MajorVersion" type="integer" use="required"/>\r
+                <attribute name="MinorVersion" type="integer" use="required"/>\r
+                <attribute name="IssueInstant" type="dateTime" use="required"/>\r
+        </complexType>\r
+        <element name="RespondWith" type="QName"/>\r
+        <element name="Request" type="samlp:RequestType"/>\r
+        <complexType name="RequestType">\r
+                <complexContent>\r
+                        <extension base="samlp:RequestAbstractType">\r
+                                <choice>\r
+                                        <element ref="samlp:Query"/>\r
+                                        <element ref="samlp:SubjectQuery"/>\r
+                                        <element ref="samlp:AuthenticationQuery"/>\r
+                                        <element ref="samlp:AttributeQuery"/>\r
+                                        <element ref="samlp:AuthorizationDecisionQuery"/>\r
+                                        <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>\r
+                                        <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>\r
+                                </choice>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="AssertionArtifact" type="string"/>\r
+        <element name="Query" type="samlp:QueryAbstractType"/>\r
+        <complexType name="QueryAbstractType" abstract="true"/>\r
+        <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>\r
+        <complexType name="SubjectQueryAbstractType" abstract="true">\r
+                <complexContent>\r
+                        <extension base="samlp:QueryAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:Subject"/>\r
+                                </sequence>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>\r
+        <complexType name="AuthenticationQueryType">\r
+                <complexContent>\r
+                        <extension base="samlp:SubjectQueryAbstractType">\r
+                                <attribute name="AuthenticationMethod" type="anyURI"/>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="AttributeQuery" type="samlp:AttributeQueryType"/>\r
+        <complexType name="AttributeQueryType">\r
+                <complexContent>\r
+                        <extension base="samlp:SubjectQueryAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>\r
+                                </sequence>\r
+                                <attribute name="Resource" type="anyURI" use="optional"/>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>\r
+        <complexType name="AuthorizationDecisionQueryType">\r
+                <complexContent>\r
+                        <extension base="samlp:SubjectQueryAbstractType">\r
+                                <sequence>\r
+                                        <element ref="saml:Action" maxOccurs="unbounded"/>\r
+                                        <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>\r
+                                </sequence>\r
+                                <attribute name="Resource" type="anyURI" use="required"/>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <complexType name="ResponseAbstractType" abstract="true">\r
+                <sequence>\r
+                        <element ref="ds:Signature" minOccurs="0"/>\r
+                </sequence>\r
+                <attribute name="ResponseID" type="saml:IDType" use="required"/>\r
+                <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>\r
+                <attribute name="MajorVersion" type="integer" use="required"/>\r
+                <attribute name="MinorVersion" type="integer" use="required"/>\r
+                <attribute name="IssueInstant" type="dateTime" use="required"/>\r
+                <attribute name="Recipient" type="anyURI" use="optional"/>\r
+        </complexType>\r
+        <element name="Response" type="samlp:ResponseType"/>\r
+        <complexType name="ResponseType">\r
+                <complexContent>\r
+                        <extension base="samlp:ResponseAbstractType">\r
+                                <sequence>\r
+                                        <element ref="samlp:Status"/>\r
+                                        <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>\r
+                                </sequence>\r
+                        </extension>\r
+                </complexContent>\r
+        </complexType>\r
+        <element name="Status" type="samlp:StatusType"/>\r
+        <complexType name="StatusType">\r
+                <sequence>\r
+                        <element ref="samlp:StatusCode"/>\r
+                        <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>\r
+                        <element ref="samlp:StatusDetail" minOccurs="0"/>\r
+                </sequence>\r
+        </complexType>\r
+        <element name="StatusCode" type="samlp:StatusCodeType"/>\r
+        <complexType name="StatusCodeType">\r
+                <sequence>\r
+                        <element ref="samlp:StatusCode" minOccurs="0"/>\r
+                </sequence>\r
+                <attribute name="Value" type="QName" use="required"/>\r
+        </complexType>\r
+        <element name="StatusMessage" type="string"/>\r
+        <element name="StatusDetail" type="samlp:StatusDetailType"/>\r
+        <complexType name="StatusDetailType">\r
+                <sequence>\r
+                        <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
+                </sequence>\r
+        </complexType>\r
+</schema>\r
diff --git a/src/schemas/cs-sstc-schema-protocol-1.1.xsd b/src/schemas/cs-sstc-schema-protocol-1.1.xsd
new file mode 100644 (file)
index 0000000..e956251
--- /dev/null
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
+       <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
+       <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+       <annotation>
+               <documentation>
+                       Document identifier: sstc-saml-schema-protocol-1.1-draft-03
+                       Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+                       Revision history:
+                          draft-01 (Eve Maler):
+                               Note that V1.1 of this schema has the same namespace as V1.0.
+                               Minor cosmetic updates.
+                               Set version attribute on schema element to 1.1.
+                          draft-01 (Eve Maler):
+                               Fix document Identifier.
+                          draft-02 (Prateek Mishra, Rob Philpott):
+                               Added DoNotCacheCondition.
+                          draft-04 (Scott Cantor):
+                               Rebased ID content directly on XML Schema types
+               </documentation>
+       </annotation>
+       <complexType name="RequestAbstractType" abstract="true">
+               <sequence>
+                       <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
+                       <element ref="ds:Signature" minOccurs="0"/>
+               </sequence>
+               <attribute name="RequestID" type="ID" use="required"/>
+               <attribute name="MajorVersion" type="integer" use="required"/>
+               <attribute name="MinorVersion" type="integer" use="required"/>
+               <attribute name="IssueInstant" type="dateTime" use="required"/>
+       </complexType>
+       <element name="RespondWith" type="QName"/>
+       <element name="Request" type="samlp:RequestType"/>
+       <complexType name="RequestType">
+               <complexContent>
+                       <extension base="samlp:RequestAbstractType">
+                               <choice>
+                                       <element ref="samlp:Query"/>
+                                       <element ref="samlp:SubjectQuery"/>
+                                       <element ref="samlp:AuthenticationQuery"/>
+                                       <element ref="samlp:AttributeQuery"/>
+                                       <element ref="samlp:AuthorizationDecisionQuery"/>
+                                       <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
+                                       <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
+                               </choice>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AssertionArtifact" type="string"/>
+       <element name="Query" type="samlp:QueryAbstractType"/>
+       <complexType name="QueryAbstractType" abstract="true"/>
+       <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+       <complexType name="SubjectQueryAbstractType" abstract="true">
+               <complexContent>
+                       <extension base="samlp:QueryAbstractType">
+                               <sequence>
+                                       <element ref="saml:Subject"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
+       <complexType name="AuthenticationQueryType">
+               <complexContent>
+                       <extension base="samlp:SubjectQueryAbstractType">
+                               <attribute name="AuthenticationMethod" type="anyURI"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+       <complexType name="AttributeQueryType">
+               <complexContent>
+                       <extension base="samlp:SubjectQueryAbstractType">
+                               <sequence>
+                                       <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
+                               </sequence>
+                               <attribute name="Resource" type="anyURI" use="optional"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
+       <complexType name="AuthorizationDecisionQueryType">
+               <complexContent>
+                       <extension base="samlp:SubjectQueryAbstractType">
+                               <sequence>
+                                       <element ref="saml:Action" maxOccurs="unbounded"/>
+                                       <element ref="saml:Evidence" minOccurs="0"/>
+                               </sequence>
+                               <attribute name="Resource" type="anyURI" use="required"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <complexType name="ResponseAbstractType" abstract="true">
+               <sequence>
+                       <element ref="ds:Signature" minOccurs="0"/>
+               </sequence>
+               <attribute name="ResponseID" type="ID" use="required"/>
+               <attribute name="InResponseTo" type="NCName" use="optional"/>
+               <attribute name="MajorVersion" type="integer" use="required"/>
+               <attribute name="MinorVersion" type="integer" use="required"/>
+               <attribute name="IssueInstant" type="dateTime" use="required"/>
+               <attribute name="Recipient" type="anyURI" use="optional"/>
+       </complexType>
+       <element name="Response" type="samlp:ResponseType"/>
+       <complexType name="ResponseType">
+               <complexContent>
+                       <extension base="samlp:ResponseAbstractType">
+                               <sequence>
+                                       <element ref="samlp:Status"/>
+                                       <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Status" type="samlp:StatusType"/>
+       <complexType name="StatusType">
+               <sequence>
+                       <element ref="samlp:StatusCode"/>
+                       <element ref="samlp:StatusMessage" minOccurs="0"/>
+                       <element ref="samlp:StatusDetail" minOccurs="0"/>
+               </sequence>
+       </complexType>
+       <element name="StatusCode" type="samlp:StatusCodeType"/>
+       <complexType name="StatusCodeType">
+               <sequence>
+                       <element ref="samlp:StatusCode" minOccurs="0"/>
+               </sequence>
+               <attribute name="Value" type="QName" use="required"/>
+       </complexType>
+       <element name="StatusMessage" type="string"/>
+       <element name="StatusDetail" type="samlp:StatusDetailType"/>
+       <complexType name="StatusDetailType">
+               <sequence>
+                       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+               </sequence>
+       </complexType>
+</schema>
diff --git a/src/schemas/shibboleth-targetconfig-1.0.xsd b/src/schemas/shibboleth-targetconfig-1.0.xsd
new file mode 100644 (file)
index 0000000..bede543
--- /dev/null
@@ -0,0 +1,439 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
+       xmlns="http://www.w3.org/2001/XMLSchema"
+       xmlns:conf="urn:mace:shibboleth:target:config:1.0"
+       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+       elementFormDefault="qualified"
+       attributeFormDefault="unqualified"
+       blockDefault="substitution"
+       version="1.0">
+
+       <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+       <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
+
+       <annotation>
+               <documentation>
+       1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
+       First appearing in Shibboleth 1.2 release.
