diff --git a/.gitignore b/.gitignore index cffaacc1..e33cdbfc 100644 --- a/.gitignore +++ b/.gitignore @@ -100,6 +100,9 @@ # /mdx/nz_tuakiri/ /mdx/nz_tuakiri/imported.xml +# /mdx/pl_pionier/ +/mdx/pl_pionier/imported.xml + # /mdx/se_swamid/ /mdx/se_swamid/imported.xml diff --git a/charting/keynames.pl b/attic/keynames.pl similarity index 100% rename from charting/keynames.pl rename to attic/keynames.pl diff --git a/charting/keynames_inner.pl b/attic/keynames_inner.pl similarity index 100% rename from charting/keynames_inner.pl rename to attic/keynames_inner.pl diff --git a/build.xml b/build.xml index dbada01f..d4b272fb 100644 --- a/build.xml +++ b/build.xml @@ -286,6 +286,10 @@ @@ -293,11 +297,6 @@ Verifying @{i}... - - - + + + + Verifying @{i}... + + + + + + + + + + + + + + Verifying metadata held at ${remote.url} - - - + + + - + Verification completed. @@ -398,7 +428,7 @@ - + Generated UK unsigned metadata. @@ -628,7 +658,7 @@ - + @@ -762,9 +792,12 @@ - + Verifying signed UK metadata. - + Verifying signed UK WAYF metadata. - + Verifying signed UK CDS full metadata. - + Verifying signed UK test metadata. - + Verifying signed UK export metadata. - + Verifying signed UK fallback metadata. - + Verification completed. @@ -818,7 +851,7 @@ Imported metadata to ${entities.dir}/imported.xml - + + @@ -980,6 +1014,7 @@ + @@ -1008,6 +1043,7 @@ + @@ -1043,6 +1079,7 @@ + @@ -1094,6 +1131,7 @@ + @@ -1161,7 +1199,7 @@ --> - + + + + + \ No newline at end of file diff --git a/charting/fetch.pl b/charting/fetch.pl index f43803ef..eb50eb40 100755 --- a/charting/fetch.pl +++ b/charting/fetch.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # fetch.pl diff --git a/charting/saml2.pl b/charting/saml2.pl index c5ba8b28..a0ccde17 100755 --- a/charting/saml2.pl +++ b/charting/saml2.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # saml2.pl diff --git a/charting/scopes.pl b/charting/scopes.pl index 3e1a151d..87de05aa 100755 --- a/charting/scopes.pl +++ b/charting/scopes.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # scopes.pl diff --git a/charting/sizes.pl b/charting/sizes.pl index 0efab7f2..0191da03 100755 --- a/charting/sizes.pl +++ b/charting/sizes.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # sizes.pl diff --git a/charting/trust.pl b/charting/trust.pl index 5f5a74eb..b5a70f1e 100755 --- a/charting/trust.pl +++ b/charting/trust.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl -w # # trust.pl diff --git a/mdx/_rules/check_future_0.xsl b/mdx/_rules/check_future_0.xsl index aef9a141..fe932075 100644 --- a/mdx/_rules/check_future_0.xsl +++ b/mdx/_rules/check_future_0.xsl @@ -30,10 +30,4 @@ --> - - - service provider with KeyName element - - - diff --git a/mdx/_rules/check_mdiop.xsl b/mdx/_rules/check_mdiop.xsl index 167cdaf3..ac3104fd 100644 --- a/mdx/_rules/check_mdiop.xsl +++ b/mdx/_rules/check_mdiop.xsl @@ -25,15 +25,8 @@ diff --git a/mdx/_rules/check_reqattr.xsl b/mdx/_rules/check_reqattr.xsl index 19c3bb27..6840a020 100644 --- a/mdx/_rules/check_reqattr.xsl +++ b/mdx/_rules/check_reqattr.xsl @@ -233,14 +233,15 @@ "> - RequestedAttribute uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + RequestedAttribute ( ) + uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat @@ -289,14 +290,15 @@ "> - RequestedAttribute uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + RequestedAttribute ( ) + uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat diff --git a/mdx/_rules/check_uk_trust.xsl b/mdx/_rules/check_uk_trust.xsl index 378c3a30..6db92755 100644 --- a/mdx/_rules/check_uk_trust.xsl +++ b/mdx/_rules/check_uk_trust.xsl @@ -104,4 +104,15 @@ + + + + entity has legacy KeyName element + + + diff --git a/mdx/at_aconet/beans.xml b/mdx/at_aconet/beans.xml index e0bf7b64..5f8c9f5c 100644 --- a/mdx/at_aconet/beans.xml +++ b/mdx/at_aconet/beans.xml @@ -53,7 +53,7 @@ - + diff --git a/mdx/au_aaf/beans.xml b/mdx/au_aaf/beans.xml index 9b8c9027..d4f96cbc 100644 --- a/mdx/au_aaf/beans.xml +++ b/mdx/au_aaf/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/be_belnet/beans.xml b/mdx/be_belnet/beans.xml index 0770259e..d1a01ddc 100644 --- a/mdx/be_belnet/beans.xml +++ b/mdx/be_belnet/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/br_cafe/beans.xml b/mdx/br_cafe/beans.xml index 0d00e8da..ff752e9b 100644 --- a/mdx/br_cafe/beans.xml +++ b/mdx/br_cafe/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/ca_caf/beans.xml b/mdx/ca_caf/beans.xml index e9b6a659..762b6185 100644 --- a/mdx/ca_caf/beans.xml +++ b/mdx/ca_caf/beans.xml @@ -53,7 +53,7 @@ This one is used to sign the eduGAIN aggregate. --> - + @@ -74,7 +74,7 @@ This one is used to sign the production aggregate. --> - + diff --git a/mdx/ch_switchaai/beans.xml b/mdx/ch_switchaai/beans.xml index c1a3099a..1018fbb6 100644 --- a/mdx/ch_switchaai/beans.xml +++ b/mdx/ch_switchaai/beans.xml @@ -51,7 +51,7 @@ - + @@ -62,7 +62,7 @@ - + diff --git a/mdx/cl_cofre/beans.xml b/mdx/cl_cofre/beans.xml index dbac3d67..6d2d9bf1 100644 --- a/mdx/cl_cofre/beans.xml +++ b/mdx/cl_cofre/beans.xml @@ -36,7 +36,7 @@ - + diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml index bfbbf897..31b300e1 100644 --- a/mdx/common-beans.xml +++ b/mdx/common-beans.xml @@ -53,7 +53,8 @@ Parent for anything based on the Shibboleth component system. These all require initialization before use. --> - + + + + + + + + + + + + + + - - - + + + @@ -785,104 +806,104 @@ so that the parser is not required to explicitly resolve any imports. --> - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/mdx/conventions.md b/mdx/conventions.md index b5483772..4eb41a15 100644 --- a/mdx/conventions.md +++ b/mdx/conventions.md @@ -8,6 +8,8 @@ Because these conventions have been developed over time, and are still being dev An underscore ('`_`') at the start of a directory name indicates that the directory is functional rather than containing a channel. +Note that the `schema` directory is functional but does not follow this convention, instead following the convention established for classpath schema resources used by the Shibboleth project. + ### OpenSSL Blacklists Directory The `_openssl_blacklists` directory holds a copy of the Debian weak key blacklists, extracted from Debian 7.2 "Wheezy". These blacklists are in OpenSSL format. @@ -16,10 +18,14 @@ The `_openssl_blacklists` directory holds a copy of the Debian weak key blacklis The `_rules` subdirectory of `/mdx/` holds checking rulesets. +### Schema Directory + +The `schema` subdirectory of `/mdx/` contains the XML schema files used to validate metadata. This directory name does not use the `'_'` convention but instead matches up with the conventional location for schemas used by the Shibboleth project. + ## Channels Each directory under `/mdx/` whose name does not start with an underscore -represents a source of metadata, referred to as a +(and is not `schema`) represents a source of metadata, referred to as a channel. In most cases, a channel corresponds to a access management federation. Most channels are named in the form "*country*`_`*source*". For example, diff --git a/mdx/cz_eduid/beans.xml b/mdx/cz_eduid/beans.xml index 14796823..1f362147 100644 --- a/mdx/cz_eduid/beans.xml +++ b/mdx/cz_eduid/beans.xml @@ -61,7 +61,7 @@ - + diff --git a/mdx/de_dfnaai/beans.xml b/mdx/de_dfnaai/beans.xml index 3a2aa126..b41be534 100644 --- a/mdx/de_dfnaai/beans.xml +++ b/mdx/de_dfnaai/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/dk_wayf/beans.xml b/mdx/dk_wayf/beans.xml index f48d060f..bbc9b5b9 100644 --- a/mdx/dk_wayf/beans.xml +++ b/mdx/dk_wayf/beans.xml @@ -111,7 +111,7 @@ This one is used to sign the eduGAIN aggregate. --> - + diff --git a/mdx/es_sir/beans.xml b/mdx/es_sir/beans.xml index 7e81b926..d9224f60 100644 --- a/mdx/es_sir/beans.xml +++ b/mdx/es_sir/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/fi_haka/beans.xml b/mdx/fi_haka/beans.xml index 897ca7f2..65f304c5 100644 --- a/mdx/fi_haka/beans.xml +++ b/mdx/fi_haka/beans.xml @@ -51,7 +51,7 @@ - + @@ -71,7 +71,7 @@ - + diff --git a/mdx/fr_renater/beans.xml b/mdx/fr_renater/beans.xml index e7c4fa06..c44d5609 100644 --- a/mdx/fr_renater/beans.xml +++ b/mdx/fr_renater/beans.xml @@ -67,7 +67,7 @@ - + @@ -87,7 +87,7 @@ - + diff --git a/mdx/gr_grnet/beans.xml b/mdx/gr_grnet/beans.xml index a207f23f..ffafabdc 100644 --- a/mdx/gr_grnet/beans.xml +++ b/mdx/gr_grnet/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/hr_eduhr/beans.xml b/mdx/hr_eduhr/beans.xml index ef923582..1e7475c6 100644 --- a/mdx/hr_eduhr/beans.xml +++ b/mdx/hr_eduhr/beans.xml @@ -35,7 +35,7 @@ - + diff --git a/mdx/hu_eduid/beans.xml b/mdx/hu_eduid/beans.xml index b94fcb34..c41a043f 100644 --- a/mdx/hu_eduid/beans.xml +++ b/mdx/hu_eduid/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/ie_edugate/beans.xml b/mdx/ie_edugate/beans.xml index c548b94c..035a8b76 100644 --- a/mdx/ie_edugate/beans.xml +++ b/mdx/ie_edugate/beans.xml @@ -41,7 +41,7 @@ - + diff --git a/mdx/int_cobweb/beans.xml b/mdx/int_cobweb/beans.xml index 063fb9a7..b8172aab 100644 --- a/mdx/int_cobweb/beans.xml +++ b/mdx/int_cobweb/beans.xml @@ -35,7 +35,7 @@ - + diff --git a/mdx/int_edugain/beans.xml b/mdx/int_edugain/beans.xml index 044ecb99..59a2cbd7 100644 --- a/mdx/int_edugain/beans.xml +++ b/mdx/int_edugain/beans.xml @@ -28,7 +28,7 @@ --> - + @@ -64,7 +64,7 @@ - + @@ -75,7 +75,7 @@ - diff --git a/mdx/int_reep/readme.md b/mdx/int_reep/readme.md new file mode 100644 index 00000000..9059b91d --- /dev/null +++ b/mdx/int_reep/readme.md @@ -0,0 +1,5 @@ +# `int_reep` Channel + +REEP (RE:EP) is at . + +Ian Young's blog post authenticating the key is at . diff --git a/mdx/int_reep/reep.pem b/mdx/int_reep/reep.pem new file mode 100644 index 00000000..6627d0ab --- /dev/null +++ b/mdx/int_reep/reep.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQCX5/wCyztEuTANBgkqhkiG9w0BAQsFADA0MRQwEgYDVQQDEwtS +RUVQIFNpZ25lcjEPMA0GA1UEChMGVGVyZW5hMQswCQYDVQQGEwJOTDAeFw0xNDA1 +MTgxNjU0NTVaFw0zNDA1MTMxNjU0NTVaMDQxFDASBgNVBAMTC1JFRVAgU2lnbmVy +MQ8wDQYDVQQKEwZUZXJlbmExCzAJBgNVBAYTAk5MMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAraN3xmgiLsThsSSopG8j4dc3HHGSlhN8o0dZrmbkXUlt +Amp/xjUesSRAguNgxETM42Cpr9A/YBqOJy7IVODsDolsXMvxY1Nyo7ddplEdskaw +Tj2llNmGbeeznlUem5WCDO+1KQqHHtm4SLumquXVswmWIbQNK6rIJ4NJsHAK7N4P +gTanVz/YPRbFt6z/zRH4Ck+Bc1aF2/koryQLMygVDkHAokIl0S9FZ6oI0gWePrtt +7LzvSCoB/yP3JIjCWoheyI7O9iCfkpcPv2c5H0aWVigWF3uPsEFAhnbCn/PI00L5 +lc8/00REu7MNjGarNoYdy2/E4nE4R4vgw4g04fWlDpbKVoeOOyOZSZMfSsIe/UkN +R7B9zFbWE80laL6dy4WPMS1amovWWVOrZ0fY8EXJ5mEzbtLk6/LBd3dnhrx5BH6g +0xTUWQl2sodm/e0xn7M5pRESLhGNPXG88fT4yzgIj5vlE0OCLGUFs7EhNCz+UJ1o +1va8EdpnN8HG3RwNOTd0S1a9N9Q30VLUBjKK3bP/Mi0PcIKphgpfykIgStziIa59 +aqyVFSztSJiICiSvfWGDDOW4NneS+2iuNhq89lBxXdIE1mvdBZBcMUe7DQm/EGRw +AFlvqrXdnxtMHzgRW9Fp/vQEeuWbiFnvmpzcMja2Pn4jPg/RhgzLXyXIPYMm69EC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEASmjLZdqxm1OA4xCV/iDJp5h3rFG71VfO +3HIBH8pywUuygd90+MogvmMwUTWGeFqltHmSNM8qMtqzd6lLA9fu+BRnNt7ZLTSt +r9auetvNtZ/637njRXVKeJnf2HWjI7B0uO1FjStjS2/CQ5DnAhaxlkbomGEQL4Jq +sEijx6MB+fibNfkYibbDNjaFVMPtGQChbmudhQ7e3GjAoRVR5SLZncJQcXREwxhU +D9BOhtLEBnnhBX+h12PUyJ16PvkRiysxldltYZ5Ai+lAIlq+I6xwsuyALpZSKKVl +QfwcQh0j1PZKNF6cw315Zj/5h5HeV7ORCdSsgec9Pp8a1sguvNl6SnjqZzrli5ni +vyrkStaYMuCS09QIfi3OtafZUw5T0i8OjS3oCETAIyYuGQHRP9M5zG9ViuOvuUPD +I7Q0KHbFzHb+9NBTSZsuusE9FYojcb43XR/r2/vBQF7RcSqlbjqtVZW9+pZtRBxf +p8b7s3/eSqhEgqdVR0szXkEMrbx2UxbwFD19CnLn2wbmtRqlPwzX9zfdD4GUeko3 +WiG1NLAsc9vgApu0+n3km+CrizXOI/4qWMGA1dY7cOExaBkuFFavs/iI+rjSFg/I +MlRaKTd4WBSuPjMoHrH+1KGsu/2TWK0iQ3VuoJchMnuEMocVPqRU4E8xw/8K+BYW +j2BnINSs6EE= +-----END CERTIFICATE----- diff --git a/mdx/int_reep/reep.pem.asc b/mdx/int_reep/reep.pem.asc new file mode 100644 index 00000000..e4c478e7 --- /dev/null +++ b/mdx/int_reep/reep.pem.