test and schema
authorleifj <leifj@0878fbc5-a6f2-46f6-b174-cb7b08c221d1>
Tue, 7 Apr 2009 21:36:59 +0000 (21:36 +0000)
committerleifj <leifj@0878fbc5-a6f2-46f6-b174-cb7b08c221d1>
Tue, 7 Apr 2009 21:36:59 +0000 (21:36 +0000)
git-svn-id: svn+ssh://svn.it.su.se/svn/swamid-metadata/trunk@101 0878fbc5-a6f2-46f6-b174-cb7b08c221d1

Makefile
schema/cs-sstc-schema-assertion-1.1.xsd [new file with mode: 0644]
schema/shibboleth-metadata-1.0.xsd [new file with mode: 0644]
schema/shibboleth-trust-1.0.xsd [new file with mode: 0644]
schema/shibboleth.xsd [new file with mode: 0644]
schema/sstc-saml-schema-assertion-2.0.xsd [new file with mode: 0644]
schema/sstc-saml-schema-metadata-2.0.xsd [new file with mode: 0644]
schema/xenc-schema.xsd [new file with mode: 0644]
schema/xml.xsd [new file with mode: 0644]
schema/xmldsig-core-schema.xsd [new file with mode: 0644]

index f7a1f2e..b585465 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -35,8 +35,14 @@ nya-testing:
        @test -s nya-1.0-testing.xml && cp nya-1.0-testing.xml /local/saml-metadata
 
 swamid-testing:
-       saml-md-tool swamid-1.0-testing update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
+       @saml-md-tool swamid-1.0-testing update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
        @test -s swamid-1.0-testing.xml && cp swamid-1.0-testing.xml /local/saml-metadata
 
+test:
+       @xmllint --xinclude --noout --schema schema/sstc-saml-schema-metadata-2.0.xsd swamid-1.0.mxml
+       @xmllint --xinclude --noout --schema schema/sstc-saml-schema-metadata-2.0.xsd nya-1.0.mxml
+       @xmllint --xinclude --noout --schema schema/sstc-saml-schema-metadata-2.0.xsd swamid-1.0-testing.mxml
+       @xmllint --xinclude --noout --schema schema/sstc-saml-schema-metadata-2.0.xsd nya-1.0-testing.mxml
+
 clean:
        @rm -f *.xml
diff --git a/schema/cs-sstc-schema-assertion-1.1.xsd b/schema/cs-sstc-schema-assertion-1.1.xsd
new file mode 100644 (file)
index 0000000..26f9458
--- /dev/null
@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
+       <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+       <annotation>
+               <documentation>
+                Document identifier: sstc-saml-schema-assertion-1.1-draft-02
+                Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+                Revision history:
+                draft-01 (Eve Maler):
+                  Note that V1.1 of this schema has the same namespace as V1.0.
+                  Minor cosmetic updates.
+                  Changed IDType to restrict from xsd:ID.
+                  Changed IDReferenceType to restrict from xsd:IDREF.
+                  Set version attribute on schema element to 1.1.
+                draft-02 (Prateek Mishra, Rob Philpott):
+                  Added DoNotCacheCondition element and DoNotCacheConditionType
+                draft-03 (Scott Cantor)
+                                 Rebased ID content directly on XML Schema types
+                </documentation>
+       </annotation>
+       <simpleType name="DecisionType">
+               <restriction base="string">
+                       <enumeration value="Permit"/>
+                       <enumeration value="Deny"/>
+                       <enumeration value="Indeterminate"/>
+               </restriction>
+       </simpleType>
+       <element name="AssertionIDReference" type="NCName"/>
+       <element name="Assertion" type="saml:AssertionType"/>
+       <complexType name="AssertionType">
+               <sequence>
+                       <element ref="saml:Conditions" minOccurs="0"/>
+                       <element ref="saml:Advice" minOccurs="0"/>
+                       <choice maxOccurs="unbounded">
+                               <element ref="saml:Statement"/>
+                               <element ref="saml:SubjectStatement"/>
+                               <element ref="saml:AuthenticationStatement"/>
+                               <element ref="saml:AuthorizationDecisionStatement"/>
+                               <element ref="saml:AttributeStatement"/>
+                       </choice>
+                       <element ref="ds:Signature" minOccurs="0"/>
+               </sequence>
+               <attribute name="MajorVersion" type="integer" use="required"/>
+               <attribute name="MinorVersion" type="integer" use="required"/>
+               <attribute name="AssertionID" type="ID" use="required"/>
+               <attribute name="Issuer" type="string" use="required"/>
+               <attribute name="IssueInstant" type="dateTime" use="required"/>
+       </complexType>
+       <element name="Conditions" type="saml:ConditionsType"/>
+       <complexType name="ConditionsType">
+               <choice minOccurs="0" maxOccurs="unbounded">
+                       <element ref="saml:AudienceRestrictionCondition"/>
+                       <element ref="saml:DoNotCacheCondition"/>
+                       <element ref="saml:Condition"/>
+               </choice>
+               <attribute name="NotBefore" type="dateTime" use="optional"/>
+               <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+       </complexType>
+       <element name="Condition" type="saml:ConditionAbstractType"/>
+       <complexType name="ConditionAbstractType" abstract="true"/>
+       <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+       <complexType name="AudienceRestrictionConditionType">
+               <complexContent>
+                       <extension base="saml:ConditionAbstractType">
+                               <sequence>
+                                       <element ref="saml:Audience" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Audience" type="anyURI"/>
+       <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType" />
+       <complexType name="DoNotCacheConditionType">
+               <complexContent>
+                       <extension base="saml:ConditionAbstractType"/>
+               </complexContent>
+       </complexType>
+       <element name="Advice" type="saml:AdviceType"/>
+       <complexType name="AdviceType">
+               <choice minOccurs="0" maxOccurs="unbounded">
+                       <element ref="saml:AssertionIDReference"/>
+                       <element ref="saml:Assertion"/>
+                       <any namespace="##other" processContents="lax"/>
+               </choice>
+       </complexType>
+       <element name="Statement" type="saml:StatementAbstractType"/>
+       <complexType name="StatementAbstractType" abstract="true"/>
+       <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+       <complexType name="SubjectStatementAbstractType" abstract="true">
+               <complexContent>
+                       <extension base="saml:StatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:Subject"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Subject" type="saml:SubjectType"/>
+       <complexType name="SubjectType">
+               <choice>
+                       <sequence>
+                               <element ref="saml:NameIdentifier"/>
+                               <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+                       </sequence>
+                       <element ref="saml:SubjectConfirmation"/>
+               </choice>
+       </complexType>
+       <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+       <complexType name="NameIdentifierType">
+               <simpleContent>
+                       <extension base="string">
+                               <attribute name="NameQualifier" type="string" use="optional"/>
+                               <attribute name="Format" type="anyURI" use="optional"/>
+                       </extension>
+               </simpleContent>
+       </complexType>
+       <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+       <complexType name="SubjectConfirmationType">
+               <sequence>
+                       <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+                       <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+                       <element ref="ds:KeyInfo" minOccurs="0"/>
+               </sequence>
+       </complexType>
+       <element name="SubjectConfirmationData" type="anyType"/>
+       <element name="ConfirmationMethod" type="anyURI"/>
+       <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+       <complexType name="AuthenticationStatementType">
+               <complexContent>
+                       <extension base="saml:SubjectStatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:SubjectLocality" minOccurs="0"/>
+                                       <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+                               </sequence>
+                               <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+                               <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+       <complexType name="SubjectLocalityType">
+               <attribute name="IPAddress" type="string" use="optional"/>
+               <attribute name="DNSAddress" type="string" use="optional"/>