+       </documentation>
+    </annotation>
+
+       <complexType name="PluggableType">
+               <complexContent>
+                       <extension base="anyType">
+                               <attribute name="type" type="string" use="required"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+
+       <element name="ShibbolethTargetConfig">
+               <annotation>
+                       <documentation>Outer element of configuration file</documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element ref="conf:Extensions" minOccurs="0"/>
+                               <element ref="conf:SHAR" minOccurs="0"/>
+                               <element ref="conf:SHIRE" minOccurs="0"/>
+                               <element ref="conf:Applications"/>
+                               <element name="CredentialsProvider" type="conf:PluggableType" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="logger" type="anyURI" use="optional"/>
+                       <attribute name="clockSkew" type="unsignedInt" use="optional"/>
+                       <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+
+       <element name="Extensions">
+               <annotation>
+                       <documentation>Container for extension libraries and custom configuration</documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element name="Library" minOccurs="0" maxOccurs="unbounded">
+                                       <complexType>
+                                   <complexContent>
+                                       <extension base="anyType">
+                                               <attribute name="path" type="anyURI" use="required"/>
+                                                               <attribute name="fatal" type="boolean" use="optional"/>
+                                       </extension>
+                                   </complexContent>
+                                       </complexType>
+                               </element>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                       </sequence>
+               </complexType>
+       </element>
+
+       <element name="SHAR">
+               <annotation>
+                       <documentation>Container for SHAR configuration</documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element ref="conf:Extensions" minOccurs="0"/>
+                               <choice>
+                                       <element name="UnixListener">
+                                               <complexType>
+                                                       <complexContent>
+                                                               <extension base="anyType">
+                                                                       <attribute name="address" type="string" use="required"/>
+                                                               </extension>
+                                                       </complexContent>
+                                               </complexType>
+                                       </element>
+                                       <element name="TCPListener">
+                                               <complexType>
+                                                       <complexContent>
+                                                               <extension base="anyType">
+                                                                       <attribute name="address" type="string" use="required"/>
+                                                                       <attribute name="port" type="unsignedInt" use="required"/>
+                                                                       <attribute name="acl" use="optional" default="127.0.0.1">
+                                                                               <simpleType>
+                                                                                       <list itemType="string"/>
+                                                                               </simpleType>
+                                                                       </attribute>
+                                                               </extension>
+                                                       </complexContent>
+                                               </complexType>
+                                       </element>
+                                       <element name="Listener" type="conf:PluggableType"/>
+                               </choice>
+                               <choice>
+                                       <element name="MemorySessionCache">
+                                               <complexType>
+                                                       <complexContent>
+                                                               <restriction base="anyType">
+                                                                       <sequence/>
+                                                                       <attributeGroup ref="conf:SessionCacheProperties"/>
+                                                                       <anyAttribute namespace="##other" processContents="lax"/>
+                                                               </restriction>
+                                                       </complexContent>
+                                               </complexType>
+                                       </element>
+                                       <element name="MySQLSessionCache">
+                                               <complexType>
+                                                       <complexContent>
+                                                               <restriction base="anyType">
+                                                                       <sequence>
+                                                                               <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
+                                                                       </sequence>
+                                                                       <attributeGroup ref="conf:SessionCacheProperties"/>
+                                                                       <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
+                                                                       <anyAttribute namespace="##other" processContents="lax"/>
+                                                               </restriction>
+                                                       </complexContent>
+                                               </complexType>
+                                       </element>
+                                       <element name="SessionCache">
+                                               <complexType>
+                                           <complexContent>
+                                               <extension base="conf:PluggableType">
+                                                       <attributeGroup ref="conf:SessionCacheProperties"/>
+                                               </extension>
+                                           </complexContent>
+                                               </complexType>
+                                       </element>
+                               </choice>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="logger" type="anyURI" use="optional"/>
+                       <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+
+       <attributeGroup name="SessionCacheProperties">
+       <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
+       <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
+               <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
+               <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
+               <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
+               <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
+               <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
+               <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
+       </attributeGroup>
+
+       <element name="SHIRE">
+               <annotation>
+                       <documentation>
+                       Container for configuration glue between target library and the surrounding application environment.
