1# zxid/sg/liberty-idff-protocols-schema-1.2-errata-v2.0.sg 2# Slightly edited, 5.9.2006, Sampo Kellomaki (sampo@iki.fi) 3# $Id: liberty-idff-protocols-schema-1.2-errata-v2.0.sg,v 1.4 2009-09-05 02:23:41 sampo Exp $ 4# 5# N.B. In order to remove dependency on metadata, all instances 6# of %m12:entityIDType have been replaced with %xs:anyURI, which 7# is what the former expands to in the metadata schema. This makes 8# world a simpler and better place. 9 10target(ff12, urn:liberty:iff:2003-08) 11 12import(sa11, urn:oasis:names:tc:SAML:1.0:assertion,oasis-sstc-saml-schema-assertion-1.1.xsd) 13import(sp11, urn:oasis:names:tc:SAML:1.0:protocol,oasis-sstc-saml-schema-protocol-1.1.xsd) 14import(xenc, http://www.w3.org/2001/04/xmlenc#, http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd) 15#import(ac, urn:liberty:ac:2003-08, liberty-authentication-context-1.2-errata-v1.0.xsd) 16import(ac, urn:liberty:ac:2004-12, liberty-authentication-context-v2.0.xsd) 17 18#include(liberty-idff-utility-v1.0.xsd) necessary definitions have been inline expanded 19 20Extension -> %ff12:extensionType 21%extensionType: 22 any+ ns(##other) processContents(lax) 23 ; 24 25ProviderID -> %xs:anyURI 26AffiliationID -> %xs:anyURI 27AuthnRequest -> %ff12:AuthnRequestType 28%AuthnRequestType: base(sp11:RequestAbstractType) 29 ff12:Extension* 30 ff12:ProviderID 31 ff12:AffiliationID? 32 ff12:NameIDPolicy? 33 ff12:ForceAuthn? -> %xs:boolean 34 ff12:IsPassive? -> %xs:boolean 35 ff12:ProtocolProfile? 36 ff12:AssertionConsumerServiceID? -> %xs:string 37 ff12:RequestAuthnContext? 38 ff12:RelayState? 39 ff12:Scoping? 40 @consent? -> %xs:string 41 ; 42 43%NameIDPolicyType: enum( none onetime federated any ) ; 44NameIDPolicy -> %ff12:NameIDPolicyType 45 46%AuthnContextComparisonType: enum( exact minimum maximum better ) ; 47 48%ScopingType: 49 ff12:ProxyCount? -> %xs:nonNegativeInteger 50 ff12:IDPList? 51 ; 52Scoping -> %ff12:ScopingType 53 54RelayState -> %xs:string 55 56ProtocolProfile -> %xs:anyURI 57 58RequestAuthnContext: 59 ff12:AuthnContextClassRef+ -> %xs:anyURI 60 ff12:AuthnContextStatementRef+ -> %xs:anyURI 61 ff12:AuthnContextComparison? -> %ff12:AuthnContextComparisonType 62 ; 63 64AuthnResponse -> %ff12:AuthnResponseType 65%AuthnResponseType: base(sp11:ResponseType) 66 ff12:Extension* 67 ff12:ProviderID 68 ff12:RelayState? 69 @consent? -> %xs:string 70 ; 71 72Assertion -> %ff12:AssertionType 73%AssertionType: base(sa11:AssertionType) 74 @InResponseTo? -> %xs:NCName 75 ; 76 77%SubjectType: base(sa11:SubjectType) 78 ff12:IDPProvidedNameIdentifier? 79 ; 80Subject -> %ff12:SubjectType 81 82EncryptableNameIdentifier -> %ff12:EncryptableNameIdentifierType 83%EncryptableNameIdentifierType: base(sa11:NameIdentifierType) 84 @IssueInstant? -> %xs:dateTime 85 @Nonce? -> %xs:string 86 ; 87 88EncryptedNameIdentifier -> %ff12:EncryptedNameIdentifierType 89%EncryptedNameIdentifierType: 90 xenc:EncryptedData 91 xenc:EncryptedKey? 