Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
saml-metadata-2.0-schema-flattened/schemas/shibboleth.xsd
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
300 lines (270 sloc)
11.4 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="US-ASCII"?> | |
| <schema targetNamespace="urn:mace:shibboleth:1.0" | |
| xmlns="http://www.w3.org/2001/XMLSchema" | |
| xmlns:ds="http://www.w3.org/2000/09/xmldsig#" | |
| xmlns:xml="http://www.w3.org/XML/1998/namespace" | |
| xmlns:shib="urn:mace:shibboleth:1.0" | |
| elementFormDefault="qualified" | |
| attributeFormDefault="unqualified" | |
| version="1.3"> | |
| <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> | |
| <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/> | |
| <!-- Status-Related Information --> | |
| <!-- | |
| The following SAML sub-status codes are defined in this namespace: | |
| "InvalidHandle" | |
| Used with samlp:Requester, signals AA did not recognize handle as valid | |
| --> | |
| <!-- | |
| Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents | |
| anyAttribute content appearing on anyType. It works in 2.2 but not in later versions. | |
| --> | |
| <complexType name="AttributeValueType" mixed="true"> | |
| <annotation> | |
| <documentation xml:lang="en"> | |
| By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type. | |
| </documentation> | |
| </annotation> | |
| <complexContent> | |
| <extension base="anyType"/> | |
| </complexContent> | |
| </complexType> | |
| <!-- Attribute Acceptance Policies --> | |
| <simpleType name="AttributeRuleValueType"> | |
| <restriction base="string"> | |
| <enumeration value="literal"/> | |
| <enumeration value="regexp"/> | |
| <enumeration value="xpath"/> | |
| </restriction> | |
| </simpleType> | |
| <complexType name="SiteRuleType"> | |
| <sequence> | |
| <element name="Scope" minOccurs="0" maxOccurs="unbounded"> | |
| <complexType> | |
| <simpleContent> | |
| <extension base="string"> | |
| <attribute name="Accept" type="boolean" use="optional" default="true"/> | |
| <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/> | |
| <anyAttribute namespace="##other" processContents="lax"/> | |
| </extension> | |
| </simpleContent> | |
| </complexType> | |
| </element> | |
| <choice minOccurs="0"> | |
| <element name="AnyValue"> | |
| <complexType> | |
| <sequence/> | |
| <anyAttribute namespace="##other" processContents="lax"/> | |
| </complexType> | |
| </element> | |
| <element name="Value" maxOccurs="unbounded"> | |
| <complexType> | |
| <simpleContent> | |
| <extension base="string"> | |
| <attribute name="Accept" type="boolean" use="optional" default="true"/> | |
| <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/> | |
| <anyAttribute namespace="##other" processContents="lax"/> | |
| </extension> | |
| </simpleContent> | |
| </complexType> | |
| </element> | |
| </choice> | |
| </sequence> | |
| </complexType> | |
| <element name="AnySite" type="shib:SiteRuleType"/> | |
| <element name="SiteRule"> | |
| <complexType> | |
| <complexContent> | |
| <extension base="shib:SiteRuleType"> | |
| <attribute name="Name" type="string" use="required"/> | |
| <anyAttribute namespace="##other" processContents="lax"/> | |
| </extension> | |
| </complexContent> | |
| </complexType> | |
| </element> | |
| <complexType name="AttributeRuleType"> | |
| <sequence> | |
| <element ref="shib:AnySite" minOccurs="0"/> | |
| <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/> | |
| </sequence> | |
| <attribute name="Name" type="string" use="required"/> | |
| <attribute name="Namespace" type="string" use="optional"/> | |
| <attribute name="Alias" type="string" use="optional"/> | |
| <attribute name="Header" type="string" use="optional"/> | |
| <attribute name="Scoped" type="boolean" use="optional" default="false"/> | |
| <attribute name="CaseSensitive" type="boolean" use="optional" default="true"/> | |
| <anyAttribute namespace="##other" processContents="lax"/> | |
| </complexType> | |
| <element name="AttributeRule" type="shib:AttributeRuleType"> | |
| <key name="SiteRuleKey"> | |
| <selector xpath="./shib:SiteRule"/> | |
| <field xpath="@Name"/> | |
| </key> | |
| </element> | |
| <element name="AttributeAcceptancePolicy"> | |
| <complexType> | |
| <sequence> | |
| <element name="AnyAttribute" minOccurs="0"> | |
| <complexType> | |
| <sequence/> | |
| </complexType> | |
| </element> | |
| <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/> | |
| </sequence> | |
| <anyAttribute namespace="##other" processContents="lax"/> | |
| </complexType> | |
| </element> | |
| <!-- Shibboleth Metadata --> | |
| <complexType name="SiteType"> | |
| <annotation> | |
| <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation> | |
| </annotation> | |
| <sequence> | |
| <element name="Alias" minOccurs="0" maxOccurs="unbounded"> | |
| <complexType> | |
| <simpleContent> | |
| <extension base="string"> | |
| <attribute ref="xml:lang"/> | |
| </extension> | |
| </simpleContent> | |
| </complexType> | |
| </element> | |
| <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/> | |
| </sequence> | |
| <attribute name="Name" type="string" use="required"/> | |