+                       </documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element ref="conf:Extensions" minOccurs="0"/>
+                               <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
+                               <element name="Implementation" minOccurs="0">
+                                       <complexType>
+                                               <choice maxOccurs="unbounded">
+                                                       <element ref="conf:ISAPI"/>
+                                                       <element ref="conf:NSAPI"/>
+                                                       <element ref="conf:Java"/>
+                                                       <any namespace="##other" processContents="lax"/>
+                                               </choice>
+                                       </complexType>
+                               </element>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="logger" type="anyURI" use="optional"/>
+                       <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+       
+       <element name="ISAPI">
+               <complexType>
+                       <sequence>
+                               <element name="Site" maxOccurs="unbounded">
+                                       <complexType>
+                                               <complexContent>
+                                                       <extension base="anyType">
+                                                               <attribute name="id" type="unsignedInt" use="required"/>
+                                                               <attribute name="name" type="string" use="required"/>
+                                       <attribute name="port" type="unsignedInt" use="optional"/>
+                                                               <attribute name="scheme" type="string" use="optional"/>
+                                                       </extension>
+                                               </complexContent>
+                                       </complexType>
+                               </element>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="normalizeRequest" type="boolean" use="optional"/>
+                       <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+       <element name="NSAPI" type="anyType"/>
+       <element name="Java" type="anyType"/>
+
+       <element name="htaccess" type="conf:UniOperatorType">
+               <annotation>
+                       <documentation>
+                       A simple example access policy language extension that supersedes Apache .htaccess
+                       </documentation>
+               </annotation>
+       </element>
+       <element name="OR" type="conf:MultiOperatorType"/>
+       <element name="AND" type="conf:MultiOperatorType"/>
+       <element name="NOT" type="conf:UniOperatorType"/>
+       <complexType name="UniOperatorType">
+               <choice>
+                       <element ref="conf:AND"/>
+                       <element ref="conf:OR"/>
+                       <element ref="conf:NOT"/>
+                       <element ref="conf:Rule"/>
+               </choice>
+       </complexType>
+       <complexType name="MultiOperatorType">
+               <choice minOccurs="2" maxOccurs="unbounded">
+                       <element ref="conf:AND"/>
+                       <element ref="conf:OR"/>
+                       <element ref="conf:NOT"/>
+                       <element ref="conf:Rule"/>
+               </choice>
+       </complexType>
+       <element name="Rule">
+               <complexType>
+                       <simpleContent>
+                               <extension base="conf:listOfStrings">
+                                       <attribute name="require" type="string" use="required"/>
+                               </extension>
+                       </simpleContent>
+               </complexType>
+       </element>
+       <simpleType name="listOfStrings">
+               <list itemType='string'/>
+       </simpleType>
+       
+       <attributeGroup name="ContentSettings">
+               <attribute name="requireSession" type="boolean" use="optional"/>
+               <attribute name="exportAssertion" type="boolean" use="optional"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+       </attributeGroup>
+       <element name="AccessControlProvider" type="conf:PluggableType"/>
+
+    <element name="RequestMap">
+               <annotation>
+                       <documentation>
+                       Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
+                       </documentation>
+               </annotation>
+        <complexType>
+            <sequence>
+               <choice minOccurs="0">
+                       <element ref="conf:htaccess"/>
+                       <element ref="conf:AccessControlProvider"/>
+                   </choice>
+                <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
+            </sequence>
+            <attribute name="applicationId" type="string" fixed="default"/>
+               <attributeGroup ref="conf:ContentSettings"/>
+        </complexType>
+    </element>
+
+    <element name="Host">
+       <complexType>
+               <sequence>
+               <choice minOccurs="0">
+                       <element ref="conf:htaccess"/>
+                       <element ref="conf:AccessControlProvider"/>
+                   </choice>
+                       <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
+               </sequence>
+               <attribute name="scheme" use="optional" default="http">
+                           <simpleType>
+                               <restriction base="string">
+                                   <enumeration value="http"/>
+                                   <enumeration value="https"/>
+                                   <enumeration value="ftp"/>
+                                   <enumeration value="ldap"/>
+                                   <enumeration value="ldaps"/>
+                               </restriction>
+                           </simpleType>
+               </attribute>
+               <attribute name="name" type="string" use="required"/>
+               <attribute name="port" type="unsignedInt" use="optional"/>
+               <attribute name="applicationId" type="string" use="optional"/>
+               <attributeGroup ref="conf:ContentSettings"/>
+       </complexType>
+    </element>
+
+    <element name="Path">
+        <complexType>
+               <sequence>
+               <choice minOccurs="0">
+                       <element ref="conf:htaccess"/>
+                       <element ref="conf:AccessControlProvider"/>
+                   </choice>
+                       <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
+               </sequence>
+               <attribute name="name" type="string" use="required"/>
+               <attribute name="applicationId" type="string" use="optional"/>
+               <attributeGroup ref="conf:ContentSettings"/>
+        </complexType>
+    </element>
+
+       <element name="Applications">
+               <annotation>
+                       <documentation>
+                       Container for global target settings and application-specific overrides
+                       </documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                               <element ref="conf:Sessions"/>
+                               <element ref="conf:Errors"/>
+                               <element ref="conf:CredentialUse" minOccurs="0"/>
+                               <choice minOccurs="0" maxOccurs="unbounded">
+                    <element ref="saml:AttributeDesignator"/>
+                    <element ref="saml:Audience"/>
+                    <element name="AAPProvider" type="conf:PluggableType"/>
+                    <element name="FederationProvider" type="conf:PluggableType"/>
+                    <element name="TrustProvider" type="conf:PluggableType"/>
+                    <element name="RevocationProvider" type="conf:PluggableType"/>
+                               </choice>
+                               <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="id" type="string" fixed="default"/>
+                       <attribute name="providerId" type="anyURI" use="required"/>
+                       <attribute name="signRequest" type="boolean" use="optional" default="false"/>
+                       <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
+                       <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+       
+       <element name="Application">
+               <annotation>
+                       <documentation>
+                       Container for application-specific overrides
+                       </documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                               <element ref="conf:Sessions"/>
+                               <element ref="conf:Errors" minOccurs="0"/>
+                               <element ref="conf:CredentialUse" minOccurs="0"/>
+                               <choice minOccurs="0" maxOccurs="unbounded">
+                    <element ref="saml:AttributeDesignator"/>
+                    <element ref="saml:Audience"/>
+                    <element name="AAPProvider" type="conf:PluggableType"/>
+                    <element name="FederationProvider" type="conf:PluggableType"/>
+                    <element name="TrustProvider" type="conf:PluggableType"/>
+                    <element name="RevocationProvider" type="conf:PluggableType"/>
+                               </choice>
+                       </sequence>
+                       <attribute name="id" type="string" use="required"/>
+                       <attribute name="providerId" type="anyURI" use="optional"/>
+                       <attribute name="signRequest" type="boolean" use="optional" default="false"/>
+                       <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
+                       <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+
+       <element name="Sessions">
+               <annotation>
+                       <documentation>Container for specifying app session establishment and policy</documentation>
+               </annotation>
+               <complexType>
+            <complexContent>
+                <extension base="anyType">
+                                       <attribute name="wayfURL" type="anyURI" use="required"/>
+                                       <attribute name="shireURL" type="anyURI" use="required"/>
+                                       <attribute name="shireSSL" type="boolean" use="optional"/>
+                                       <attribute name="cookieName" type="string" use="optional"/>
+                                       <attribute name="cookieProps" type="string" use="optional"/>
+                                       <attribute name="lifetime" type="unsignedInt" use="optional"/>
+                                       <attribute name="timeout" type="unsignedInt" use="optional"/>
+                                       <attribute name="checkAddress" type="boolean" use="optional"/>
+                                       <attribute name="oldAuthnRequest" type="boolean" use="optional"/>
+                </extension>
+            </complexContent>
+               </complexType>
+       </element>
+
+       <element name="Errors">
+               <annotation>
+                       <documentation>Container for error templates and associated details</documentation>
+               </annotation>
+               <complexType>
+            <complexContent>
+                <extension base="anyType">
+                       <attribute name="shire" type="anyURI" use="required"/>
+                       <attribute name="rm" type="anyURI" use="required"/>
+                       <attribute name="access" type="anyURI" use="required"/>
+                       <attribute name="supportContact" type="string" use="optional"/>
+                       <attribute name="logoLocation" type="anyURI" use="optional"/>
+                       <attribute name="styleSheet" type="anyURI" use="optional"/>
+                </extension>
+            </complexContent>
+               </complexType>
+       </element>
+
+       <element name="CredentialUse">
+               <annotation>
+                       <documentation>Container for specifying credentials to use</documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
+                                       <complexType>
+                                               <complexContent>
+                                                       <extension base="anyType">
+                                                               <attribute name="Name" type="string" use="required"/>
+                                                               <attribute name="TLS" type="string" use="required"/>
+                                                               <attribute name="Signing" type="string" use="required"/>
+                                                       </extension>
+                                               </complexContent>
+                                       </complexType>
+                               </element>
+                               <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="TLS" type="string" use="required"/>
+                       <attribute name="Signing" type="string" use="required"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+</schema>
+
diff --git a/src/schemas/soap-envelope.xsd b/src/schemas/soap-envelope.xsd
new file mode 100644 (file)
index 0000000..a8739e6
--- /dev/null
@@ -0,0 +1,118 @@
+<?xml version='1.0' encoding='UTF-8' ?>
+
+<!-- Schema for the SOAP/1.1 envelope
+
+     This schema has been produced using W3C's SOAP Version 1.2 schema
+     found at:
+
+     http://www.w3.org/2001/06/soap-envelope
+
+     Copyright 2001 Martin Gudgin, Developmentor.
