1# zxid/sg/oasis-sstc-saml-schema-assertion-1.1.sg
2# Slightly edited, 5.9.2006, Sampo Kellomaki (sampo@iki.fi)
3# 15.10.2006, extended AttributeValue schema to cater for bootstraps --Sampo
4# 10.2.2007, added other types of assertions as potential Advice content --Sampo
5# 3.3.2007, added XACML support --Sampo
6# $Id: oasis-sstc-saml-schema-assertion-1.1.sg,v 1.6 2009-11-14 22:44:43 sampo Exp $
7
8target(sa11, urn:oasis:names:tc:SAML:1.0:assertion)
9ns(xs,http://www.w3.org/2001/XMLSchema)
10import(ds, http://www.w3.org/2000/09/xmldsig#, http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd)
11ns(di12, urn:liberty:disco:2003-08)
12ns(a,    http://www.w3.org/2005/08/addressing)
13ns(sa,   urn:oasis:names:tc:SAML:2.0:assertion)
14ns(ff12, urn:liberty:iff:2003-08)
15ns(xasa, urn:oasis:xacml:2.0:saml:assertion:schema:os)
16ns(xasacd1, urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion:cd-01)
17
18%DecisionType:   enum( Permit Deny Indeterminate ) ;
19AssertionIDReference -> %xs:NCName
20
21Assertion        -> %sa11:AssertionType
22%AssertionType:
23  sa11:Conditions?
24  sa11:Advice?
25  sa11:Statement*
26  sa11:SubjectStatement*
27  sa11:AuthenticationStatement*
28  sa11:AuthorizationDecisionStatement*
29  sa11:AttributeStatement*
30  xasa:XACMLAuthzDecisionStatement*
31  xasa:XACMLPolicyStatement*
32  xasacd1:XACMLAuthzDecisionStatement*
33  xasacd1:XACMLPolicyStatement*
34  ds:Signature?
35  @MajorVersion  -> %xs:integer
36  @MinorVersion  -> %xs:integer
37  @AssertionID   -> %xs:ID
38  @Issuer        -> %xs:string
39  @IssueInstant  -> %xs:dateTime
40  ;
41
42Conditions       -> %sa11:ConditionsType
43%ConditionsType:
44  sa11:AudienceRestrictionCondition*
45  sa11:DoNotCacheCondition*
46  sa11:Condition*
47  @NotBefore?    -> %xs:dateTime
48  @NotOnOrAfter? -> %xs:dateTime
49  ;
50Condition        -> %sa11:ConditionAbstractType
51
52AudienceRestrictionCondition       -> %sa11:AudienceRestrictionConditionType
53%AudienceRestrictionConditionType: base(sa11:ConditionAbstractType)
54  sa11:Audience+
55  ;
56
57Audience -> %xs:anyURI
58
59DoNotCacheCondition       -> %sa11:DoNotCacheConditionType
60%DoNotCacheConditionType: base(sa11:ConditionAbstractType) ;
61
62Advice -> %sa11:AdviceType
63%AdviceType:
64  sa11:AssertionIDReference*
65  sa11:Assertion*
66  ff12:Assertion*
67  sa:Assertion*
68  any*  ns(##other)  processContents(lax)
69  ;
70
71Statement -> %sa11:StatementAbstractType
72
73SubjectStatement -> %sa11:SubjectStatementAbstractType
74%SubjectStatementAbstractType: base(sa11:StatementAbstractType)
75  sa11:Subject
76  ;
77
78Subject -> %sa11:SubjectType
79%SubjectType:
80  sa11:NameIdentifier?
81  sa11:SubjectConfirmation?
82  ;
83
84NameIdentifier -> %sa11:NameIdentifierType
85%NameIdentifierType: base(xs:string)
86  @NameQualifier? -> %xs:string
87  @Format? -> %xs:anyURI
88  ;
89
90SubjectConfirmation -> %sa11:SubjectConfirmationType
91%SubjectConfirmationType:
92  sa11:ConfirmationMethod+
93  sa11:SubjectConfirmationData?
94  ds:KeyInfo?
95  ;
96
97SubjectConfirmationData -> %xs:anyType
98ConfirmationMethod -> %xs:anyURI
99
100AuthenticationStatement -> %sa11:AuthenticationStatementType
101%AuthenticationStatementType: base(sa11:SubjectStatementAbstractType)
102  sa11:SubjectLocality?
103  sa11:AuthorityBinding*
104  @AuthenticationMethod -> %xs:anyURI
105  @AuthenticationInstant -> %xs:dateTime
106  ;
107
108SubjectLocality  -> %sa11:SubjectLocalityType
109%SubjectLocalityType:
110  @IPAddress?    -> %xs:string
111  @DNSAddress?   -> %xs:string
112  ;
113
114AuthorityBinding -> %sa11:AuthorityBindingType
115%AuthorityBindingType:
116  @AuthorityKind -> %xs:QName
117  @Location      -> %xs:anyURI
118  @Binding       -> %xs:anyURI
119  ;
120
121AuthorizationDecisionStatement       -> %sa11:AuthorizationDecisionStatementType
122%AuthorizationDecisionStatementType: base(sa11:SubjectStatementAbstractType)
123  sa11:Action+
124  sa11:Evidence?
125  @Resource      -> %xs:anyURI
126  @Decision      -> %sa11:DecisionType
127  ;
128
129Action           -> %sa11:ActionType
130%ActionType:     base(string)
131  @Namespace?    -> %xs:anyURI
132  ;
133
134Evidence         -> %sa11:EvidenceType
135%EvidenceType:
136  sa11:AssertionIDReference*
137  sa11:Assertion*
138  ;
139
140AttributeStatement -> %sa11:AttributeStatementType
141%AttributeStatementType: base(sa11:SubjectStatementAbstractType)
142  sa11:Attribute+
143  ;
144
145AttributeDesignator   -> %sa11:AttributeDesignatorType
146%AttributeDesignatorType:
147  @AttributeName      -> %xs:string
148  @AttributeNamespace -> %xs:anyURI
149  ;
150
151Attribute -> %sa11:AttributeType
152%AttributeType: base(sa11:AttributeDesignatorType)
153  sa11:AttributeValue+
154  ;
155
156# To cater for discovery bootstraps we add them to schema here --Sampo
157#AttributeValue	   -> %xs:anyType
158
159AttributeValue -> %sa11:AttributeValueType
160%AttributeValueType:
161  di12:ResourceOffering*
162  a:EndpointReference*
163  ;
164
165#EOF
166