| <attribute name="ErrorURL" type="anyURI" use="optional"/> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| <simpleType name="ContactTypeType"> | |
| <restriction base="string"> | |
| <enumeration value="technical"/> | |
| <enumeration value="support"/> | |
| <enumeration value="administrative"/> | |
| <enumeration value="billing"/> | |
| <enumeration value="other"/> | |
| </restriction> | |
| </simpleType> | |
| <complexType name="ContactType"> | |
| <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation> | |
| <sequence/> | |
| <attribute name="Type" type="shib:ContactTypeType" use="required"/> | |
| <attribute name="Name" type="string" use="required"/> | |
| <attribute name="Email" type="string" use="optional"/> | |
| </complexType> | |
| <complexType name="regexp_string"> | |
| <annotation> | |
| <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation> | |
| </annotation> | |
| <simpleContent> | |
| <extension base="string"> | |
| <attribute name="regexp" type="boolean" use="optional" default="false"/> | |
| </extension> | |
| </simpleContent> | |
| </complexType> | |
| <complexType name="AuthorityType"> | |
| <annotation> | |
| <documentation xml:lang="en">Metadata about a SAML authority.</documentation> | |
| </annotation> | |
| <sequence/> | |
| <attribute name="Name" type="string" use="required"/> | |
| <attribute name="Location" type="anyURI" use="required"/> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| <complexType name="OriginSiteType"> | |
| <annotation> | |
| <documentation xml:lang="en"> | |
| Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping. | |
| </documentation> | |
| </annotation> | |
| <complexContent> | |
| <extension base="shib:SiteType"> | |
| <sequence> | |
| <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/> | |
| <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/> | |
| <element ref="shib:Domain" minOccurs="0" maxOccurs="unbounded"/> | |
| </sequence> | |
| </extension> | |
| </complexContent> | |
| </complexType> | |
| <element name="Domain" type="shib:regexp_string"> | |
| <annotation> | |
| <documentation xml:lang="en">A metadata extension used to regulate allowable attribute scopes.</documentation> | |
| </annotation> | |
| </element> | |
| <complexType name="DestinationSiteType"> | |
| <annotation> | |
| <documentation xml:lang="en"> | |
| Destination sites add at least one attribute requester (with a name). | |
| </documentation> | |
| </annotation> | |
| <complexContent> | |
| <extension base="shib:SiteType"> | |
| <sequence> | |
| <element name="AssertionConsumerServiceURL" maxOccurs="unbounded"> | |
| <complexType> | |
| <attribute name="Location" type="string" use="required"/> | |
| <attribute name="Id" type="string" use="optional"/> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| </element> | |
| <element name="AttributeRequester" maxOccurs="unbounded"> | |
| <complexType> | |
| <attribute name="Name" type="string" use="required"/> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| </element> | |
| </sequence> | |
| </extension> | |
| </complexContent> | |
| </complexType> | |
| <complexType name="SiteGroupType"> | |
| <annotation> | |
| <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation> | |
| </annotation> | |
| <sequence> | |
| <choice maxOccurs="unbounded"> | |
| <element ref="shib:OriginSite"/> | |
| <element ref="shib:DestinationSite"/> | |
| <element ref="shib:SiteGroup"/> | |
| </choice> | |
| <element ref="ds:Signature" minOccurs="0"/> | |
| </sequence> | |
| <attribute name="Name" type="string" use="required"/> | |
| <attribute name="lastChanged" type="dateTime" use="optional"/> | |
| <attribute name="validUntil" type="dateTime" use="optional"/> | |
| <attribute name="cacheDuration" type="duration" use="optional"/> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| <element name="OriginSite" type="shib:OriginSiteType"/> | |
| <element name="DestinationSite" type="shib:DestinationSiteType"/> | |
| <element name="SiteGroup" type="shib:SiteGroupType"/> | |
| <!-- Old (pre 1.2) Trust Metadata --> | |
| <complexType name="KeyAuthorityType"> | |
| <annotation> | |
| <documentation xml:lang="en"> | |
| Binds a set of keying material to one or more named system entities. | |
| </documentation> | |
| </annotation> | |
| <sequence> | |
| <element ref="ds:KeyInfo"/> | |
| <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/> | |
| </sequence> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| <element name="KeyAuthority" type="shib:KeyAuthorityType"/> | |
| <element name="Trust"> | |
| <annotation> | |
| <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation> | |
| </annotation> | |
| <complexType> | |
| <sequence> | |
| <element ref="shib:KeyAuthority" maxOccurs="unbounded"/> | |
| <element ref="ds:Signature" minOccurs="0"/> | |
| </sequence> | |
| <attribute name="lastChanged" type="dateTime" use="optional"/> | |
| <attribute name="validUntil" type="dateTime" use="optional"/> | |
| <attribute name="cacheDuration" type="duration" use="optional"/> | |
| <anyAttribute namespace="##any" processContents="lax"/> | |
| </complexType> | |
| </element> | |
| </schema> |