+
+     Changes made are the following:
+     - reverted namespace to http://schemas.xmlsoap.org/soap/envelope/
+     - reverted mustUnderstand to only allow 0 and 1 as lexical values
+
+     Original copyright:
+     
+     Copyright 2001 W3C (Massachusetts Institute of Technology,
+     Institut National de Recherche en Informatique et en Automatique,
+     Keio University). All Rights Reserved.
+     http://www.w3.org/Consortium/Legal/
+
+     This document is governed by the W3C Software License [1] as
+     described in the FAQ [2].
+
+     [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+     [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           xmlns:tns="http://schemas.xmlsoap.org/soap/envelope/"
+           targetNamespace="http://schemas.xmlsoap.org/soap/envelope/" >
+
+     
+  <!-- Envelope, header and body -->
+  <xs:element name="Envelope" type="tns:Envelope" />
+  <xs:complexType name="Envelope" >
+    <xs:sequence>
+      <xs:element ref="tns:Header" minOccurs="0" />
+      <xs:element ref="tns:Body" minOccurs="1" />
+      <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
+    </xs:sequence>
+    <xs:anyAttribute namespace="##other" processContents="lax" />
+  </xs:complexType>
+
+  <xs:element name="Header" type="tns:Header" />
+  <xs:complexType name="Header" >
+    <xs:sequence>
+      <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
+    </xs:sequence>
+    <xs:anyAttribute namespace="##other" processContents="lax" />
+  </xs:complexType>
+  
+  <xs:element name="Body" type="tns:Body" />
+  <xs:complexType name="Body" >
+    <xs:sequence>
+      <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
+    </xs:sequence>
+    <xs:anyAttribute namespace="##any" processContents="lax" >
+         <xs:annotation>
+           <xs:documentation>
+                 Prose in the spec does not specify that attributes are allowed on the Body element
+               </xs:documentation>
+         </xs:annotation>
+       </xs:anyAttribute>
+  </xs:complexType>
+
+       
+  <!-- Global Attributes.  The following attributes are intended to be usable via qualified attribute names on any complex type referencing them.  -->
+  <xs:attribute name="mustUnderstand" default="0" >    
+     <xs:simpleType>
+     <xs:restriction base='xs:boolean'>
+          <!--xs:pattern value='0|1' /-->
+        </xs:restriction>
+   </xs:simpleType>
+  </xs:attribute>
+  <xs:attribute name="actor" type="xs:anyURI" />
+
+  <xs:simpleType name="encodingStyle" >
+    <xs:annotation>
+         <xs:documentation>
+           'encodingStyle' indicates any canonicalization conventions followed in the contents of the containing element.  For example, the value 'http://schemas.xmlsoap.org/soap/encoding/' indicates the pattern described in SOAP specification
+         </xs:documentation>
+       </xs:annotation>
+    <xs:list itemType="xs:anyURI" />
+  </xs:simpleType>
+
+  <xs:attributeGroup name="encodingStyle" >
+    <xs:attribute name="encodingStyle" type="tns:encodingStyle" />
+  </xs:attributeGroup>
+
+  <xs:complexType name="Fault" final="extension" >
+    <xs:annotation>
+         <xs:documentation>
+           Fault reporting structure
+         </xs:documentation>
+       </xs:annotation>
+    <xs:sequence>
+      <xs:element name="faultcode" type="xs:QName" />
+      <xs:element name="faultstring" type="xs:string" />
+      <xs:element name="faultactor" type="xs:anyURI" minOccurs="0" />
+      <xs:element name="detail" type="tns:detail" minOccurs="0" />      
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:complexType name="detail">
+    <xs:sequence>
+      <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
+    </xs:sequence>
+    <xs:anyAttribute namespace="##any" processContents="lax" /> 
+  </xs:complexType>
+
+</xs:schema>
+
+
+
+
+
+
diff --git a/src/schemas/sstc-saml-schema-assertion-2.0.xsd b/src/schemas/sstc-saml-schema-assertion-2.0.xsd
new file mode 100644 (file)
index 0000000..58c6a23
--- /dev/null
@@ -0,0 +1,290 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"
+        schemaLocation="xmldsig-core-schema.xsd"/>
+    <import namespace="http://www.w3.org/2001/04/xmlenc#"
+        schemaLocation="xenc-schema.xsd"/>
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-assertion-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V1.0 (November, 2002):
+              Initial Standard Schema.
+            V1.1 (September, 2003):
+              Updates within the same V1.0 namespace.
+            V2.0 (August, 2004):
+              New assertion schema based in a SAML V2.0 namespace.
+        </documentation>
+    </annotation>
+    <group name="EncryptedType">
+        <sequence>
+            <element ref="xenc:EncryptedData"/>
+            <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+    </group>
+    <element name="BaseID" type="saml:BaseIDAbstractType"/>
+    <complexType name="BaseIDAbstractType" abstract="true" mixed="true">
+        <complexContent>
+            <extension base="anyType">
+                <attribute name="NameQualifier" type="string" use="optional"/>
+                <attribute name="SPNameQualifier" type="string" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="NameID" type="saml:NameIDType"/>
+    <complexType name="NameIDType" mixed="false">
+        <simpleContent>
+            <restriction base="saml:BaseIDAbstractType">
+                <simpleType>
+                    <restriction base="string"/>
+                </simpleType>
+                <attribute name="Format" type="anyURI" use="optional"/>
+                <attribute name="SPProvidedID" type="string" use="optional"/>
+            </restriction>
+        </simpleContent>
+    </complexType>
+    <element name="EncryptedID" type="saml:EncryptedIDType"/>
+    <complexType name="EncryptedIDType" mixed="false">
+        <complexContent>
+            <restriction base="saml:BaseIDAbstractType">
+                <group ref="saml:EncryptedType"/>
+            </restriction>
+        </complexContent>
+    </complexType>
+    <element name="Issuer" type="saml:NameIDType"/>
+    <element name="AssertionIDRef" type="NCName"/>
+    <element name="AssertionURIRef" type="anyURI"/>
+    <element name="Assertion" type="saml:AssertionType"/>
+    <complexType name="AssertionType">
+        <sequence>
+            <element ref="saml:Issuer"/>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="saml:Subject" minOccurs="0"/>
+            <element ref="saml:Conditions" minOccurs="0"/>
+            <element ref="saml:Advice" minOccurs="0"/>
+            <choice minOccurs="0" maxOccurs="unbounded">
+                <element ref="saml:Statement"/>
+                <element ref="saml:AuthnStatement"/>
+                <element ref="saml:AuthzDecisionStatement"/>
+                <element ref="saml:AttributeStatement"/>
+            </choice>
+        </sequence>
+        <attribute name="Version" type="string" use="required"/>
+        <attribute name="ID" type="ID" use="required"/>
+        <attribute name="IssueInstant" type="dateTime" use="required"/>
+    </complexType>
+    <element name="Subject" type="saml:SubjectType"/>
+    <complexType name="SubjectType">
+        <choice>
+            <sequence>
+                <choice>
+                    <element ref="saml:BaseID"/>
+                    <element ref="saml:NameID"/>
+                    <element ref="saml:EncryptedID"/>
+                </choice>
+                <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
+            </sequence>
+            <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
+        </choice>
+    </complexType>
+    <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+    <complexType name="SubjectConfirmationType">
+        <sequence>
+            <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+        </sequence>
+        <attribute name="Method" type="anyURI" use="required"/>
+    </complexType>
+    <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
+    <complexType name="SubjectConfirmationDataType" mixed="true">
+        <complexContent>
+            <extension base="anyType">
+                <attribute name="NotBefore" type="dateTime" use="optional"/>
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+                <attribute name="Recipient" type="anyURI" use="optional"/>
+                <attribute name="InResponseTo" type="NCName" use="optional"/>
+                <attribute name="Address" type="string" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <complexType name="KeyInfoConfirmationDataType" mixed="false">
+        <complexContent>
+            <restriction base="saml:SubjectConfirmationDataType">
+                <sequence>