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAABCAAGBQJTfgP4AAoJEJqATpfXB5x31X8QAJavS8CTMQu34J+6ihQGbnjj +VheO8XUK8iMVe0aI4dT8T94ot3jnR7w6StfeGy3G0ASP9OrAPzlN5rqbkqE75wnu +/s0oiFrGbY+TWhY2ptNkozWuE27jMTJmjJGbgmHejrQDiyIR7mTuZf5K+U8a2hZV +DlqYfSjzlLeuVh/H+ygnMHSn/UZZRQ7rqz7DPwF1SAXHBiW+Q1PsuOgKTTrZQa2X +PMQG3vSfZPWdoEB3pRApAXZsUqhxe3wLvJWkgCQ0mMhXvO1J5CvaISnDjuUm2klt +qCeOhGaAlWumL1Xr8Y6Gi/p5ATn/SRjlg3uDa4f3uVpYRGmqZwoQEvq6JkGqhDyE +mEoVGD4Ud4MfUtZkgLXOJ22RODjckkJbBySFYJjosuQ9w5rviJwPMBBjTZw4lNBS +58VGy6puzEkCcJzlVynzjQi9bn83EDVNKD00Q8cOSJxRjqwQ0YYIM22EypDNmgiV +ZS7xxmClwp9QS+r7x+0+xkNnG4IQHRZXvJglIMh0PyrjkDloGw6AUUOYNyHQOnqw +URwjR5cpYZ2rZ3fRUFtCgaZ+tvdfbVxTBG8ZuqGw6zzPho3AEXwqW/PtJTej1aQr +Mxm7xBc21URhXYkSr98qxsQyIJikNRHS2DkEWybDnNBc4SBbl4SjmThRNnxjUiC8 +UBnJ48ZYrmFMumowGqoO +=wDWv +-----END PGP SIGNATURE----- diff --git a/mdx/it_idem/beans.xml b/mdx/it_idem/beans.xml index 5ba7a3b5..8c525b66 100644 --- a/mdx/it_idem/beans.xml +++ b/mdx/it_idem/beans.xml @@ -51,7 +51,7 @@ - + diff --git a/mdx/jp_gakunin/beans.xml b/mdx/jp_gakunin/beans.xml index 4baf5226..40bad0a2 100644 --- a/mdx/jp_gakunin/beans.xml +++ b/mdx/jp_gakunin/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/lv_laife/beans.xml b/mdx/lv_laife/beans.xml index 68764bd7..3226c03d 100644 --- a/mdx/lv_laife/beans.xml +++ b/mdx/lv_laife/beans.xml @@ -54,7 +54,7 @@ This certificate is used to sign the eduGAIN aggregate, but the production aggregate is not signed. --> - + diff --git a/mdx/nl_surfconext/beans.xml b/mdx/nl_surfconext/beans.xml index 58a823f0..24ad1cb5 100644 --- a/mdx/nl_surfconext/beans.xml +++ b/mdx/nl_surfconext/beans.xml @@ -23,7 +23,7 @@ - + diff --git a/mdx/nl_surfconext/engine.surfconext.nl.pem b/mdx/nl_surfconext/engine.surfconext.nl.pem new file mode 100644 index 00000000..b405d2b7 --- /dev/null +++ b/mdx/nl_surfconext/engine.surfconext.nl.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3zCCAsegAwIBAgIJAMVC9xn1ZfsuMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYD +VQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMG +A1UECgwMU1VSRm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSYwJAYDVQQD +DB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAyMDE0MDUwNTAeFw0xNDA1MDUxNDIyMzVa +Fw0xOTA1MDUxNDIyMzVaMIGFMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNo +dDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VSRm5ldCBCLlYuMRMwEQYD +VQQLDApTVVJGY29uZXh0MSYwJAYDVQQDDB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAy +MDE0MDUwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKthMDbB0jKH +efPzmRu9t2h7iLP4wAXr42bHpjzTEk6gttHFb4l/hFiz1YBI88TjiH6hVjnozo/Y +HA2c51us+Y7g0XoS7653lbUN/EHzvDMuyis4Xi2Ijf1A/OUQfH1iFUWttIgtWK9+ +fatXoGUS6tirQvrzVh6ZstEp1xbpo1SF6UoVl+fh7tM81qz+Crr/Kroan0UjpZOF +TwxPoK6fdLgMAieKSCRmBGpbJHbQ2xxbdykBBrBbdfzIX4CDepfjE9h/40ldw5jR +n3e392jrS6htk23N9BWWrpBT5QCk0kH3h/6F1Dm6TkyG9CDtt73/anuRkvXbeygI +4wml9bL3rE8CAwEAAaNQME4wHQYDVR0OBBYEFD+Ac7akFxaMhBQAjVfvgGfY8hNK +MB8GA1UdIwQYMBaAFD+Ac7akFxaMhBQAjVfvgGfY8hNKMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAC8L9D67CxIhGo5aGVu63WqRHBNOdo/FAGI7LURD +FeRmG5nRw/VXzJLGJksh4FSkx7aPrxNWF1uFiDZ80EuYQuIv7bDLblK31ZEbdg1R +9LgiZCdYSr464I7yXQY9o6FiNtSKZkQO8EsscJPPy/Zp4uHAnADWACkOUHiCbcKi +UUFu66dX0Wr/v53Gekz487GgVRs8HEeT9MU1reBKRgdENR8PNg4rbQfLc3YQKLWK +7yWnn/RenjDpuCiePj8N8/80tGgrNgK/6fzM3zI18sSywnXLswxqDb/J+jgVxnQ6 +MrsTf1urM8MnfcxG/82oHIwfMh/sXPCZpo+DTLkhQxctJ3M= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/mdx/nl_surfconext/readme.md b/mdx/nl_surfconext/readme.md new file mode 100644 index 00000000..238600c1 --- /dev/null +++ b/mdx/nl_surfconext/readme.md @@ -0,0 +1,8 @@ +# `nl_surfconext` Channel + +The certificate in `engine.surfconext.nl.pem` is new as of 2014-05-05 and applies to metadata retrieved from a new endpoint: + +* +* +* + diff --git a/mdx/nl_surfnet/beans.xml b/mdx/nl_surfnet/beans.xml index 624fc764..eb884ac4 100644 --- a/mdx/nl_surfnet/beans.xml +++ b/mdx/nl_surfnet/beans.xml @@ -35,7 +35,7 @@ - + diff --git a/mdx/no_feide/beans.xml b/mdx/no_feide/beans.xml index 9e83f6aa..82ba1d71 100644 --- a/mdx/no_feide/beans.xml +++ b/mdx/no_feide/beans.xml @@ -65,7 +65,7 @@ - + diff --git a/mdx/nz_tuakiri/beans.xml b/mdx/nz_tuakiri/beans.xml index 3895e862..c00547cc 100644 --- a/mdx/nz_tuakiri/beans.xml +++ b/mdx/nz_tuakiri/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/pl_pionier/beans.xml b/mdx/pl_pionier/beans.xml new file mode 100644 index 00000000..288555bf --- /dev/null +++ b/mdx/pl_pionier/beans.xml @@ -0,0 +1,180 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/pl_pionier/edugain.crt b/mdx/pl_pionier/edugain.crt new file mode 100644 index 00000000..ea6df67d --- /dev/null +++ b/mdx/pl_pionier/edugain.