+       </complexType>
+       <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+       <complexType name="AuthorityBindingType">
+               <attribute name="AuthorityKind" type="QName" use="required"/>
+               <attribute name="Location" type="anyURI" use="required"/>
+               <attribute name="Binding" type="anyURI" use="required"/>
+       </complexType>
+       <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+       <complexType name="AuthorizationDecisionStatementType">
+               <complexContent>
+                       <extension base="saml:SubjectStatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:Action" maxOccurs="unbounded"/>
+                                       <element ref="saml:Evidence" minOccurs="0"/>
+                               </sequence>
+                               <attribute name="Resource" type="anyURI" use="required"/>
+                               <attribute name="Decision" type="saml:DecisionType" use="required"/>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="Action" type="saml:ActionType"/>
+       <complexType name="ActionType">
+               <simpleContent>
+                       <extension base="string">
+                               <attribute name="Namespace" type="anyURI"/>
+                       </extension>
+               </simpleContent>
+       </complexType>
+       <element name="Evidence" type="saml:EvidenceType"/>
+       <complexType name="EvidenceType">
+               <choice maxOccurs="unbounded">
+                       <element ref="saml:AssertionIDReference"/>
+                       <element ref="saml:Assertion"/>
+               </choice>
+       </complexType>
+       <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+       <complexType name="AttributeStatementType">
+               <complexContent>
+                       <extension base="saml:SubjectStatementAbstractType">
+                               <sequence>
+                                       <element ref="saml:Attribute" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+       <complexType name="AttributeDesignatorType">
+               <attribute name="AttributeName" type="string" use="required"/>
+               <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+       </complexType>
+       <element name="Attribute" type="saml:AttributeType"/>
+       <complexType name="AttributeType">
+               <complexContent>
+                       <extension base="saml:AttributeDesignatorType">
+                               <sequence>
+                                       <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+                               </sequence>
+                       </extension>
+               </complexContent>
+       </complexType>
+       <element name="AttributeValue" type="anyType"/>
+</schema>
diff --git a/schema/shibboleth-metadata-1.0.xsd b/schema/shibboleth-metadata-1.0.xsd
new file mode 100644 (file)
index 0000000..be1441d
--- /dev/null
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema targetNamespace="urn:mace:shibboleth:metadata:1.0"
+       xmlns="http://www.w3.org/2001/XMLSchema"
+       xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+       elementFormDefault="unqualified"
+       attributeFormDefault="unqualified"
+       version="1.0">
+
+       <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+
+       <element name="Scope">
+               <annotation>
+                       <documentation>
+                       SAML metadata extension used to regulate allowable attribute scopes.
+                       </documentation>
+               </annotation>
+               <complexType>
+                       <simpleContent>
+                               <extension base="string">
+                                       <attribute name="regexp" type="boolean" use="optional" default="false"/>
+                               </extension>
+                       </simpleContent>
+               </complexType>
+       </element>
+
+       <element name="KeyAuthority">
+               <annotation>
+                       <documentation>
+                       Binds keying authorities to the system entity/entities to which the enclosing
+                       metadata element applies.
+                       </documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
+                       </sequence>
+                       <attribute name="VerifyDepth" type="unsignedByte" use="optional" default="1"/>
+                       <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+
+</schema>
diff --git a/schema/shibboleth-trust-1.0.xsd b/schema/shibboleth-trust-1.0.xsd
new file mode 100644 (file)
index 0000000..0e603a5
--- /dev/null
@@ -0,0 +1,60 @@
+<schema targetNamespace="urn:mace:shibboleth:trust:1.0"
+       xmlns="http://www.w3.org/2001/XMLSchema"
+       xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+       xmlns:trust="urn:mace:shibboleth:trust:1.0"
+       elementFormDefault="unqualified"
+       attributeFormDefault="unqualified"
+       version="1.0">
+       
+    <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+
+       <annotation>
+               <documentation>
+               Trust metadata binds keys or authority lists to system entities.
+               The metadata consumer is responsible for associating the names of system entities
+               to the application context in an appropriate way.
+               </documentation>
+       </annotation>
+    
+       <element name="Trust">
+               <annotation>
+                       <documentation>
+                       An optionally signed collection of trust binding elements.
+                       ds:KeyInfo is by definition a binding of a key to a specific entity,
+                       which may be specified in various ways such as KeyName or X509SubjectName.
+                       </documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <choice maxOccurs="unbounded">
+                                       <element ref="ds:KeyInfo"/>
+                                       <element ref="trust:KeyAuthority"/>
+                               </choice>
+                               <element ref="ds:Signature" minOccurs="0"/>
+                       </sequence>
+               <attribute name="lastChanged" type="dateTime" use="optional"/>
+               <attribute name="validUntil" type="dateTime" use="optional"/>
+               <attribute name="cacheDuration" type="duration" use="optional"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+               </complexType>
+       </element>
+
+       <element name="KeyAuthority" type="trust:KeyAuthorityType"/>
+       <complexType name="KeyAuthorityType">
+               <annotation>
+                       <documentation>
+                       Binds keying authorities to one or more named system entities.
+                       Omitting ds:KeyName will apply the authorities to all transactions, unless
+                       another specific match applies. This is risky, so use wisely, in conjunction
+                       with constraints on acceptable messages using other forms of metadata or policy.
+                       </documentation>
+               </annotation>
+               <sequence>
+                       <element ref="ds:KeyName" minOccurs="0" maxOccurs="unbounded"/>
+                       <element ref="ds:KeyInfo"/>
+               </sequence>
+               <attribute name="VerifyDepth" type="unsignedByte" use="optional"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+       </complexType>
+       
+</schema>
diff --git a/schema/shibboleth.xsd b/schema/shibboleth.xsd
new file mode 100644 (file)
index 0000000..392fed4
--- /dev/null
@@ -0,0 +1,296 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema targetNamespace="urn:mace:shibboleth:1.0"
+       xmlns="http://www.w3.org/2001/XMLSchema"
+       xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+       xmlns:xml="http://www.w3.org/XML/1998/namespace"
+       xmlns:shib="urn:mace:shibboleth:1.0"
+       xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+       elementFormDefault="qualified"
+       attributeFormDefault="unqualified"
+       version="1.2">
+
+    <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+    <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
+    <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
+    
+    <!-- Status-Related Information -->
+    
+    <!--
+    The following SAML sub-status codes are defined in this namespace:
+    
+        "InvalidHandle"
+            Used with samlp:Requester, signals AA did not recognize handle as valid
+    -->
+
+    <!--
+    Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents
+    anyAttribute content appearing on anyType. It works in 2.2 but not in later versions.
+    -->
+
+       <complexType name="AttributeValueType" mixed="true">
+               <annotation>
+                       <documentation xml:lang="en">
+                       By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type.