+                    <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
+                </sequence>
+            </restriction>
+        </complexContent>
+    </complexType>
+    <element name="Conditions" type="saml:ConditionsType"/>
+    <complexType name="ConditionsType">
+        <choice minOccurs="0" maxOccurs="unbounded">
+            <element ref="saml:Condition"/>
+            <element ref="saml:AudienceRestriction"/>
+            <element ref="saml:OneTimeUse"/>
+            <element ref="saml:ProxyRestriction"/>
+        </choice>
+        <attribute name="NotBefore" type="dateTime" use="optional"/>
+        <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+    </complexType>
+    <element name="Condition" type="saml:ConditionAbstractType"/>
+    <complexType name="ConditionAbstractType" abstract="true"/>
+    <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
+    <complexType name="AudienceRestrictionType">
+        <complexContent>
+            <extension base="saml:ConditionAbstractType">
+                <sequence>
+                    <element ref="saml:Audience" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="Audience" type="anyURI"/>
+    <element name="OneTimeUse" type="saml:OneTimeUseType" />
+    <complexType name="OneTimeUseType">
+        <complexContent>
+            <extension base="saml:ConditionAbstractType"/>
+        </complexContent>
+    </complexType>
+    <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
+    <complexType name="ProxyRestrictionType">
+    <complexContent>
+        <extension base="saml:ConditionAbstractType">
+            <sequence>
+                <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+            </sequence>
+            <attribute name="Count" type="nonNegativeInteger" use="optional"/>
+        </extension>
+       </complexContent>
+    </complexType>
+    <element name="Advice" type="saml:AdviceType"/>
+    <complexType name="AdviceType">
+        <choice minOccurs="0" maxOccurs="unbounded">
+            <element ref="saml:AssertionIDRef"/>
+            <element ref="saml:AssertionURIRef"/>
+            <element ref="saml:Assertion"/>
+            <element ref="saml:EncryptedAssertion"/>
+            <any namespace="##other" processContents="lax"/>
+        </choice>
+    </complexType>
+    <element name="EncryptedAssertion" type="saml:EncryptedAssertionType"/>
+    <complexType name="EncryptedAssertionType">
+        <group ref="saml:EncryptedType"/>
+    </complexType>
+    <element name="Statement" type="saml:StatementAbstractType"/>
+    <complexType name="StatementAbstractType" abstract="true"/>
+    <element name="AuthnStatement" type="saml:AuthnStatementType"/>
+    <complexType name="AuthnStatementType">
+        <complexContent>
+            <extension base="saml:StatementAbstractType">
+                <sequence>
+                    <element ref="saml:SubjectLocality" minOccurs="0"/>
+                    <element ref="saml:AuthnContext"/>
+                </sequence>
+                <attribute name="AuthnInstant" type="dateTime" use="required"/>
+                <attribute name="SessionIndex" type="string" use="optional"/>
+                <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+    <complexType name="SubjectLocalityType">
+        <attribute name="Address" type="string" use="optional"/>
+        <attribute name="DNSName" type="string" use="optional"/>
+    </complexType>
+    <element name="AuthnContext" type="saml:AuthnContextType"/>
+    <complexType name="AuthnContextType">
+        <sequence>
+            <choice>
+                <sequence>
+                    <element ref="saml:AuthnContextClassRef"/>
+                    <choice minOccurs="0">
+                        <element ref="saml:AuthnContextDecl"/>
+                        <element ref="saml:AuthnContextDeclRef"/>
+                    </choice>
+                </sequence>
+                <choice>
+                    <element ref="saml:AuthnContextDecl"/>
+                    <element ref="saml:AuthnContextDeclRef"/>
+                </choice>
+            </choice>
+            <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <element name="AuthnContextClassRef" type="anyURI"/>
+    <element name="AuthnContextDeclRef" type="anyURI"/>
+    <element name="AuthnContextDecl" type="anyType"/>
+    <element name="AuthenticatingAuthority" type="anyURI"/>
+    <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
+    <complexType name="AuthzDecisionStatementType">
+        <complexContent>
+            <extension base="saml:StatementAbstractType">
+                <sequence>
+                    <element ref="saml:Action" maxOccurs="unbounded"/>
+                    <element ref="saml:Evidence" minOccurs="0"/>
+                </sequence>
+                <attribute name="Resource" type="anyURI" use="required"/>
+                <attribute name="Decision" type="saml:DecisionType" use="required"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <simpleType name="DecisionType">
+        <restriction base="string">
+            <enumeration value="Permit"/>
+            <enumeration value="Deny"/>
+            <enumeration value="Indeterminate"/>
+        </restriction>
+    </simpleType>
+    <element name="Action" type="saml:ActionType"/>
+    <complexType name="ActionType">
+        <simpleContent>
+            <extension base="string">
+                <attribute name="Namespace" type="anyURI" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    <element name="Evidence" type="saml:EvidenceType"/>
+    <complexType name="EvidenceType">
+        <choice maxOccurs="unbounded">
+            <element ref="saml:AssertionIDRef"/>
+            <element ref="saml:AssertionURIRef"/>
+            <element ref="saml:Assertion"/>
+            <element ref="saml:EncryptedAssertion"/>
+        </choice>
+    </complexType>
+    <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+    <complexType name="AttributeStatementType">
+        <complexContent>
+            <extension base="saml:StatementAbstractType">
+                <choice maxOccurs="unbounded">
+                    <element ref="saml:Attribute"/>
+                    <element ref="saml:EncryptedAttribute"/>
+                </choice>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="Attribute" type="saml:AttributeType"/>
+    <complexType name="AttributeType">
+        <sequence>
+            <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="NameFormat" type="anyURI" use="optional"/>
+        <attribute name="FriendlyName" type="string" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="AttributeValue" type="anyType"/>
+    <element name="EncryptedAttribute" type="saml:EncryptedAttributeType"/>
+    <complexType name="EncryptedAttributeType">
+        <group ref="saml:EncryptedType"/>
+    </complexType>
+</schema>
diff --git a/src/schemas/sstc-saml-schema-dce-2.0.xsd b/src/schemas/sstc-saml-schema-dce-2.0.xsd
new file mode 100644 (file)
index 0000000..4669428
--- /dev/null
@@ -0,0 +1,28 @@
+<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
+       xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
+       xmlns="http://www.w3.org/2001/XMLSchema"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+       version="2.0">
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-dce-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V2.0 (August, 2004):
+              Custom schema for DCE attribute profile, first published in SAML 2.0.
+        </documentation>
+    </annotation>
+       <complexType name="DCEValueType">
+               <simpleContent>
+                       <extension base="anyURI">
+                               <attribute ref="dce:Realm" use="optional"/>
+                               <attribute ref="dce:FriendlyName" use="optional"/>
+                       </extension>
+               </simpleContent>
+       </complexType>
+       <attribute name="Realm" type="anyURI"/>
+       <attribute name="FriendlyName" type="string"/>
+</schema>
+
diff --git a/src/schemas/sstc-saml-schema-ecp-2.0.xsd b/src/schemas/sstc-saml-schema-ecp-2.0.xsd
new file mode 100644 (file)
index 0000000..c26d428
--- /dev/null
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+        schemaLocation="sstc-saml-schema-protocol-2.0.xsd"/>
+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+        schemaLocation="sstc-saml-schema-assertion-2.0.xsd"/>
+    <import namespace="http://schemas.xmlsoap.org/soap/envelope/"
+        schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-ecp-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V2.0 (August, 2004):
+              Custom schema for ECP profile, first published in SAML 2.0.