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeYCCQD8G53mJJdiFjANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJQTDEQMA4GA1UE +ChMHUElPTklFUjEgMB4GA1UEAxMXZWR1R0FJTiBNZXRhZGF0YSBTaWduZXIwHhcNMTQwMjE3MTA0 +MzM0WhcNMjIwNTA2MTA0MzM0WjBBMQswCQYDVQQGEwJQTDEQMA4GA1UEChMHUElPTklFUjEgMB4G +A1UEAxMXZWR1R0FJTiBNZXRhZGF0YSBTaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC9L5KsrFnu8iV1Leb4BiR4tNvwgnkM6aCdxWw6mZ477cAMrD27rfNfJAcOso4a0Yq89Sf3 +fpU5Vjz6fzzsxyXQdupKzgMBoPionx8f1JPchx1jEcalrRLVpoElY9uj7j3hOA8uEJ434YhkIds8 +R7CvGwHhWIrKeQHPV3hnoGWtYz1LzYJ/5JxK876NTHsYYHSAW8rz0s8CMEmJm89Dve6fVk42Lzlg +mk18dD3q6DH27ToMxWW4LgekjIOQn9Khxc6aNXSUy6SVGkwyX1sRYBy0qSSFWH6b8JfdOVIuya8Y +U5eRmJWrdT4BHuvtxadzOO+8CVqwvMTMEOItLup+jnRjAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB +ACww9OBdXk/VBNOBNlNCrb9WgoaS0wbUgv0rvuPzIZl9N8ptTdTKnvOLln+rrEbGeJ7VemBjYGLA +xa5KV+cFmxrLVWZLpVSvkxHAa0mOU0dSUsCyWSUPuGm93TH3sUlF1Gru+vdCBNKrkLrmYuEO8KlL +Fr6zInoQtf0pk/luxLC3bolT1K2hGVqqTdl/hjFSYehb+FOa3Z9uy3MDV3IGiU80fX+ctekF5EXx +/V21xtLPuxtcfyg2og+KhwXoZMmZK/vfKZnfqhsrd8JB8lwZ8SF1DhUBOILvOyDPvbIT7ZQjLdUf +NSZIhhUb/n3HthPFjIAAh0ByxPezA/pZQBcUEK8= +-----END CERTIFICATE----- diff --git a/mdx/pl_pionier/pionier.crt b/mdx/pl_pionier/pionier.crt new file mode 100644 index 00000000..1dc965d5 --- /dev/null +++ b/mdx/pl_pionier/pionier.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAdYCCQDi8dyBIDBeLTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJQTDEQMA4GA1UE +ChMHUElPTklFUjEYMBYGA1UEAxMPTWV0YWRhdGEgU2lnbmVyMB4XDTEyMDkxMzA2MzQzN1oXDTE4 +MDMwNjA2MzQzN1owOTELMAkGA1UEBhMCUEwxEDAOBgNVBAoTB1BJT05JRVIxGDAWBgNVBAMTD01l +dGFkYXRhIFNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPalOtbmIuINk1g +R0d7r9A5R3eT1dnYlqm0QXMXAarzn2kTvhj3y7dYXV78VjRDvfFG5Gy55dg+JVF/zUog2Wuj6Nif +jvee3mpIi5bZupHcnbkXfJE/eQsWSpHRhzjrrdI/8OYOuoxfcRtRUHhUlqFkZbH9Xr78I5SLpN6L +s+UcnGAARLQrwKzjW2cS5Nnag2nhok3sVa8Q/bhCxQWuCNpQQrQJ+AOt5q7lFbBuFat7UvGKcFZq +NGs/d0NPHiYt8BSrclUfuDnSERekwPrNJ6EnyVl240ZmNRHpaEDjO+KIGUQ9hR8EA+0k5sQcSkng +wFBuKr9d3giE3XCT6euPTG8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAQ7QUT1v/WsqdYoO9W3eN +tlmm9JoZuZWdW3AmtbkGiuVY+VmFjx9+7J58w/3RnJZiqS30yp7XIX0FDYHD5hqP3SJRegO7cG2G +ihDb6TpWr7r2l2aywvPLlnoDJOTZ7ARjYxDno5i7kt7KP/VrmGX58gXUMnVlYJeXTy1LaPb20r8V +wr8HemVP3yICni6h82NA7OaHqjFghUaeyWihBvVR7f0B+1DvAvpOAAHDAJvxSj2jglJVIoF3PIFt +YX2+t+bZNEQkGc6pxcRwLvNfqLUSnHOEMzUwujYmXkZx1BinJHkB+g6pVjss12/QvU2XorIhcq8I +p0Hc6QwXrYGsb8eI5Q== +-----END CERTIFICATE----- diff --git a/mdx/pl_pionier/verbs.xml b/mdx/pl_pionier/verbs.xml new file mode 100644 index 00000000..acfc7ffe --- /dev/null +++ b/mdx/pl_pionier/verbs.xml @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/MetadataExchange.xsd b/mdx/schema/MetadataExchange.xsd new file mode 100644 index 00000000..53094fb7 --- /dev/null +++ b/mdx/schema/MetadataExchange.xsd @@ -0,0 +1,112 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/incommon-metadata.xsd b/mdx/schema/incommon-metadata.xsd new file mode 100644 index 00000000..f33a8398 --- /dev/null +++ b/mdx/schema/incommon-metadata.xsd @@ -0,0 +1,28 @@ + + + + + + + Document title: Schema for InCommon Federation metadata extensions + Document identifier: Metadata Extension Schema + Location: https://spaces.internet2.edu/x/iIuVAQ + Revision history: + V1.2 (3 May 2013): + Make schema itself schema-valid. + V1.1 (2 May 2013): + Initial version. Added documentation. + V1.0 (2 December 2011): + Initial version. Added contactType attribute. + + + + + + diff --git a/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd b/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd new file mode 100644 index 00000000..6829a00f --- /dev/null +++ b/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd @@ -0,0 +1,195 @@ + + + + + + + + + This type represents an element with arbitrary attributes. + + + + + + + + + + + This type is used for password elements per Section 4.1. + + + + + + + + + + This type is used for elements containing stringified binary data. + + + + + + + + + + This type represents a username token per Section 4.1 + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + A security token key identifier + + + + + + + + + + Typedef to allow a list of usages (as URIs). + + + + + + This global attribute is used to indicate the usage of a referenced or indicated token within the containing context + + + + + This type represents a reference to an external security token. + + + + + + + + This type represents a reference to an embedded security token. + + + + + + + + + + This type is used reference a security token. + + + + + + + + + + + This complexType defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + This complexType defines a container for elements to be specified from any namespace as properties/parameters of a DSIG transformation. + + + + + The use of "any" is to allow extensibility from any namespace. + + + + + + + + This element defines the wsse:UsernameToken element per Section 4.1. + + + + + This element defines the wsse:BinarySecurityToken element per Section 4.2. + + + + + This element defines a security token reference + + + + + This element defines a security token embedded reference + + + + + This element defines a key identifier reference + + + + + This element defines the wsse:SecurityTokenReference per Section 4.3. + + + + + This element defines the wsse:Security SOAP header element per Section 4. + + + + + This element contains properties for transformations from any namespace, including DSIG. + + + + + + + + + + + + + + + + diff --git a/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd b/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd new file mode 100644 index 00000000..f8d74e9c --- /dev/null +++ b/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd @@ -0,0 +1,108 @@ + + + + + + + +This type defines the fault code value for Timestamp message expiration. + + + + + + + + + + +This global attribute supports annotating arbitrary elements with an ID. + + + + + + +Convenience attribute group