summaryrefslogtreecommitdiff
path: root/schema/shibboleth.xsd
diff options
context:
space:
mode:
Diffstat (limited to 'schema/shibboleth.xsd')
-rw-r--r--schema/shibboleth.xsd296
1 files changed, 0 insertions, 296 deletions
diff --git a/schema/shibboleth.xsd b/schema/shibboleth.xsd
deleted file mode 100644
index 392fed45..00000000
--- a/schema/shibboleth.xsd
+++ /dev/null
@@ -1,296 +0,0 @@
-<?xml version="1.0" encoding="US-ASCII"?>
-<schema targetNamespace="urn:mace:shibboleth:1.0"
- xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xml="http://www.w3.org/XML/1998/namespace"
- xmlns:shib="urn:mace:shibboleth:1.0"
- xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
- elementFormDefault="qualified"
- attributeFormDefault="unqualified"
- version="1.2">
-
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
- <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
-
- <!-- Status-Related Information -->
-
- <!--
- The following SAML sub-status codes are defined in this namespace:
-
- "InvalidHandle"
- Used with samlp:Requester, signals AA did not recognize handle as valid
- -->
-
- <!--
- Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents
- anyAttribute content appearing on anyType. It works in 2.2 but not in later versions.
- -->
-
- <complexType name="AttributeValueType" mixed="true">
- <annotation>
- <documentation xml:lang="en">
- By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type.
- </documentation>
- </annotation>
- <complexContent>
- <extension base="anyType"/>
- </complexContent>
- </complexType>
-
- <!-- Attribute Acceptance Policies -->
-
- <simpleType name="AttributeRuleValueType">
- <restriction base="string">
- <enumeration value="literal"/>
- <enumeration value="regexp"/>
- <enumeration value="xpath"/>
- </restriction>
- </simpleType>
-
- <complexType name="SiteRuleType">
- <sequence>
- <element name="Scope" minOccurs="0" maxOccurs="unbounded">
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute name="Accept" type="boolean" use="optional" default="true"/>
- <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
- <choice minOccurs="0">
- <element name="AnyValue">
- <complexType>
- <sequence/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- </element>
- <element name="Value" maxOccurs="unbounded">
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
- </choice>
- </sequence>
- </complexType>
-
- <element name="AnySite" type="shib:SiteRuleType"/>
- <element name="SiteRule">
- <complexType>
- <complexContent>
- <extension base="shib:SiteRuleType">
- <attribute name="Name" type="string" use="required"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </extension>
- </complexContent>
- </complexType>
- </element>
-
- <complexType name="AttributeRuleType">
- <sequence>
- <element ref="shib:AnySite" minOccurs="0"/>
- <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Namespace" type="string" use="optional"/>
- <attribute name="Factory" type="string" use="optional"/>
- <attribute name="Alias" type="string" use="optional"/>
- <attribute name="Header" type="string" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
-
- <element name="AttributeRule" type="shib:AttributeRuleType">
- <key name="SiteRuleKey">
- <selector xpath="./shib:SiteRule"/>
- <field xpath="@Name"/>
- </key>
- </element>
-
- <element name="AttributeAcceptancePolicy">
- <complexType>
- <sequence>
- <element name="AnyAttribute" minOccurs="0">
- <complexType>
- <sequence/>
- </complexType>
- </element>
- <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- </element>
-
-
- <!-- Shibboleth Metadata -->
-
- <complexType name="SiteType">
- <annotation>
- <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
- </annotation>
- <sequence>
- <element name="Alias" minOccurs="0" maxOccurs="unbounded">
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute ref="xml:lang"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
- <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="ErrorURL" type="anyURI" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
-
- <simpleType name="ContactTypeType">
- <restriction base="string">
- <enumeration value="technical"/>
- <enumeration value="support"/>
- <enumeration value="administrative"/>
- <enumeration value="billing"/>
- <enumeration value="other"/>
- </restriction>
- </simpleType>
-
- <complexType name="ContactType">
- <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
- <sequence/>
- <attribute name="Type" type="shib:ContactTypeType" use="required"/>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Email" type="string" use="optional"/>
- </complexType>
-
- <complexType name="regexp_string">
- <annotation>
- <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
- </annotation>
- <simpleContent>
- <extension base="string">
- <attribute name="regexp" type="boolean" use="optional" default="false"/>
- </extension>
- </simpleContent>
- </complexType>
-
- <complexType name="AuthorityType">
- <annotation>
- <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
- </annotation>
- <sequence/>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Location" type="anyURI" use="required"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
-
- <complexType name="OriginSiteType">
- <annotation>
- <documentation xml:lang="en">
- Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping.
- </documentation>
- </annotation>
- <complexContent>
- <extension base="shib:SiteType">
- <sequence>
- <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
- <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
- <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <complexType name="DestinationSiteType">
- <annotation>
- <documentation xml:lang="en">
- Destination sites add at least one attribute requester (with a name).
- </documentation>
- </annotation>
- <complexContent>
- <extension base="shib:SiteType">
- <sequence>
- <element name="AssertionConsumerServiceURL" maxOccurs="unbounded">
- <complexType>
- <sequence/>
- <attribute name="Location" type="string" use="required"/>
- <attribute name="Id" type="string" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- </element>
- <element name="AttributeRequester" maxOccurs="unbounded">
- <complexType>
- <sequence/>
- <attribute name="Name" type="string" use="required"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- </element>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <complexType name="SiteGroupType">
- <annotation>
- <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
- </annotation>
- <sequence>
- <choice maxOccurs="unbounded">
- <element ref="shib:OriginSite"/>
- <element ref="shib:DestinationSite"/>
- <element ref="shib:SiteGroup"/>
- </choice>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="lastChanged" type="dateTime" use="optional"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
-
- <element name="OriginSite" type="shib:OriginSiteType"/>
- <element name="DestinationSite" type="shib:DestinationSiteType"/>
- <element name="SiteGroup" type="shib:SiteGroupType"/>
-
-
- <!-- Old (pre 1.2) Trust Metadata -->
-
- <complexType name="KeyAuthorityType">
- <annotation>
- <documentation xml:lang="en">
- Binds a set of keying material to one or more named system entities.
- </documentation>
- </annotation>
- <sequence>
- <element ref="ds:KeyInfo"/>
- <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
-
- <element name="Trust">
- <annotation>
- <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
- </annotation>
- <complexType>
- <sequence>
- <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="lastChanged" type="dateTime" use="optional"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- </element>
-
-</schema>