+        </documentation>
+    </annotation>
+
+    <element name="Request" type="ecp:RequestType"/>
+    <complexType name="RequestType">
+        <sequence>
+            <element ref="saml:Issuer"/>
+            <element ref="samlp:IDPList" minOccurs="0"/>
+        </sequence>
+        <attribute ref="S:mustUnderstand" use="required"/>
+        <attribute ref="S:actor" use="required"/>
+        <attribute name="ProviderName" type="string" use="optional"/>
+        <attribute name="IsPassive" type="boolean" use="optional"/>
+    </complexType>
+    
+    <element name="Response" type="ecp:ResponseType"/>
+    <complexType name="ResponseType">
+        <attribute ref="S:mustUnderstand" use="required"/>
+        <attribute ref="S:actor" use="required"/>
+        <attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/>
+    </complexType>
+    
+    <element name="RelayState" type="ecp:RelayStateType"/>
+    <complexType name="RelayStateType">
+        <simpleContent>
+            <extension base="string">
+                <attribute ref="S:mustUnderstand" use="required"/>
+                <attribute ref="S:actor" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+</schema>
diff --git a/src/schemas/sstc-saml-schema-ldap-2.0.xsd b/src/schemas/sstc-saml-schema-ldap-2.0.xsd
new file mode 100644 (file)
index 0000000..0f8919f
--- /dev/null
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:LDAP"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-ldap-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V2.0 (August, 2004):
+              Custom schema for LDAP attribute profile, first published in SAML 2.0.
+        </documentation>
+    </annotation>
+    <attribute name="Encoding" type="string"/>
+</schema>
diff --git a/src/schemas/sstc-saml-schema-metadata-2.0.xsd b/src/schemas/sstc-saml-schema-metadata-2.0.xsd
new file mode 100644 (file)
index 0000000..495b38b
--- /dev/null
@@ -0,0 +1,343 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"
+        schemaLocation="xmldsig-core-schema.xsd"/>
+    <import namespace="http://www.w3.org/2001/04/xmlenc#"
+        schemaLocation="xenc-schema.xsd"/>
+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+        schemaLocation="sstc-saml-schema-assertion-2.0.xsd"/>
+    <import namespace="http://www.w3.org/XML/1998/namespace"
+        schemaLocation="xml.xsd"/>
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-metadata-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V2.0 (August, 2004):
+              Schema for SAML metadata, first published in SAML 2.0.
+        </documentation>
+    </annotation>
+
+    <simpleType name="entityIDType">
+        <restriction base="anyURI">
+            <maxLength value="1024"/>
+        </restriction>
+    </simpleType>
+    <complexType name="localizedNameType">
+        <simpleContent>
+            <extension base="string">
+                <attribute ref="xml:lang" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    <complexType name="localizedURIType">
+        <simpleContent>
+            <extension base="anyURI">
+                <attribute ref="xml:lang" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    
+    <element name="Extensions" type="md:ExtensionsType"/>
+    <complexType final="#all" name="ExtensionsType">
+        <sequence>
+            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    
+    <complexType name="EndpointType">
+        <sequence>
+            <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Binding" type="anyURI" use="required"/>
+        <attribute name="Location" type="anyURI" use="required"/>
+        <attribute name="ResponseLocation" type="anyURI" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    
+    <complexType name="IndexedEndpointType">
+        <complexContent>
+            <extension base="md:EndpointType">
+                <attribute name="index" type="unsignedShort" use="required"/>
+                <attribute name="isDefault" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    
+    <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
+    <complexType name="EntitiesDescriptorType">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <choice minOccurs="1" maxOccurs="unbounded">
+                <element ref="md:EntityDescriptor"/>
+                <element ref="md:EntitiesDescriptor"/>
+            </choice>
+        </sequence>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="ID" type="ID" use="optional"/>
+        <attribute name="Name" type="string" use="optional"/>
+    </complexType>
+
+    <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
+    <complexType name="EntityDescriptorType">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <choice>
+                <choice maxOccurs="unbounded">
+                    <element ref="md:RoleDescriptor"/>
+                    <element ref="md:IDPSSODescriptor"/>
+                    <element ref="md:SPSSODescriptor"/>
+                    <element ref="md:AuthnAuthorityDescriptor"/>
+                    <element ref="md:AttributeAuthorityDescriptor"/>
+                    <element ref="md:AttributeConsumerDescriptor"/>
+                    <element ref="md:PDPDescriptor"/>
+                    <any namespace="##other" processContents="lax"/>
+                </choice>
+                <element ref="md:AffiliationDescriptor"/>
+            </choice>
+            <element ref="md:Organization" minOccurs="0"/>
+            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="entityID" type="md:entityIDType" use="required"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="ID" type="ID" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    
+    <element name="Organization" type="md:OrganizationType"/>
+    <complexType name="OrganizationType">
+        <sequence>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:OrganizationName" maxOccurs="unbounded"/>
+            <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
+            <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
+        </sequence>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="OrganizationName" type="md:localizedNameType"/>
+    <element name="OrganizationDisplayName" type="md:localizedNameType"/>
+    <element name="OrganizationURL" type="md:localizedURIType"/>
+    <element name="ContactPerson" type="md:ContactType"/>
+    <complexType name="ContactType">
+        <sequence>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:Company" minOccurs="0"/>
+            <element ref="md:GivenName" minOccurs="0"/>
+            <element ref="md:SurName" minOccurs="0"/>
+            <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="contactType" type="md:ContactTypeType" use="required"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="Company" type="string"/>
+    <element name="GivenName" type="string"/>
+    <element name="SurName" type="string"/>
+    <element name="EmailAddress" type="anyURI"/>
+    <element name="TelephoneNumber" type="string"/>
+    <simpleType name="ContactTypeType">
+        <restriction base="string">
+            <enumeration value="technical"/>
+            <enumeration value="support"/>
+            <enumeration value="administrative"/>
+            <enumeration value="billing"/>
+            <enumeration value="other"/>
+        </restriction>
+    </simpleType>
+
+    <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
+    <complexType name="AdditionalMetadataLocationType">
+        <simpleContent>
+            <extension base="anyURI">
+                <attribute name="namespace" type="anyURI" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+
+    <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
+    <complexType name="RoleDescriptorType" abstract="true">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:Organization" minOccurs="0"/>
+            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="ID" type="ID" use="optional"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="protocolSupportEnumeration" type="NMTOKENS" use="required"/>
+        <attribute name="errorURL" type="anyURI" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
+    <complexType name="KeyDescriptorType">
+        <sequence>
+            <element ref="ds:KeyInfo"/>
+            <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="use" type="md:KeyTypes" use="optional"/>
+    </complexType>
+    <simpleType name="KeyTypes">
+        <restriction base="string">
+            <enumeration value="encryption"/>
+            <enumeration value="signing"/>
+        </restriction>
+    </simpleType>
+    <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
+    
+    <complexType name="SSODescriptorType" abstract="true">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
+    <element name="SingleLogoutService" type="md:EndpointType"/>
+    <element name="ManageNameIDService" type="md:EndpointType"/>
+    <element name="NameIDFormat" type="anyURI"/>
+
+    <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
+    <complexType name="IDPSSODescriptorType">
+        <complexContent>
+            <extension base="md:SSODescriptorType">
+                <sequence>
+                    <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="SingleSignOnService" type="md:EndpointType"/>
+    <element name="NameIDMappingService" type="md:EndpointType"/>
+    
+    <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
+    <complexType name="SPSSODescriptorType">
+        <complexContent>
+            <extension base="md:SSODescriptorType">
+                <sequence>
+                    <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