+                       </documentation>
+               </annotation>
+               <complexContent>
+                       <extension base="anyType"/>
+               </complexContent>
+       </complexType>
+    
+    <!-- Attribute Acceptance Policies -->
+       
+    <simpleType name="AttributeRuleValueType">
+        <restriction base="string">
+            <enumeration value="literal"/>
+            <enumeration value="regexp"/>
+            <enumeration value="xpath"/>
+        </restriction>
+    </simpleType>
+    
+    <complexType name="SiteRuleType">
+       <sequence>
+               <element name="Scope" minOccurs="0" maxOccurs="unbounded">
+                       <complexType>
+                    <simpleContent>
+                        <extension base="string">
+                               <attribute name="Accept" type="boolean" use="optional" default="true"/>
+                            <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
+                            <anyAttribute namespace="##other" processContents="lax"/>
+                        </extension>
+                    </simpleContent>
+                       </complexType>
+               </element>
+               <choice minOccurs="0">
+                       <element name="AnyValue">
+                               <complexType>
+                                       <sequence/>
+                                       <anyAttribute namespace="##other" processContents="lax"/>
+                               </complexType>
+                       </element>
+                   <element name="Value" maxOccurs="unbounded">
+                       <complexType>
+                           <simpleContent>
+                               <extension base="string">
+                                   <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
+                                   <anyAttribute namespace="##other" processContents="lax"/>
+                               </extension>
+                           </simpleContent>
+                       </complexType>
+                   </element>
+               </choice>
+       </sequence>
+    </complexType>
+
+    <element name="AnySite" type="shib:SiteRuleType"/>
+    <element name="SiteRule">
+        <complexType>
+            <complexContent>
+                <extension base="shib:SiteRuleType">
+                    <attribute name="Name" type="string" use="required"/>
+                    <anyAttribute namespace="##other" processContents="lax"/>
+                </extension>
+            </complexContent>
+        </complexType>
+    </element>
+
+    <complexType name="AttributeRuleType">
+        <sequence>
+            <element ref="shib:AnySite" minOccurs="0"/>
+            <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="Namespace" type="string" use="optional"/>
+        <attribute name="Factory" type="string" use="optional"/>
+        <attribute name="Alias" type="string" use="optional"/>
+               <attribute name="Header" type="string" use="optional"/>
+               <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+
+    <element name="AttributeRule" type="shib:AttributeRuleType">
+        <key name="SiteRuleKey">
+            <selector xpath="./shib:SiteRule"/>
+            <field xpath="@Name"/>
+        </key>
+    </element>
+
+    <element name="AttributeAcceptancePolicy">
+        <complexType>
+            <sequence>
+                <element name="AnyAttribute" minOccurs="0">
+                    <complexType>
+                       <sequence/>
+                    </complexType>
+                </element>
+                <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
+            </sequence>
+            <anyAttribute namespace="##other" processContents="lax"/>
+        </complexType>
+    </element>
+
+
+    <!-- Shibboleth Metadata -->
+    
+    <complexType name="SiteType">
+        <annotation>
+               <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
+        </annotation>
+        <sequence>
+            <element name="Alias" minOccurs="0" maxOccurs="unbounded">
+                <complexType>
+                    <simpleContent>
+                        <extension base="string">
+                            <attribute ref="xml:lang"/>
+                        </extension>
+                    </simpleContent>
+                </complexType>
+            </element>
+            <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="ErrorURL" type="anyURI" use="optional"/>
+        <anyAttribute namespace="##any" processContents="lax"/>
+    </complexType>
+
+       <simpleType name="ContactTypeType">
+               <restriction base="string">
+            <enumeration value="technical"/>
+            <enumeration value="support"/>
+            <enumeration value="administrative"/>
+            <enumeration value="billing"/>
+            <enumeration value="other"/>
+        </restriction>
+    </simpleType>
+
+       <complexType name="ContactType">
+               <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
+               <sequence/>
+        <attribute name="Type" type="shib:ContactTypeType" use="required"/>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="Email" type="string" use="optional"/>
+       </complexType>
+
+    <complexType name="regexp_string">
+        <annotation>
+               <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
+        </annotation>
+        <simpleContent>
+            <extension base="string">
+                <attribute name="regexp" type="boolean" use="optional" default="false"/>
+            </extension>
+        </simpleContent>
+    </complexType>    
+
+       <complexType name="AuthorityType">
+               <annotation>
+                       <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
+               </annotation>
+        <sequence/>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="Location" type="anyURI" use="required"/>
+        <anyAttribute namespace="##any" processContents="lax"/>
+       </complexType>
+
+    <complexType name="OriginSiteType">
+        <annotation>
+               <documentation xml:lang="en">
+               Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping.
+               </documentation>
+        </annotation>
+        <complexContent>
+               <extension base="shib:SiteType">
+                   <sequence>
+                       <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
+                       <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
+                       <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
+                   </sequence>
+               </extension>
+        </complexContent>
+    </complexType>
+
+    <complexType name="DestinationSiteType">
+        <annotation>
+               <documentation xml:lang="en">
+               Destination sites add at least one attribute requester (with a name).
+               </documentation>
+        </annotation>
+        <complexContent>
+               <extension base="shib:SiteType">
+                   <sequence>
+                       <element name="AssertionConsumerServiceURL" maxOccurs="unbounded">
+                               <complexType>
+                                       <sequence/>
+                                       <attribute name="Location" type="string" use="required"/>
+                                               <attribute name="Id" type="string" use="optional"/>
+                                               <anyAttribute namespace="##any" processContents="lax"/>
+                               </complexType>
+                       </element>
+                       <element name="AttributeRequester" maxOccurs="unbounded">
+                               <complexType>
+                                       <sequence/>
+                                       <attribute name="Name" type="string" use="required"/>
+                                               <anyAttribute namespace="##any" processContents="lax"/>
+                               </complexType>
+                       </element>
+                   </sequence>
+               </extension>
+        </complexContent>
+    </complexType>
+
+    <complexType name="SiteGroupType">
+        <annotation>
+               <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
+        </annotation>
+        <sequence>
+            <choice maxOccurs="unbounded">
+                <element ref="shib:OriginSite"/>
+                <element ref="shib:DestinationSite"/>
+                <element ref="shib:SiteGroup"/>
+            </choice>
+            <element ref="ds:Signature" minOccurs="0"/>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="lastChanged" type="dateTime" use="optional"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <anyAttribute namespace="##any" processContents="lax"/>
+    </complexType>    
+
+    <element name="OriginSite" type="shib:OriginSiteType"/>
+    <element name="DestinationSite" type="shib:DestinationSiteType"/>
+    <element name="SiteGroup" type="shib:SiteGroupType"/>
+
+
+       <!-- Old (pre 1.2) Trust Metadata -->
+
+       <complexType name="KeyAuthorityType">
+               <annotation>
+                       <documentation xml:lang="en">
+                       Binds a set of keying material to one or more named system entities.