used to simplify this schema. + + + + + + + + + +This type is for elements whose [children] is a psuedo-dateTime and can have arbitrary attributes. + + + + + + + + + + + +This type is for elements whose [children] is an anyURI and can have arbitrary attributes. + + + + + + + + + + + + +This complex type ties together the timestamp related elements into a composite type. + + + + + + + + + + + + + + +This element allows Timestamps to be applied anywhere element wildcards are present, +including as a SOAP header. + + + + + + + +This element allows an expiration time to be applied anywhere element wildcards are present. + + + + + + +This element allows a creation time to be applied anywhere element wildcards are present. + + + + diff --git a/mdx/schema/saml-metadata-rpi-v1.0.xsd b/mdx/schema/saml-metadata-rpi-v1.0.xsd new file mode 100644 index 00000000..135efa33 --- /dev/null +++ b/mdx/schema/saml-metadata-rpi-v1.0.xsd @@ -0,0 +1,79 @@ + + + + + + + + + Document title: SAML V2.0 Metadata Extensions for Registration and Publication Information Version 1.0 + Document identifier: sstc-saml-metadata-rpi-v1.0.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + 21 March 2011 + Correct minOccurs on elements that were meant to be optional + 17 December 2010 + Change of document title and namespace + 24 November 2010 + Initial Submission + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mdx/schema/saml-schema-assertion-2.0.xsd b/mdx/schema/saml-schema-assertion-2.0.xsd new file mode 100644 index 00000000..2b2f7b80 --- /dev/null +++ b/mdx/schema/saml-schema-assertion-2.0.xsd @@ -0,0 +1,283 @@ + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/saml-schema-metadata-2.0.xsd b/mdx/schema/saml-schema-metadata-2.0.xsd new file mode 100644 index 00000000..b656d4f4 --- /dev/null +++ b/mdx/schema/saml-schema-metadata-2.0.xsd @@ -0,0 +1,337 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/shibboleth-metadata-1.0.xsd b/mdx/schema/shibboleth-metadata-1.0.xsd new file mode 100644 index 00000000..be1441dd --- /dev/null +++ b/mdx/schema/shibboleth-metadata-1.0.xsd @@ -0,0 +1,42 @@ + + + + + + + + + SAML metadata extension used to regulate allowable attribute scopes. + + + + + + + + + + + + + + + Binds keying authorities to the system entity/entities to which the enclosing + metadata element applies. + + + + + + + + + + + + diff --git a/mdx/schema/sstc-metadata-attr.xsd b/mdx/schema/sstc-metadata-attr.xsd new file mode 100644 index 00000000..5a445e21 --- /dev/null +++ b/mdx/schema/sstc-metadata-attr.xsd @@ -0,0 +1,25 @@ + + + + + + Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema + Document identifier: sstc-metadata-attr.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November 2008): + Initial version. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mdx/schema/sstc-request-initiation.xsd b/mdx/schema/sstc-request-initiation.xsd new file mode 100644 index 00000000..10318f15 --- /dev/null +++ b/mdx/schema/sstc-request-initiation.xsd @@ -0,0 +1,23 @@ + + + + Document identifier: sstc-request-initiation + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (March 2010): + Initial version. + + + + + + diff --git a/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd b/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd new file mode 100644 index 00000000..7860d029 --- /dev/null +++ b/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd @@ -0,0 +1,28 @@ + + + + + + + Document title: Schema for SAML V2.0 Holder-of-Key Web Browser SSO Profile + Document identifier: sstc-saml-holder-of-key-browser-sso.xsd + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.2 (2 November 2008): + Renamed attribute from protocol to ProtocolBinding; targetNamespace changed in accordance with new conventions + V1.1 (6 August 2008): + string type changed to anyURI to match original SAML2Meta schema + V1.0 (4 August 2008): + Initial version. + + + + + + diff --git a/mdx/schema/sstc-saml-idp-discovery.xsd b/mdx/schema/sstc-saml-idp-discovery.xsd new file mode 100644 index 00000000..a2c03820 --- /dev/null +++ b/mdx/schema/sstc-saml-idp-discovery.xsd @@ -0,0 +1,22 @@ + + + + Document identifier: sstc-saml-idp-discovery + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (January 2007): + Initial version. + + + + + diff --git a/mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd b/mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd new file mode 100644 index 00000000..c4e0f58b --- /dev/null +++ b/mdx/schema/sstc-saml-metadata-algsupport-v1.0.xsd @@ -0,0 +1,54 @@ + + + + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Profile for Algorithm Support Version 1.0 + Document identifier: sstc-saml-metadata-algsupport.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + V1.0 (June 2010): + Initial version. + (October 2010): + Add processContents="lax" to wildcards. + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/sstc-saml-metadata-ui-v1.0.xsd b/mdx/schema/sstc-saml-metadata-ui-v1.0.xsd new file mode 100644 index 00000000..66a4a8ba --- /dev/null +++ b/mdx/schema/sstc-saml-metadata-ui-v1.0.xsd @@ -0,0 +1,96 @@ + + + + + + + + + Document title: Metadata Extension Schema for SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0 + Document identifier: sstc-saml-metadata-ui-v1.0.xsd + Location: http://docs.oasis-open.org/security/saml/Post2.0/ + Revision history: + 01 November 2010 + Changed filename. + September 2010: + Initial version. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/uk-fed-label.xsd b/mdx/schema/uk-fed-label.xsd new file mode 100644 index 00000000..e35fd06d --- /dev/null +++ b/mdx/schema/uk-fed-label.xsd @@ -0,0 +1,127 @@ + + + + + + This schema describes the UK federation label namespace. + + For additional information, see the Federation Technical Specification. + + This version of the schema follows FTS edition 1.1 of 1-June-2007. + + + + + + + Most elements defined in the UK federation label namespace + are basic labels: empty elements whose presence or absence + is all that is important. + + + + + + + + + A datedLabel is like a basicLabel, but with a single + additional mandatory date attribute. + + + + + + + + + + + + + Indicates an entity whose owner is a member in good standing + of the UK federation. + + + + + + + + Indicates an identity provider entity whose owner has + asserted to the UK federation that the entity provides + user accountability in terms of the definition given + in section 6 of the federation's Rules of Membership. + + + + + + + + Indicates the software used to implement the entity, and + optionally both general and specific indications of the + version of software used. This information is added to + an entity only if it has been received from the deployer + of the entity on the indicated date. + + This information is used in entity fragment files only, + and is not included in the metadata published by the + UK federation. Its principal use is in classifying + entities for statistical purposes. + + + + + + + + + The name of the software used to implement the entity. + Although not described as such in this schema, the name + should be picked from the controlled vocabulary understood + by the federation statistics scripts. + + + + + + + + The general version of the software in use. This should + only be specific enough to identify the broad functionality + of the entity, for example "1.3" vs. "2.0" would be sufficient + for Shibboleth entities. + + + + + + + + The specific version of the software in use, if known. + + + + + + + + + + + + Indicates that the entity has been opted-in to inclusion in + the UK federation export aggregate. + + + + + \ No newline at end of file diff --git a/mdx/schema/ws-addr.xsd b/mdx/schema/ws-addr.xsd new file mode 100644 index 00000000..47362edb --- /dev/null +++ b/mdx/schema/ws-addr.xsd @@ -0,0 +1,137 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/ws-authorization.xsd b/mdx/schema/ws-authorization.xsd new file mode 100644 index 00000000..5b8ae986 --- /dev/null +++ b/mdx/schema/ws-authorization.xsd @@ -0,0 +1,145 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mdx/schema/ws-federation.xsd b/mdx/schema/ws-federation.xsd new file mode 100644 index 00000000..f87059db --- /dev/null +++ b/mdx/schema/ws-federation.xsd @@ -0,0 +1,471 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/ws-securitypolicy-1.2.xsd b/mdx/schema/ws-securitypolicy-1.2.xsd new file mode 100644 index 00000000..0e562726 --- /dev/null +++ b/mdx/schema/ws-securitypolicy-1.2.xsd @@ -0,0 +1,1205 @@ + + + + + + + + + + + 4.1.1 SignedParts Assertion + + + + + + + 4.2.1 EncryptedParts Assertion + + + + + + + + + + + + + + + + + + + + + + + 4.1.2 SignedElements Assertion + + + + + + + 4.2.2 EncryptedElements Assertion + + + + + + + 4.3.1 RequiredElements Assertion + + + + + + + + + + + + + + + + + 5.1 Token Inclusion + + + + + + + + + + + + + + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + + + + + + + + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + 5.4.1 UsernameToken Assertion + + + + + + + + + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + + + + + + + + + + + + + + + + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + 5.4.2 IssuedToken Assertion + + + + + + + + 5.4.3 X509Token Assertion + + + + + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + 5.4.3 X509Token Assertion + + + + + + + + 5.4.4 KerberosToken Assertion + + + + + + + + + + + + 5.4.4 KerberosToken Assertion + + + + + + + 5.4.4 KerberosToken Assertion + + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + + + + + + + + + + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + 5.4.5 SpnegoContextToken Assertion + + + + + + + + 5.4.6 SecurityContextToken Assertion + + + + + + + + + + + 5.4.6 SecurityContextToken Assertion + + + + + + + 5.4.6 SecurityContextToken Assertion + + + + + + + + 5.4.7 SecureConversationToken Assertion + + + + + + + + + + + + + + + + + + + + + + + + + + + + 5.4.7 SecureConversationToken Assertion + + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + 5.4.8 SamlToken Assertion + + + + + + + + 5.4.9 RelToken Assertion + + + + + + + + + + + + 5.4.9 RelToken Assertion + + + + + + + 5.4.9 RelToken Assertion + + + + + + + 5.4.9 RelToken Assertion + + + + + + + 5.4.9 RelToken Assertion + + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + 5.4.10 HttpsToken Assertion + + + + + + + + 5.4.11 KeyValueToken Assertion + + + + + + + + + + + + + + + 5.4.11 KeyValueToken Assertion + + + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + 7.1 AlgorithmSuite Assertion + + + + + + + + 7.2 Layout Assertion + + + + + + + + 7.2 Layout Assertion + + + + + + + 7.2 Layout Assertion + + + + + + + 7.2 Layout Assertion + + + + + + + 7.2 Layout Assertion + + + + + + + + 7.3 TransportBinding Assertion + + + + + + + + 7.3 TransportBinding Assertion + + + + + + + + + + 7.3 TransportBinding Assertion + + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 8=7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + 7.4 SymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + 7.5 AsymmetricBinding Assertion + + + + + + + + + + + + + + + + 8.1 SupportingTokens Assertion + + + + + + + + + + + + + 8.2 SignedSupportingTokens Assertion + + + + + + + + + + + + + 8.3 