+                <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
+  
+    <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
+    <complexType name="AuthnAuthorityDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthnQueryService" type="md:EndpointType"/>
+    <element name="AssertionIDRequestService" type="md:EndpointType"/>
+
+    <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
+    <complexType name="PDPDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AuthzService" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthzService" type="md:EndpointType"/>
+
+    <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
+    <complexType name="AttributeAuthorityDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AttributeService" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AttributeService" type="md:EndpointType"/>
+    <element name="AttributeProfile" type="anyURI"/>
+
+    <element name="AttributeConsumerDescriptor" type="md:AttributeConsumerDescriptorType"/>
+    <complexType name="AttributeConsumerDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AttributeConsumingService" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
+    <complexType name="AttributeConsumingServiceType">
+        <sequence>
+            <element ref="md:ServiceName" maxOccurs="unbounded"/>
+            <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="index" type="unsignedShort" use="required"/>
+        <attribute name="isDefault" type="boolean" use="optional"/>
+        <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
+    </complexType>
+    <element name="ServiceName" type="md:localizedNameType"/>
+    <element name="ServiceDescription" type="md:localizedNameType"/>
+    <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
+    <complexType name="RequestedAttributeType">
+        <complexContent>
+            <extension base="saml:AttributeType">
+                <attribute name="isRequired" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    
+    <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
+    <complexType name="AffiliationDescriptorType">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
+            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="ID" type="ID" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="AffiliateMember" type="md:entityIDType"/>
+</schema>
diff --git a/src/schemas/sstc-saml-schema-protocol-2.0.xsd b/src/schemas/sstc-saml-schema-protocol-2.0.xsd
new file mode 100644 (file)
index 0000000..ccb755a
--- /dev/null
@@ -0,0 +1,302 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+        schemaLocation="sstc-saml-schema-assertion-2.0.xsd"/>
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"
+        schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+    <annotation>
+        <documentation>
+            Document identifier: draft-sstc-saml-schema-protocol-2.0-01
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V1.0 (November, 2002):
+              Initial Standard Schema.
+            V1.1 (September, 2003):
+              Updates within the same V1.0 namespace.
+            V2.0 (August, 2004):
+              New protocol schema based in a SAML V2.0 namespace.
+     </documentation>
+    </annotation>
+    <complexType name="RequestAbstractType" abstract="true">
+        <sequence>
+            <element ref="saml:Issuer" minOccurs="0"/>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="samlp:Extensions" minOccurs="0"/>
+        </sequence>
+        <attribute name="ID" type="ID" use="required"/>
+        <attribute name="Version" type="string" use="required"/>
+        <attribute name="IssueInstant" type="dateTime" use="required"/>
+       <attribute name="Consent" type="anyURI" use="optional"/>
+    </complexType>
+    <element name="Extensions" type="samlp:ExtensionsType"/>
+    <complexType name="ExtensionsType">
+        <sequence>
+            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <complexType name="StatusResponseType">
+       <sequence>
+            <element ref="saml:Issuer" minOccurs="0"/>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="samlp:Extensions" minOccurs="0"/>
+            <element ref="samlp:Status"/>
+       </sequence>
+       <attribute name="ID" type="ID" use="required"/>
+       <attribute name="InResponseTo" type="NCName" use="optional"/>
+       <attribute name="Version" type="string" use="required"/>
+       <attribute name="IssueInstant" type="dateTime" use="required"/>
+       <attribute name="Recipient" type="anyURI" use="optional"/>
+    </complexType>
+    <element name="Status" type="samlp:StatusType"/>
+    <complexType name="StatusType">
+        <sequence>
+            <element ref="samlp:StatusCode"/>
+            <element ref="samlp:StatusMessage" minOccurs="0"/>
+            <element ref="samlp:StatusDetail" minOccurs="0"/>
+        </sequence>
+    </complexType>
+    <element name="StatusCode" type="samlp:StatusCodeType"/>
+    <complexType name="StatusCodeType">
+        <sequence>
+            <element ref="samlp:StatusCode" minOccurs="0"/>
+        </sequence>
+        <attribute name="Value" type="anyURI" use="required"/>
+    </complexType>
+    <element name="StatusMessage" type="string"/>
+    <element name="StatusDetail" type="samlp:StatusDetailType"/>
+    <complexType name="StatusDetailType">
+        <sequence>
+            <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
+    <complexType name="AssertionIDRequestType">
+       <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+       </complexContent>
+    </complexType>
+    <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+    <complexType name="SubjectQueryAbstractType" abstract="true">
+       <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="saml:Subject"/>
+                </sequence>
+            </extension>
+       </complexContent>
+    </complexType>
+    <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
+    <complexType name="AuthnQueryType">
+        <complexContent>
+            <extension base="samlp:SubjectQueryAbstractType">
+                <sequence>
+                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+                </sequence>
+                <attribute name="SessionIndex" type="string" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
+    <complexType name="RequestedAuthnContextType">
+        <choice>
+            <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
+            <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
+        </choice>
+        <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
+    </complexType>
+    <simpleType name="AuthnContextComparisonType">
+        <restriction base="string">
+            <enumeration value="exact"/>
+            <enumeration value="minimum"/>
+            <enumeration value="maximum"/>
+            <enumeration value="better"/>
+        </restriction>
+    </simpleType>
+    <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+    <complexType name="AttributeQueryType">
+        <complexContent>
+            <extension base="samlp:SubjectQueryAbstractType">
+                <sequence>
+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
+    <complexType name="AuthzDecisionQueryType">
+        <complexContent>
+            <extension base="samlp:SubjectQueryAbstractType">
+                <sequence>
+                    <element ref="saml:Action" maxOccurs="unbounded"/>
+                    <element ref="saml:Evidence" minOccurs="0"/>
+                </sequence>
+                <attribute name="Resource" type="anyURI" use="required"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
+    <complexType name="AuthnRequestType">
+        <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="saml:Subject" minOccurs="0"/>
+                    <element ref="samlp:NameIDPolicy" minOccurs="0"/>
+                    <element ref="saml:Conditions" minOccurs="0"/>
+                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+                    <element ref="samlp:Scoping" minOccurs="0"/>
+                </sequence>
+                <attribute name="ForceAuthn" type="boolean" use="optional"/>
+                <attribute name="IsPassive" type="boolean" use="optional"/>
+                <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
+                <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
+                <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
+                <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
+                <attribute name="ProviderName" type="string" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
+    <complexType name="NameIDPolicyType">
+        <sequence/>
+        <attribute name="Format" type="anyURI" use="required"/>
+        <attribute name="SPNameQualifier" type="string" use="optional"/>
+        <attribute name="AllowCreate" type="boolean" use="optional"/>
+    </complexType>
+    <element name="Scoping" type="samlp:ScopingType"/>
+    <complexType name="ScopingType">
+        <sequence>
+            <element ref="samlp:IDPList" minOccurs="0"/>
+            <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
+    </complexType>
+    <element name="RequesterID" type="anyURI"/>
+    <element name="IDPList" type="samlp:IDPListType"/>
+    <complexType name="IDPListType">
+        <sequence>
+            <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
+            <element ref="samlp:GetComplete" minOccurs="0"/>
+        </sequence>
+    </complexType>
+    <element name="IDPEntry" type="samlp:IDPEntryType"/>