+                       </documentation>
+               </annotation>
+               <sequence>
+                       <element ref="ds:KeyInfo"/>
+                       <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
+               </sequence>
+               <anyAttribute namespace="##any" processContents="lax"/>
+       </complexType>
+       <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
+
+       <element name="Trust">
+               <annotation>
+                       <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
+               </annotation>
+               <complexType>
+                       <sequence>
+                               <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
+                               <element ref="ds:Signature" minOccurs="0"/>
+                       </sequence>
+               <attribute name="lastChanged" type="dateTime" use="optional"/>
+               <attribute name="validUntil" type="dateTime" use="optional"/>
+               <attribute name="cacheDuration" type="duration" use="optional"/>
+               <anyAttribute namespace="##any" processContents="lax"/>
+               </complexType>
+       </element>
+
+</schema>
diff --git a/schema/sstc-saml-schema-assertion-2.0.xsd b/schema/sstc-saml-schema-assertion-2.0.xsd
new file mode 100644 (file)
index 0000000..3823307
--- /dev/null
@@ -0,0 +1,283 @@
+<?xml version="1.0" encoding="US-ASCII"?>\r
+<schema\r
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
+    xmlns="http://www.w3.org/2001/XMLSchema"\r
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"\r
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"\r
+    elementFormDefault="unqualified"\r
+    attributeFormDefault="unqualified"\r
+    blockDefault="substitution"\r
+    version="2.0">\r
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"\r
+        schemaLocation="xmldsig-core-schema.xsd"/>\r
+    <import namespace="http://www.w3.org/2001/04/xmlenc#"\r
+        schemaLocation="xenc-schema.xsd"/>\r
+    <annotation>\r
+        <documentation>\r
+            Document identifier: sstc-saml-schema-assertion-2.0\r
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
+            Revision history:\r
+            V1.0 (November, 2002):\r
+              Initial Standard Schema.\r
+            V1.1 (September, 2003):\r
+              Updates within the same V1.0 namespace.\r
+            V2.0 CD-04 (January, 2005):\r
+              New assertion schema for SAML V2.0 namespace.\r
+        </documentation>\r
+    </annotation>\r
+    <attributeGroup name="IDNameQualifiers">\r
+        <attribute name="NameQualifier" type="string" use="optional"/>\r
+        <attribute name="SPNameQualifier" type="string" use="optional"/>\r
+    </attributeGroup>\r
+    <element name="BaseID" type="saml:BaseIDAbstractType"/>\r
+    <complexType name="BaseIDAbstractType" abstract="true">\r
+        <attributeGroup ref="saml:IDNameQualifiers"/>\r
+    </complexType>\r
+    <element name="NameID" type="saml:NameIDType"/>\r
+    <complexType name="NameIDType">\r
+        <simpleContent>\r
+            <extension base="string">\r
+                <attributeGroup ref="saml:IDNameQualifiers"/>\r
+                <attribute name="Format" type="anyURI" use="optional"/>\r
+                <attribute name="SPProvidedID" type="string" use="optional"/>\r
+            </extension>\r
+        </simpleContent>\r
+    </complexType>\r
+    <complexType name="EncryptedElementType">\r
+        <sequence>\r
+            <element ref="xenc:EncryptedData"/>\r
+            <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>\r
+        </sequence>\r
+    </complexType>\r
+    <element name="EncryptedID" type="saml:EncryptedElementType"/>\r
+    <element name="Issuer" type="saml:NameIDType"/>\r
+    <element name="AssertionIDRef" type="NCName"/>\r
+    <element name="AssertionURIRef" type="anyURI"/>\r
+    <element name="Assertion" type="saml:AssertionType"/>\r
+    <complexType name="AssertionType">\r
+        <sequence>\r
+            <element ref="saml:Issuer"/>\r
+            <element ref="ds:Signature" minOccurs="0"/>\r
+            <element ref="saml:Subject" minOccurs="0"/>\r
+            <element ref="saml:Conditions" minOccurs="0"/>\r
+            <element ref="saml:Advice" minOccurs="0"/>\r
+            <choice minOccurs="0" maxOccurs="unbounded">\r
+                <element ref="saml:Statement"/>\r
+                <element ref="saml:AuthnStatement"/>\r
+                <element ref="saml:AuthzDecisionStatement"/>\r
+                <element ref="saml:AttributeStatement"/>\r
+            </choice>\r
+        </sequence>\r
+        <attribute name="Version" type="string" use="required"/>\r
+        <attribute name="ID" type="ID" use="required"/>\r
+        <attribute name="IssueInstant" type="dateTime" use="required"/>\r
+    </complexType>\r
+    <element name="Subject" type="saml:SubjectType"/>\r
+    <complexType name="SubjectType">\r
+        <choice>\r
+            <sequence>\r
+                <choice>\r
+                    <element ref="saml:BaseID"/>\r
+                    <element ref="saml:NameID"/>\r
+                    <element ref="saml:EncryptedID"/>\r
+                </choice>\r
+                <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>\r
+            </sequence>\r
+            <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>\r
+        </choice>\r
+    </complexType>\r
+    <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>\r
+    <complexType name="SubjectConfirmationType">\r
+        <sequence>\r
+            <choice minOccurs="0">\r
+                <element ref="saml:BaseID"/>\r
+                <element ref="saml:NameID"/>\r
+                <element ref="saml:EncryptedID"/>\r
+            </choice>\r
+            <element ref="saml:SubjectConfirmationData" minOccurs="0"/>\r
+        </sequence>\r
+        <attribute name="Method" type="anyURI" use="required"/>\r
+    </complexType>\r
+    <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>\r
+    <complexType name="SubjectConfirmationDataType" mixed="true">\r
+        <complexContent>\r
+            <restriction base="anyType">\r
+                <sequence>\r
+                    <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
+                </sequence>\r
+                <attribute name="NotBefore" type="dateTime" use="optional"/>\r
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
+                <attribute name="Recipient" type="anyURI" use="optional"/>\r
+                <attribute name="InResponseTo" type="NCName" use="optional"/>\r
+                <attribute name="Address" type="string" use="optional"/>\r
+                <anyAttribute namespace="##other" processContents="lax"/>\r
+            </restriction>\r
+        </complexContent>\r
+    </complexType>\r
+    <complexType name="KeyInfoConfirmationDataType" mixed="false">\r
+        <complexContent>\r
+            <restriction base="saml:SubjectConfirmationDataType">\r
+                <sequence>\r
+                    <element ref="ds:KeyInfo" maxOccurs="unbounded"/>\r
+                </sequence>\r
+            </restriction>\r
+        </complexContent>\r
+    </complexType>\r
+    <element name="Conditions" type="saml:ConditionsType"/>\r
+    <complexType name="ConditionsType">\r
+        <choice minOccurs="0" maxOccurs="unbounded">\r
+            <element ref="saml:Condition"/>\r
+            <element ref="saml:AudienceRestriction"/>\r
+            <element ref="saml:OneTimeUse"/>\r
+            <element ref="saml:ProxyRestriction"/>\r
+        </choice>\r
+        <attribute name="NotBefore" type="dateTime" use="optional"/>\r
+        <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
+    </complexType>\r