92 ; 93 94AuthenticationStatement -> %ff12:AuthenticationStatementType 95%AuthenticationStatementType: base(sa11:AuthenticationStatementType) 96 ff12:AuthnContext?: 97 ff12:AuthnContextClassRef? -> %xs:anyURI 98 ac:AuthenticationContextStatement? 99 ff12:AuthnContextStatementRef? -> %xs:anyURI 100 ; 101 @ReauthenticateOnOrAfter? -> %xs:dateTime 102 @SessionIndex -> %xs:string 103 ; 104 105AuthnRequestEnvelope -> %ff12:AuthnRequestEnvelopeType 106%AuthnRequestEnvelopeType: base(ff12:RequestEnvelopeType) 107 ff12:AuthnRequest 108 ff12:ProviderID 109 ff12:ProviderName? -> %xs:string 110 ff12:AssertionConsumerServiceURL -> %xs:anyURI 111 ff12:IDPList? 112 ff12:IsPassive? -> %xs:boolean 113 ; 114%RequestEnvelopeType: 115 ff12:Extension* 116 ; 117 118IDPList -> %ff12:IDPListType 119%IDPListType: 120 ff12:IDPEntries 121 ff12:GetComplete? 122 ; 123IDPEntry: 124 ff12:ProviderID 125 ff12:ProviderName? -> %xs:string 126 ff12:Loc -> %xs:anyURI 127 ; 128IDPEntries: 129 ff12:IDPEntry+ 130 ; 131GetComplete -> %xs:anyURI 132 133AuthnResponseEnvelope -> %ff12:AuthnResponseEnvelopeType 134%AuthnResponseEnvelopeType: base(ff12:ResponseEnvelopeType) 135 ff12:AuthnResponse 136 ff12:AssertionConsumerServiceURL -> %xs:anyURI 137 ; 138%ResponseEnvelopeType: 139 ff12:Extension* 140 ; 141RegisterNameIdentifierRequest -> %ff12:RegisterNameIdentifierRequestType 142%RegisterNameIdentifierRequestType: base(sp11:RequestAbstractType) 143 ff12:Extension* 144 ff12:ProviderID 145 ff12:IDPProvidedNameIdentifier 146 ff12:SPProvidedNameIdentifier? 147 ff12:OldProvidedNameIdentifier 148 ff12:RelayState? 149 ; 150 151IDPProvidedNameIdentifier -> %sa11:NameIdentifierType 152SPProvidedNameIdentifier -> %sa11:NameIdentifierType 153OldProvidedNameIdentifier -> %sa11:NameIdentifierType 154 155RegisterNameIdentifierResponse -> %ff12:StatusResponseType 156%StatusResponseType: base(sp11:ResponseAbstractType) 157 ff12:Extension* 158 ff12:ProviderID 159 sp11:Status 160 ff12:RelayState? 161 ; 162 163FederationTerminationNotification -> %ff12:FederationTerminationNotificationType 164%FederationTerminationNotificationType: base(sp11:RequestAbstractType) 165 ff12:Extension* 166 ff12:ProviderID 167 sa11:NameIdentifier 168 @consent? -> %xs:string 169 ; 170 171LogoutRequest -> %ff12:LogoutRequestType 172%LogoutRequestType: base(sp11:RequestAbstractType) 173 ff12:Extension* 174 ff12:ProviderID 175 sa11:NameIdentifier 176 ff12:SessionIndex* -> %xs:string 177 ff12:RelayState? 178 @consent? -> %xs:string 179 @NotOnOrAfter? -> %xs:dateTime 180 ; 181LogoutResponse -> %ff12:StatusResponseType 182 183NameIdentifierMappingRequest -> %ff12:NameIdentifierMappingRequestType 184%NameIdentifierMappingRequestType: base(sp11:RequestAbstractType) 185 ff12:Extension* 186 ff12:ProviderID 187 sa11:NameIdentifier 188 ff12:TargetNamespace -> %xs:anyURI 189 @consent? -> %xs:string 190 ; 191 192NameIdentifierMappingResponse -> %ff12:NameIdentifierMappingResponseType 193%NameIdentifierMappingResponseType: base(sp11:ResponseAbstractType) 194 ff12:Extension* 195 ff12:ProviderID 196 sp11:Status 197 sa11:NameIdentifier? 198 ; 199 200# EOF 201