EndorsingSupportingTokens Assertion + + + + + + + + + + + + + 8.4 SignedEndorsingSupportingTokens Assertion + + + + + + + + + + + + + 8.5 SignedEncryptedSupportingTokens Assertion + + + + + + + + + + + + + 8.6 EncryptedSupportingTokens Assertion + + + + + + + + + + + + + 8.7 EndorsingEncryptedSupportingTokens Assertion + + + + + + + + + + + + + 8.8 SignedEndorsingEncryptedSupportingTokens Assertion + + + + + + + + + + + + + + 9.1 Wss10 Assertion + + + + + + + + 9.1 Wss10 Assertion + + + + + + + 9.1 Wss10 Assertion + + + + + + + 9.1 Wss10 Assertion + + + + + + + 9.1 Wss10 Assertion + + + + + + + + 9.2 Wss11 Assertion + + + + + + + + + + + + 9.2 Wss11 Assertion + + + + + + + 9.2 Wss11 Assertion + + + + + + + 9.2 Wss11 Assertion + + + + + + + + + 10.1 Trust13 Assertion + + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + + + 10.1 Trust13 Assertion + + + + + \ No newline at end of file diff --git a/mdx/schema/xenc-schema-11.xsd b/mdx/schema/xenc-schema-11.xsd new file mode 100644 index 00000000..1abb6437 --- /dev/null +++ b/mdx/schema/xenc-schema-11.xsd @@ -0,0 +1,107 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/xenc-schema.xsd b/mdx/schema/xenc-schema.xsd new file mode 100644 index 00000000..cdfc8333 --- /dev/null +++ b/mdx/schema/xenc-schema.xsd @@ -0,0 +1,171 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/xml.xsd b/mdx/schema/xml.xsd new file mode 100644 index 00000000..38bba34d --- /dev/null +++ b/mdx/schema/xml.xsd @@ -0,0 +1,80 @@ + + + + + + See http://www.w3.org/XML/1998/namespace.html and + http://www.w3.org/TR/REC-xml for information about this namespace. + + + + + This schema defines attributes and an attribute group + suitable for use by + schemas wishing to allow xml:base, xml:lang or xml:space attributes + on elements they define. + + To enable this, such a schema must import this schema + for the XML namespace, e.g. as follows: + <schema . . .> + . . . + <import namespace="http://www.w3.org/XML/1998/namespace" + schemaLocation="http://www.w3.org/2001/03/xml.xsd"/> + + Subsequently, qualified reference to any of the attributes + or the group defined below will have the desired effect, e.g. + + <type . . .> + . . . + <attributeGroup ref="xml:specialAttrs"/> + + will define a type which will schema-validate an instance + element with any of those attributes + + + + In keeping with the XML Schema WG's standard versioning + policy, this schema document will persist at + http://www.w3.org/2001/03/xml.xsd. + At the date of issue it can also be found at + http://www.w3.org/2001/xml.xsd. + The schema document at that URI may however change in the future, + in order to remain compatible with the latest version of XML Schema + itself. In other words, if the XML Schema namespace changes, the version + of this document at + http://www.w3.org/2001/xml.xsd will change + accordingly; the version at + http://www.w3.org/2001/03/xml.xsd will not change. + + + + + + In due course, we should install the relevant ISO 2- and 3-letter + codes as the enumerated possible values . . . + + + + + + + + + + + + + + + See http://www.w3.org/TR/xmlbase/ for + information about this attribute. + + + + + + + + + + diff --git a/mdx/schema/xmldsig-core-schema.xsd b/mdx/schema/xmldsig-core-schema.xsd new file mode 100644 index 00000000..07aad278 --- /dev/null +++ b/mdx/schema/xmldsig-core-schema.xsd @@ -0,0 +1,308 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/xmldsig11-schema.xsd b/mdx/schema/xmldsig11-schema.xsd new file mode 100644 index 00000000..f03643a3 --- /dev/null +++ b/mdx/schema/xmldsig11-schema.xsd @@ -0,0 +1,144 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/se_swamid/beans.xml b/mdx/se_swamid/beans.xml index d8dc8e1c..4a021eca 100644 --- a/mdx/se_swamid/beans.xml +++ b/mdx/se_swamid/beans.xml @@ -57,7 +57,7 @@ - + diff --git a/mdx/se_swamid/verbs.xml b/mdx/se_swamid/verbs.xml index 6a2f634a..e8b8fd78 100644 --- a/mdx/se_swamid/verbs.xml +++ b/mdx/se_swamid/verbs.xml @@ -87,7 +87,7 @@ - diff --git a/mdx/si_arnes/beans.xml b/mdx/si_arnes/beans.xml index e2e3f454..4c1ab547 100644 --- a/mdx/si_arnes/beans.xml +++ b/mdx/si_arnes/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml index 32c7c0f5..bd9cfab4 100644 --- a/mdx/uk/beans.xml +++ b/mdx/uk/beans.xml @@ -71,7 +71,7 @@ - + @@ -179,7 +179,7 @@ This bean contains the contents of the members.xml file as a DOM Document. --> - + @@ -252,19 +252,6 @@ - - - - - - - - - - @@ -322,7 +309,7 @@ This bean contains the contents of the trust roots file as a DOM Document. --> - + @@ -439,7 +426,6 @@ - diff --git a/mdx/uk/check_uk_expkeyname.xsl b/mdx/uk/check_uk_expkeyname.xsl deleted file mode 100644 index ad9258d1..00000000 --- a/mdx/uk/check_uk_expkeyname.xsl +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - - - - - - - exported entity must not have a KeyName - - - - - diff --git a/mdx/uk/fixup_keyuse.xsl b/mdx/uk/fixup_keyuse.xsl index 04afcc7c..126069b6 100644 --- a/mdx/uk/fixup_keyuse.xsl +++ b/mdx/uk/fixup_keyuse.xsl @@ -16,7 +16,7 @@ - - @@ -634,7 +632,7 @@ p:id="uk_finaliseExport"> - + @@ -677,7 +675,6 @@ - diff --git a/mdx/uk/ns_norm_export.xsl b/mdx/uk/ns_norm_export.xsl index 64b3f559..aa2ea419 100644 --- a/mdx/uk/ns_norm_export.xsl +++ b/mdx/uk/ns_norm_export.xsl @@ -93,19 +93,19 @@ + ************************************* + *** *** + *** A L G N A M E S P A C E *** + *** *** + ************************************* + --> + alg:* + + Normalise namespace to not use a prefix. + --> diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index e44b02e4..195941e2 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -139,6 +139,7 @@