+    <element name="Condition" type="saml:ConditionAbstractType"/>\r
+    <complexType name="ConditionAbstractType" abstract="true"/>\r
+    <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>\r
+    <complexType name="AudienceRestrictionType">\r
+        <complexContent>\r
+            <extension base="saml:ConditionAbstractType">\r
+                <sequence>\r
+                    <element ref="saml:Audience" maxOccurs="unbounded"/>\r
+                </sequence>\r
+            </extension>\r
+        </complexContent>\r
+    </complexType>\r
+    <element name="Audience" type="anyURI"/>\r
+    <element name="OneTimeUse" type="saml:OneTimeUseType" />\r
+    <complexType name="OneTimeUseType">\r
+        <complexContent>\r
+            <extension base="saml:ConditionAbstractType"/>\r
+        </complexContent>\r
+    </complexType>\r
+    <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>\r
+    <complexType name="ProxyRestrictionType">\r
+    <complexContent>\r
+        <extension base="saml:ConditionAbstractType">\r
+            <sequence>\r
+                <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>\r
+            </sequence>\r
+            <attribute name="Count" type="nonNegativeInteger" use="optional"/>\r
+        </extension>\r
+       </complexContent>\r
+    </complexType>\r
+    <element name="Advice" type="saml:AdviceType"/>\r
+    <complexType name="AdviceType">\r
+        <choice minOccurs="0" maxOccurs="unbounded">\r
+            <element ref="saml:AssertionIDRef"/>\r
+            <element ref="saml:AssertionURIRef"/>\r
+            <element ref="saml:Assertion"/>\r
+            <element ref="saml:EncryptedAssertion"/>\r
+            <any namespace="##other" processContents="lax"/>\r
+        </choice>\r
+    </complexType>\r
+    <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>\r
+    <element name="Statement" type="saml:StatementAbstractType"/>\r
+    <complexType name="StatementAbstractType" abstract="true"/>\r
+    <element name="AuthnStatement" type="saml:AuthnStatementType"/>\r
+    <complexType name="AuthnStatementType">\r
+        <complexContent>\r
+            <extension base="saml:StatementAbstractType">\r
+                <sequence>\r
+                    <element ref="saml:SubjectLocality" minOccurs="0"/>\r
+                    <element ref="saml:AuthnContext"/>\r
+                </sequence>\r
+                <attribute name="AuthnInstant" type="dateTime" use="required"/>\r
+                <attribute name="SessionIndex" type="string" use="optional"/>\r
+                <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>\r
+            </extension>\r
+        </complexContent>\r
+    </complexType>\r
+    <element name="SubjectLocality" type="saml:SubjectLocalityType"/>\r
+    <complexType name="SubjectLocalityType">\r
+        <attribute name="Address" type="string" use="optional"/>\r
+        <attribute name="DNSName" type="string" use="optional"/>\r
+    </complexType>\r
+    <element name="AuthnContext" type="saml:AuthnContextType"/>\r
+    <complexType name="AuthnContextType">\r
+        <sequence>\r
+            <choice>\r
+                <sequence>\r
+                    <element ref="saml:AuthnContextClassRef"/>\r
+                    <choice minOccurs="0">\r
+                        <element ref="saml:AuthnContextDecl"/>\r
+                        <element ref="saml:AuthnContextDeclRef"/>\r
+                    </choice>\r
+                </sequence>\r
+                <choice>\r
+                    <element ref="saml:AuthnContextDecl"/>\r
+                    <element ref="saml:AuthnContextDeclRef"/>\r
+                </choice>\r
+            </choice>\r
+            <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>\r
+        </sequence>\r
+    </complexType>\r
+    <element name="AuthnContextClassRef" type="anyURI"/>\r
+    <element name="AuthnContextDeclRef" type="anyURI"/>\r
+    <element name="AuthnContextDecl" type="anyType"/>\r
+    <element name="AuthenticatingAuthority" type="anyURI"/>\r
+    <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>\r
+    <complexType name="AuthzDecisionStatementType">\r
+        <complexContent>\r
+            <extension base="saml:StatementAbstractType">\r
+                <sequence>\r
+                    <element ref="saml:Action" maxOccurs="unbounded"/>\r
+                    <element ref="saml:Evidence" minOccurs="0"/>\r
+                </sequence>\r
+                <attribute name="Resource" type="anyURI" use="required"/>\r
+                <attribute name="Decision" type="saml:DecisionType" use="required"/>\r
+            </extension>\r
+        </complexContent>\r
+    </complexType>\r
+    <simpleType name="DecisionType">\r
+        <restriction base="string">\r
+            <enumeration value="Permit"/>\r
+            <enumeration value="Deny"/>\r
+            <enumeration value="Indeterminate"/>\r
+        </restriction>\r
+    </simpleType>\r
+    <element name="Action" type="saml:ActionType"/>\r
+    <complexType name="ActionType">\r
+        <simpleContent>\r
+            <extension base="string">\r
+                <attribute name="Namespace" type="anyURI" use="required"/>\r
+            </extension>\r
+        </simpleContent>\r
+    </complexType>\r
+    <element name="Evidence" type="saml:EvidenceType"/>\r
+    <complexType name="EvidenceType">\r
+        <choice maxOccurs="unbounded">\r
+            <element ref="saml:AssertionIDRef"/>\r
+            <element ref="saml:AssertionURIRef"/>\r
+            <element ref="saml:Assertion"/>\r
+            <element ref="saml:EncryptedAssertion"/>\r
+        </choice>\r
+    </complexType>\r
+    <element name="AttributeStatement" type="saml:AttributeStatementType"/>\r
+    <complexType name="AttributeStatementType">\r
+        <complexContent>\r
+            <extension base="saml:StatementAbstractType">\r
+                <choice maxOccurs="unbounded">\r
+                    <element ref="saml:Attribute"/>\r
+                    <element ref="saml:EncryptedAttribute"/>\r
+                </choice>\r
+            </extension>\r
+        </complexContent>\r
+    </complexType>\r
+    <element name="Attribute" type="saml:AttributeType"/>\r
+    <complexType name="AttributeType">\r
+        <sequence>\r
+            <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>\r
+        </sequence>\r
+        <attribute name="Name" type="string" use="required"/>\r
+        <attribute name="NameFormat" type="anyURI" use="optional"/>\r
+        <attribute name="FriendlyName" type="string" use="optional"/>\r
+        <anyAttribute namespace="##other" processContents="lax"/>\r
+    </complexType>\r
+    <element name="AttributeValue" type="anyType" nillable="true"/>\r
+    <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>\r
+</schema>\r
diff --git a/schema/sstc-saml-schema-metadata-2.0.xsd b/schema/sstc-saml-schema-metadata-2.0.xsd
new file mode 100644 (file)
index 0000000..1b0d704
--- /dev/null
@@ -0,0 +1,337 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"
+        schemaLocation="xmldsig-core-schema.xsd"/>
+    <import namespace="http://www.w3.org/2001/04/xmlenc#"
+        schemaLocation="xenc-schema.xsd"/>
+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+        schemaLocation="sstc-saml-schema-assertion-2.0.xsd"/>
+    <import namespace="http://www.w3.org/XML/1998/namespace"
+        schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+    <annotation>
+        <documentation>
+            Document identifier: sstc-saml-schema-metadata-2.0
+            Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+            Revision history:
+              V2.0 CD-04 (January, 2005):
+                Schema for SAML metadata, first published in SAML 2.0.