+    <complexType name="IDPEntryType">
+        <sequence/>
+        <attribute name="ProviderID" type="anyURI" use="required"/>
+        <attribute name="Name" type="string" use="optional"/>
+        <attribute name="Loc" type="anyURI" use="optional"/>
+    </complexType>
+    <element name="GetComplete" type="anyURI"/>
+    <element name="Response" type="samlp:ResponseType"/>
+    <complexType name="ResponseType">
+       <complexContent>
+            <extension base="samlp:StatusResponseType">
+                <choice minOccurs="0" maxOccurs="unbounded">
+                    <element ref="saml:Assertion"/>
+                    <element ref="saml:EncryptedAssertion"/>
+                </choice>
+            </extension>
+       </complexContent>
+    </complexType>
+    <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
+    <complexType name="ArtifactResolveType">
+       <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="samlp:Artifact"/>
+                </sequence>
+            </extension>
+       </complexContent>
+    </complexType>
+    <element name="Artifact" type="string"/>
+    <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
+    <complexType name="ArtifactResponseType">
+       <complexContent>
+            <extension base="samlp:StatusResponseType">
+                <sequence>
+                    <any namespace="##any" processContents="lax" minOccurs="0"/>
+                </sequence>
+            </extension>
+       </complexContent>
+    </complexType>
+    <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
+    <complexType name="ManageNameIDRequestType">
+       <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <choice>
+                        <element ref="saml:NameID"/>
+                        <element ref="saml:EncryptedID"/>
+                    </choice>
+                    <choice>
+                        <element ref="samlp:NewID"/>
+                        <element ref="samlp:NewEncryptedID"/>
+                        <element ref="samlp:Terminate"/>
+                    </choice>
+                </sequence>
+            </extension>
+       </complexContent>
+    </complexType>
+    <element name="NewID" type="string"/>
+    <element name="NewEncryptedID" type="saml:EncryptedIDType"/>
+    <element name="Terminate" type="samlp:TerminateType"/>
+    <complexType name="TerminateType"/>
+    <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
+    <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
+    <complexType name="LogoutRequestType">
+        <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <choice>
+                        <element ref="saml:BaseID"/>
+                        <element ref="saml:NameID"/>
+                        <element ref="saml:EncryptedID"/>
+                    </choice>
+                    <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="Reason" type="string" use="optional"/>
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="SessionIndex" type="string"/>
+    <element name="LogoutResponse" type="samlp:StatusResponseType"/>
+    <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
+    <complexType name="NameIDMappingRequestType">
+        <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <choice>
+                        <element ref="saml:BaseID"/>
+                        <element ref="saml:NameID"/>
+                        <element ref="saml:EncryptedID"/>
+                    </choice>
+                    <element ref="samlp:NameIDPolicy"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
+    <complexType name="NameIDMappingResponseType">
+        <complexContent>
+            <extension base="samlp:StatusResponseType">
+                <choice>
+                    <element ref="saml:NameID"/>
+                    <element ref="saml:EncryptedID"/>
+                </choice>
+            </extension>
+        </complexContent>
+    </complexType>
+</schema>
diff --git a/src/schemas/sstc-saml-schema-xacml-2.0.xsd b/src/schemas/sstc-saml-schema-xacml-2.0.xsd
new file mode 100644 (file)
index 0000000..34500f1
--- /dev/null
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-xacml-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+            V2.0 (August, 2004):
+              Custom schema for XACML attribute profile, first published in SAML 2.0.
+        </documentation>
+    </annotation>
+    <attribute name="DataType" type="anyURI"/>
+</schema>
diff --git a/src/schemas/xenc-schema.xsd b/src/schemas/xenc-schema.xsd
new file mode 100644 (file)
index 0000000..85af68b
--- /dev/null
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema  PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
+ "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+   <!ATTLIST schema
+     xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
+     xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
+   <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
+   <!ENTITY % p ''>
+   <!ENTITY % s ''>
+  ]>
+
+<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
+        xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
+        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
+        targetNamespace='http://www.w3.org/2001/04/xmlenc#'
+        elementFormDefault='qualified'>
+
+  <import namespace='http://www.w3.org/2000/09/xmldsig#'
+          schemaLocation='http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd'/>
+
+  <complexType name='EncryptedType' abstract='true'>
+    <sequence>
+      <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
+       minOccurs='0'/>
+      <element ref='ds:KeyInfo' minOccurs='0'/>
+      <element ref='xenc:CipherData'/>
+      <element ref='xenc:EncryptionProperties' minOccurs='0'/>
+    </sequence>
+    <attribute name='Id' type='ID' use='optional'/>
+    <attribute name='Type' type='anyURI' use='optional'/>
+    <attribute name='MimeType' type='string' use='optional'/>
+    <attribute name='Encoding' type='anyURI' use='optional'/>
+  </complexType>
+  
+  <complexType name='EncryptionMethodType' mixed='true'>
+    <sequence>
+      <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
+      <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
+      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='Algorithm' type='anyURI' use='required'/>
+  </complexType>
+
+    <simpleType name='KeySizeType'>
+      <restriction base="integer"/>
+    </simpleType>
+
+  <element name='CipherData' type='xenc:CipherDataType'/>
+  <complexType name='CipherDataType'>
+     <choice>
+       <element name='CipherValue' type='base64Binary'/>
+       <element ref='xenc:CipherReference'/>
+     </choice>
+    </complexType>
+
+   <element name='CipherReference' type='xenc:CipherReferenceType'/>
+   <complexType name='CipherReferenceType'>
+       <choice>
+         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
+       </choice>
+       <attribute name='URI' type='anyURI' use='required'/>
+   </complexType>
+
+     <complexType name='TransformsType'>
+       <sequence>
+         <element ref='ds:Transform' maxOccurs='unbounded'/>
+       </sequence>
+     </complexType>
+
+
+  <element name='EncryptedData' type='xenc:EncryptedDataType'/>
+  <complexType name='EncryptedDataType'>
+    <complexContent>
+      <extension base='xenc:EncryptedType'>
+       </extension>
+    </complexContent>
+  </complexType>
+
+  <!-- Children of ds:KeyInfo -->
+
+  <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
+  <complexType name='EncryptedKeyType'>
+    <complexContent>
+      <extension base='xenc:EncryptedType'>
+        <sequence>
+          <element ref='xenc:ReferenceList' minOccurs='0'/>
+          <element name='CarriedKeyName' type='string' minOccurs='0'/>
+        </sequence>
+        <attribute name='Recipient' type='string'
+         use='optional'/>
+      </extension>
+    </complexContent>
+  </complexType>
+
+    <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
+    <complexType name="AgreementMethodType" mixed="true">
+      <sequence>
+        <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
+        <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
+        <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+        <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+        <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+      </sequence>
+      <attribute name="Algorithm" type="anyURI" use="required"/>
+    </complexType>
+
+  <!-- End Children of ds:KeyInfo -->
+
+  <element name='ReferenceList'>
+    <complexType>
+      <choice minOccurs='1' maxOccurs='unbounded'>
+        <element name='DataReference' type='xenc:ReferenceType'/>
+        <element name='KeyReference' type='xenc:ReferenceType'/>
+      </choice>
+    </complexType>
+  </element>
+
+  <complexType name='ReferenceType'>
+    <sequence>
+      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='URI' type='anyURI' use='required'/>
+  </complexType>
+
+
+  <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
+  <complexType name='EncryptionPropertiesType'>
+    <sequence>
+      <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='Id' type='ID' use='optional'/>
+  </complexType>
+
+    <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
+    <complexType name='EncryptionPropertyType' mixed='true'>
+      <choice maxOccurs='unbounded'>
+        <any namespace='##other' processContents='lax'/>
+      </choice>
+      <attribute name='Target' type='anyURI' use='optional'/>
+      <attribute name='Id' type='ID' use='optional'/>
+      <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
+    </complexType>
+
+</schema>
+