  • Shibboleth 1.3 Remnants

  • Entities with mdui:UIInfo support

  • Entities in Export Aggregate

    • +

  • Entities Without SAML 2.0 Support

    • @@ -484,26 +485,6 @@

    - - - -
  • -

    - - () - - - has - - - have - - - legacy "example" OrganizationURL elements. -

    -
    • -     - @@ -570,9 +551,6 @@ - - - @@ -738,9 +716,6 @@ - - - @@ -961,9 +936,6 @@ - - - @@ -985,7 +957,7 @@

    This section is intended to be largely self-explanatory. Any items in [...] brackets give additional information about the entity: - its type, the trust engine, etc. + its type, the software used, etc.

      @@ -1185,24 +1157,64 @@ ) -
        -
      • - - - Supports SAML 2.0 - - - No SAML 2.0 support - - -
        • -
      + +
        +
      • + No SAML 2.0 support +
        • +
      +
    + +

    Entities Without SAML 2.0 Support

    +

    Service Providers Without SAML 2.0 Support

    +

    + This list shows the entity ID, entity owner and display name for all service provider + entities which do not declare support for the SAML 2.0 protocol. It is sorted by + entity owner. The display name is shown in parentheses if it is taken from the + OrganizationDisplayName element, and without parentheses if it is taken from + MDUI metadata. +

    +

    + The software used by the entity, if known, is included at the end of the listing within + brackets [like this]. +

    +
      + + +
    • + + : + + : + + + + + + ( + + ) + + + +
      • +       +
    + +     @@ -1327,15 +1339,6 @@ [IdP] [H] [SP] - - - [DK - +PKIX - ] - - - [PKIX] - @@ -1586,48 +1589,6 @@     - - - - - - - - - - - - - -

    Trust models:

    -
      -
    • -

      - Hybrid (PKIX and direct key): - - () -

      -
      • -
    • -

      - Direct key only: - - () -

      -
      • -
    - -     @@ -1987,41 +1948,8 @@

    KeyDescriptor elements: - ( per entity), - of which:

    -
      -
    • - With embedded keys: - - - - -
      • -
    • - With only embedded keys: - - - - -
      • -
    • - With KeyName: - - - - -
      • -
    - - - - - - - - ( - - ) + ( per entity). +

    \ No newline at end of file diff --git a/mdx/uk_eduserv/beans.xml b/mdx/uk_eduserv/beans.xml index 6820ba16..7d8e7699 100644 --- a/mdx/uk_eduserv/beans.xml +++ b/mdx/uk_eduserv/beans.xml @@ -28,7 +28,7 @@ - + diff --git a/mdx/us_incommon/beans.xml b/mdx/us_incommon/beans.xml index 367b50cf..f81f4ee2 100644 --- a/mdx/us_incommon/beans.xml +++ b/mdx/us_incommon/beans.xml @@ -44,7 +44,7 @@ - +