+        </documentation>
+    </annotation>
+
+    <simpleType name="entityIDType">
+        <restriction base="anyURI">
+            <maxLength value="1024"/>
+        </restriction>
+    </simpleType>
+    <complexType name="localizedNameType">
+        <simpleContent>
+            <extension base="string">
+                <attribute ref="xml:lang" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    <complexType name="localizedURIType">
+        <simpleContent>
+            <extension base="anyURI">
+                <attribute ref="xml:lang" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    
+    <element name="Extensions" type="md:ExtensionsType"/>
+    <complexType final="#all" name="ExtensionsType">
+        <sequence>
+            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    
+    <complexType name="EndpointType">
+        <sequence>
+            <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Binding" type="anyURI" use="required"/>
+        <attribute name="Location" type="anyURI" use="required"/>
+        <attribute name="ResponseLocation" type="anyURI" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    
+    <complexType name="IndexedEndpointType">
+        <complexContent>
+            <extension base="md:EndpointType">
+                <attribute name="index" type="unsignedShort" use="required"/>
+                <attribute name="isDefault" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    
+    <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
+    <complexType name="EntitiesDescriptorType">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <choice minOccurs="1" maxOccurs="unbounded">
+                <element ref="md:EntityDescriptor"/>
+                <element ref="md:EntitiesDescriptor"/>
+            </choice>
+        </sequence>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="ID" type="ID" use="optional"/>
+        <attribute name="Name" type="string" use="optional"/>
+    </complexType>
+
+    <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
+    <complexType name="EntityDescriptorType">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <choice>
+                <choice maxOccurs="unbounded">
+                    <element ref="md:RoleDescriptor"/>
+                    <element ref="md:IDPSSODescriptor"/>
+                    <element ref="md:SPSSODescriptor"/>
+                    <element ref="md:AuthnAuthorityDescriptor"/>
+                    <element ref="md:AttributeAuthorityDescriptor"/>
+                    <element ref="md:PDPDescriptor"/>
+                </choice>
+                <element ref="md:AffiliationDescriptor"/>
+            </choice>
+            <element ref="md:Organization" minOccurs="0"/>
+            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="entityID" type="md:entityIDType" use="required"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="ID" type="ID" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    
+    <element name="Organization" type="md:OrganizationType"/>
+    <complexType name="OrganizationType">
+        <sequence>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:OrganizationName" maxOccurs="unbounded"/>
+            <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
+            <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
+        </sequence>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="OrganizationName" type="md:localizedNameType"/>
+    <element name="OrganizationDisplayName" type="md:localizedNameType"/>
+    <element name="OrganizationURL" type="md:localizedURIType"/>
+    <element name="ContactPerson" type="md:ContactType"/>
+    <complexType name="ContactType">
+        <sequence>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:Company" minOccurs="0"/>
+            <element ref="md:GivenName" minOccurs="0"/>
+            <element ref="md:SurName" minOccurs="0"/>
+            <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="contactType" type="md:ContactTypeType" use="required"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="Company" type="string"/>
+    <element name="GivenName" type="string"/>
+    <element name="SurName" type="string"/>
+    <element name="EmailAddress" type="anyURI"/>
+    <element name="TelephoneNumber" type="string"/>
+    <simpleType name="ContactTypeType">
+        <restriction base="string">
+            <enumeration value="technical"/>
+            <enumeration value="support"/>
+            <enumeration value="administrative"/>
+            <enumeration value="billing"/>
+            <enumeration value="other"/>
+        </restriction>
+    </simpleType>
+
+    <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
+    <complexType name="AdditionalMetadataLocationType">
+        <simpleContent>
+            <extension base="anyURI">
+                <attribute name="namespace" type="anyURI" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+
+    <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
+    <complexType name="RoleDescriptorType" abstract="true">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:Organization" minOccurs="0"/>
+            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="ID" type="ID" use="optional"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
+        <attribute name="errorURL" type="anyURI" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <simpleType name="anyURIListType">
+        <list itemType="anyURI"/>
+    </simpleType>
+
+    <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
+    <complexType name="KeyDescriptorType">
+        <sequence>
+            <element ref="ds:KeyInfo"/>
+            <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="use" type="md:KeyTypes" use="optional"/>
+    </complexType>
+    <simpleType name="KeyTypes">
+        <restriction base="string">
+            <enumeration value="encryption"/>
+            <enumeration value="signing"/>
+        </restriction>
+    </simpleType>
+    <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
+    
+    <complexType name="SSODescriptorType" abstract="true">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
+    <element name="SingleLogoutService" type="md:EndpointType"/>
+    <element name="ManageNameIDService" type="md:EndpointType"/>
+    <element name="NameIDFormat" type="anyURI"/>
+
+    <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
+    <complexType name="IDPSSODescriptorType">
+        <complexContent>
+            <extension base="md:SSODescriptorType">
+                <sequence>
+                    <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="SingleSignOnService" type="md:EndpointType"/>
+    <element name="NameIDMappingService" type="md:EndpointType"/>
+    <element name="AssertionIDRequestService" type="md:EndpointType"/>
+    <element name="AttributeProfile" type="anyURI"/>
+    
+    <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
+    <complexType name="SPSSODescriptorType">
+        <complexContent>
+            <extension base="md:SSODescriptorType">
+                <sequence>
+                    <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
+                    <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
+                <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
+    <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
+    <complexType name="AttributeConsumingServiceType">
+        <sequence>
+            <element ref="md:ServiceName" maxOccurs="unbounded"/>
+            <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
+            <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="index" type="unsignedShort" use="required"/>
+        <attribute name="isDefault" type="boolean" use="optional"/>
+    </complexType>
+    <element name="ServiceName" type="md:localizedNameType"/>
+    <element name="ServiceDescription" type="md:localizedNameType"/>
+    <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
+    <complexType name="RequestedAttributeType">
+        <complexContent>
+            <extension base="saml:AttributeType">
+                <attribute name="isRequired" type="boolean" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+  
+    <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
+    <complexType name="AuthnAuthorityDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthnQueryService" type="md:EndpointType"/>
+
+    <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
+    <complexType name="PDPDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AuthzService" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthzService" type="md:EndpointType"/>
+
+    <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
+    <complexType name="AttributeAuthorityDescriptorType">
+        <complexContent>
+            <extension base="md:RoleDescriptorType">
+                <sequence>
+                    <element ref="md:AttributeService" maxOccurs="unbounded"/>
+                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AttributeService" type="md:EndpointType"/>
+   
+    <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
+    <complexType name="AffiliationDescriptorType">
+        <sequence>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="md:Extensions" minOccurs="0"/>
+            <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
+            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
+        <attribute name="validUntil" type="dateTime" use="optional"/>
+        <attribute name="cacheDuration" type="duration" use="optional"/>
+        <attribute name="ID" type="ID" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="AffiliateMember" type="md:entityIDType"/>
+</schema>
diff --git a/schema/xenc-schema.xsd b/schema/xenc-schema.xsd
new file mode 100644 (file)
index 0000000..64de6f2
--- /dev/null
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+
+<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
+        xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
+        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
+        targetNamespace='http://www.w3.org/2001/04/xmlenc#'
+        elementFormDefault='qualified'>
+
+  <import namespace='http://www.w3.org/2000/09/xmldsig#' schemaLocation='xmldsig-core-schema.xsd'/>
+
+  <complexType name='EncryptedType' abstract='true'>
+    <sequence>
+      <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
+       minOccurs='0'/>
+      <element ref='ds:KeyInfo' minOccurs='0'/>
+      <element ref='xenc:CipherData'/>
+      <element ref='xenc:EncryptionProperties' minOccurs='0'/>
+    </sequence>
+    <attribute name='Id' type='ID' use='optional'/>
+    <attribute name='Type' type='anyURI' use='optional'/>
+    <attribute name='MimeType' type='string' use='optional'/>
+    <attribute name='Encoding' type='anyURI' use='optional'/>
+  </complexType>
+  
+  <complexType name='EncryptionMethodType' mixed='true'>
+    <sequence>
+      <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
+      <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
+      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='Algorithm' type='anyURI' use='required'/>
+  </complexType>
+
+    <simpleType name='KeySizeType'>
+      <restriction base="integer"/>
+    </simpleType>
+
+  <element name='CipherData' type='xenc:CipherDataType'/>
+  <complexType name='CipherDataType'>
+     <choice>
+       <element name='CipherValue' type='base64Binary'/>
+       <element ref='xenc:CipherReference'/>
+     </choice>
+    </complexType>
+
+   <element name='CipherReference' type='xenc:CipherReferenceType'/>
+   <complexType name='CipherReferenceType'>
+       <choice>
+         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
+       </choice>
+       <attribute name='URI' type='anyURI' use='required'/>
+   </complexType>
+
+     <complexType name='TransformsType'>
+       <sequence>
+         <element ref='ds:Transform' maxOccurs='unbounded'/>
+       </sequence>
+     </complexType>
+
+
+  <element name='EncryptedData' type='xenc:EncryptedDataType'/>
+  <complexType name='EncryptedDataType'>
+    <complexContent>
+      <extension base='xenc:EncryptedType'>
+       </extension>
+    </complexContent>
+  </complexType>
+
+  <!-- Children of ds:KeyInfo -->
+
+  <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
+  <complexType name='EncryptedKeyType'>
+    <complexContent>
+      <extension base='xenc:EncryptedType'>
+        <sequence>
+          <element ref='xenc:ReferenceList' minOccurs='0'/>
+          <element name='CarriedKeyName' type='string' minOccurs='0'/>
+        </sequence>
+        <attribute name='Recipient' type='string'
+         use='optional'/>
+      </extension>
+    </complexContent>
+  </complexType>
+
+    <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
+    <complexType name="AgreementMethodType" mixed="true">
+      <sequence>
+        <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
+        <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
+        <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+        <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+        <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+      </sequence>
+      <attribute name="Algorithm" type="anyURI" use="required"/>
+    </complexType>
+
+  <!-- End Children of ds:KeyInfo -->
+
+  <element name='ReferenceList'>
+    <complexType>
+      <choice minOccurs='1' maxOccurs='unbounded'>
+        <element name='DataReference' type='xenc:ReferenceType'/>
+        <element name='KeyReference' type='xenc:ReferenceType'/>
+      </choice>
+    </complexType>
+  </element>
+
+  <complexType name='ReferenceType'>
+    <sequence>
+      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='URI' type='anyURI' use='required'/>
+  </complexType>
+
+
+  <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
+  <complexType name='EncryptionPropertiesType'>
+    <sequence>
+      <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
+    </sequence>
+    <attribute name='Id' type='ID' use='optional'/>
+  </complexType>
+
+    <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
+    <complexType name='EncryptionPropertyType' mixed='true'>
+      <choice maxOccurs='unbounded'>
+        <any namespace='##other' processContents='lax'/>
+      </choice>
+      <attribute name='Target' type='anyURI' use='optional'/>
+      <attribute name='Id' type='ID' use='optional'/>
+      <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
+    </complexType>
+
+</schema>
+
diff --git a/schema/xml.xsd b/schema/xml.xsd
new file mode 100644 (file)
index 0000000..38bba34
--- /dev/null
@@ -0,0 +1,80 @@
+<?xml version='1.0'?>
+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">
+
+ <xs:annotation>
+  <xs:documentation>
+   See http://www.w3.org/XML/1998/namespace.html and
+   http://www.w3.org/TR/REC-xml for information about this namespace.
+  </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+  <xs:documentation>This schema defines attributes and an attribute group
+        suitable for use by
+        schemas wishing to allow xml:base, xml:lang or xml:space attributes
+        on elements they define.
+
+        To enable this, such a schema must import this schema
+        for the XML namespace, e.g. as follows:
+        &lt;schema . . .>
+         . . .
+         &lt;import namespace="http://www.w3.org/XML/1998/namespace"
+                    schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>
+
+        Subsequently, qualified reference to any of the attributes
+        or the group defined below will have the desired effect, e.g.
+
+        &lt;type . . .>
+         . . .
+         &lt;attributeGroup ref="xml:specialAttrs"/>
+         will define a type which will schema-validate an instance
+         element with any of those attributes</xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+  <xs:documentation>In keeping with the XML Schema WG's standard versioning
+   policy, this schema document will persist at
+   http://www.w3.org/2001/03/xml.xsd.
+   At the date of issue it can also be found at
+   http://www.w3.org/2001/xml.xsd.
+   The schema document at that URI may however change in the future,
+   in order to remain compatible with the latest version of XML Schema
+   itself.  In other words, if the XML Schema namespace changes, the version
+   of this document at
+   http://www.w3.org/2001/xml.xsd will change
+   accordingly; the version at
+   http://www.w3.org/2001/03/xml.xsd will not change.
+  </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="lang" type="xs:language">
+  <xs:annotation>
+   <xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter
+         codes as the enumerated possible values . . .</xs:documentation>
+  </xs:annotation>
+ </xs:attribute>
+
+ <xs:attribute name="space" default="preserve">
+  <xs:simpleType>
+   <xs:restriction base="xs:NCName">
+    <xs:enumeration value="default"/>
+    <xs:enumeration value="preserve"/>
+   </xs:restriction>
+  </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="base" type="xs:anyURI">
+  <xs:annotation>
+   <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
+                     information about this attribute.</xs:documentation>
+  </xs:annotation>
+ </xs:attribute>
+
+ <xs:attributeGroup name="specialAttrs">
+  <xs:attribute ref="xml:base"/>
+  <xs:attribute ref="xml:lang"/>
+  <xs:attribute ref="xml:space"/>
+ </xs:attributeGroup>
+
+</xs:schema>
diff --git a/schema/xmldsig-core-schema.xsd b/schema/xmldsig-core-schema.xsd
new file mode 100644 (file)
index 0000000..8e55626
--- /dev/null
@@ -0,0 +1,317 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ [
+   <!ATTLIST schema 
+     xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+   <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+   <!ENTITY % p ''>
+   <!ENTITY % s ''>
+  ]>
+
+<!-- Schema for XML Signatures
+    http://www.w3.org/2000/09/xmldsig#
+    $Revision: 1.1 $ on $Date: 2005/03/16 17:40:08 $ by $Author: iay $
+
+    Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+    of Technology, Institut National de Recherche en Informatique et en
+    Automatique, Keio University). All Rights Reserved.
+    http://www.w3.org/Consortium/Legal/
+
+    This document is governed by the W3C Software License [1] as described
+    in the FAQ [2].
+
+    [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+    [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+        targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+        version="0.1" elementFormDefault="qualified"> 
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+  <restriction base="base64Binary">
+  </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+  <sequence> 
+    <element ref="ds:SignedInfo"/> 
+    <element ref="ds:SignatureValue"/> 
+    <element ref="ds:KeyInfo" minOccurs="0"/> 
+    <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> 
+  </sequence>  
+  <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+  <element name="SignatureValue" type="ds:SignatureValueType"/> 
+  <complexType name="SignatureValueType">
+    <simpleContent>
+      <extension base="base64Binary">
+        <attribute name="Id" type="ID" use="optional"/>
+      </extension>
+    </simpleContent>
+  </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+  <sequence> 
+    <element ref="ds:CanonicalizationMethod"/> 
+    <element ref="ds:SignatureMethod"/> 
+    <element ref="ds:Reference" maxOccurs="unbounded"/> 
+  </sequence>  
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+  <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/> 
+  <complexType name="CanonicalizationMethodType" mixed="true">
+    <sequence>
+      <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+      <!-- (0,unbounded) elements from (1,1) namespace -->
+    </sequence>
+    <attribute name="Algorithm" type="anyURI" use="required"/> 
+  </complexType>
+
+  <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+  <complexType name="SignatureMethodType" mixed="true">
+    <sequence>
+      <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+      <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+      <!-- (0,unbounded) elements from (1,1) external namespace -->
+    </sequence>
+    <attribute name="Algorithm" type="anyURI" use="required"/> 
+  </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+  <sequence> 
+    <element ref="ds:Transforms" minOccurs="0"/> 
+    <element ref="ds:DigestMethod"/> 
+    <element ref="ds:DigestValue"/> 
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+  <attribute name="URI" type="anyURI" use="optional"/> 
+  <attribute name="Type" type="anyURI" use="optional"/> 
+</complexType>
+
+  <element name="Transforms" type="ds:TransformsType"/>
+  <complexType name="TransformsType">
+    <sequence>
+      <element ref="ds:Transform" maxOccurs="unbounded"/>  
+    </sequence>
+  </complexType>
+
+  <element name="Transform" type="ds:TransformType"/>
+  <complexType name="TransformType" mixed="true">
+    <choice minOccurs="0" maxOccurs="unbounded"> 
+      <any namespace="##other" processContents="lax"/>
+      <!-- (1,1) elements from (0,unbounded) namespaces -->
+      <element name="XPath" type="string"/> 
+    </choice>
+    <attribute name="Algorithm" type="anyURI" use="required"/> 
+  </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true"> 
+  <sequence>
+    <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+  </sequence>    
+  <attribute name="Algorithm" type="anyURI" use="required"/> 
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+  <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/> 
+<complexType name="KeyInfoType" mixed="true">
+  <choice maxOccurs="unbounded">     
+    <element ref="ds:KeyName"/> 
+    <element ref="ds:KeyValue"/> 
+    <element ref="ds:RetrievalMethod"/> 
+    <element ref="ds:X509Data"/> 
+    <element ref="ds:PGPData"/> 
+    <element ref="ds:SPKIData"/>
+    <element ref="ds:MgmtData"/>
+    <any processContents="lax" namespace="##other"/>
+    <!-- (1,1) elements from (0,unbounded) namespaces -->
+  </choice>
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+  <element name="KeyName" type="string"/>
+  <element name="MgmtData" type="string"/>
+
+  <element name="KeyValue" type="ds:KeyValueType"/> 
+  <complexType name="KeyValueType" mixed="true">
+   <choice>
+     <element ref="ds:DSAKeyValue"/>
+     <element ref="ds:RSAKeyValue"/>
+     <any namespace="##other" processContents="lax"/>
+   </choice>
+  </complexType>
+
+  <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> 
+  <complexType name="RetrievalMethodType">
+    <sequence>
+      <element ref="ds:Transforms" minOccurs="0"/> 
+    </sequence>  
+    <attribute name="URI" type="anyURI"/>
+    <attribute name="Type" type="anyURI" use="optional"/>
+  </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/> 
+<complexType name="X509DataType">
+  <sequence maxOccurs="unbounded">
+    <choice>
+      <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+      <element name="X509SKI" type="base64Binary"/>
+      <element name="X509SubjectName" type="string"/>
+      <element name="X509Certificate" type="base64Binary"/>
+      <element name="X509CRL" type="base64Binary"/>
+      <any namespace="##other" processContents="lax"/>
+    </choice>
+  </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType"> 
+  <sequence> 
+    <element name="X509IssuerName" type="string"/> 
+    <element name="X509SerialNumber" type="integer"/> 
+  </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/> 
+<complexType name="PGPDataType"> 
+  <choice>
+    <sequence>
+      <element name="PGPKeyID" type="base64Binary"/> 
+      <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/> 
+      <any namespace="##other" processContents="lax" minOccurs="0"
+       maxOccurs="unbounded"/>
+    </sequence>
+    <sequence>
+      <element name="PGPKeyPacket" type="base64Binary"/> 
+      <any namespace="##other" processContents="lax" minOccurs="0"
+       maxOccurs="unbounded"/>
+    </sequence>
+  </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/> 
+<complexType name="SPKIDataType">
+  <sequence maxOccurs="unbounded">
+    <element name="SPKISexp" type="base64Binary"/>
+    <any namespace="##other" processContents="lax" minOccurs="0"/>
+  </sequence>
+</complexType> 
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/> 
+<complexType name="ObjectType" mixed="true">
+  <sequence minOccurs="0" maxOccurs="unbounded">
+    <any namespace="##any" processContents="lax"/>
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+  <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+  <attribute name="Encoding" type="anyURI" use="optional"/> 
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/> 
+<complexType name="ManifestType">
+  <sequence>
+    <element ref="ds:Reference" maxOccurs="unbounded"/> 
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/> 
+<complexType name="SignaturePropertiesType">
+  <sequence>
+    <element ref="ds:SignatureProperty" maxOccurs="unbounded"/> 
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+   <element name="SignatureProperty" type="ds:SignaturePropertyType"/> 
+   <complexType name="SignaturePropertyType" mixed="true">
+     <choice maxOccurs="unbounded">
+       <any namespace="##other" processContents="lax"/>
+       <!-- (1,1) elements from (1,unbounded) namespaces -->
+     </choice>
+     <attribute name="Target" type="anyURI" use="required"/> 
+     <attribute name="Id" type="ID" use="optional"/> 
+   </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+  <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+  <sequence>
+    <sequence minOccurs="0">
+      <element name="P" type="ds:CryptoBinary"/>
+      <element name="Q" type="ds:CryptoBinary"/>
+    </sequence>
+    <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+    <element name="Y" type="ds:CryptoBinary"/>
+    <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+    <sequence minOccurs="0">
+      <element name="Seed" type="ds:CryptoBinary"/>
+      <element name="PgenCounter" type="ds:CryptoBinary"/>
+    </sequence>
+  </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+  <sequence>
+    <element name="Modulus" type="ds:CryptoBinary"/> 
+    <element name="Exponent" type="ds:CryptoBinary"/> 
+  </sequence>
+</complexType> 
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>