1# zxid/sg/oasis-sstc-saml-schema-assertion-1.1.sg 2# Slightly edited, 5.9.2006, Sampo Kellomaki (sampo@iki.fi) 3# 15.10.2006, extended AttributeValue schema to cater for bootstraps --Sampo 4# 10.2.2007, added other types of assertions as potential Advice content --Sampo 5# 3.3.2007, added XACML support --Sampo 6# $Id: oasis-sstc-saml-schema-assertion-1.1.sg,v 1.6 2009-11-14 22:44:43 sampo Exp $ 7 8target(sa11, urn:oasis:names:tc:SAML:1.0:assertion) 9ns(xs,http://www.w3.org/2001/XMLSchema) 10import(ds, http://www.w3.org/2000/09/xmldsig#, http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd) 11ns(di12, urn:liberty:disco:2003-08) 12ns(a, http://www.w3.org/2005/08/addressing) 13ns(sa, urn:oasis:names:tc:SAML:2.0:assertion) 14ns(ff12, urn:liberty:iff:2003-08) 15ns(xasa, urn:oasis:xacml:2.0:saml:assertion:schema:os) 16ns(xasacd1, urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion:cd-01) 17 18%DecisionType: enum( Permit Deny Indeterminate ) ; 19AssertionIDReference -> %xs:NCName 20 21Assertion -> %sa11:AssertionType 22%AssertionType: 23 sa11:Conditions? 24 sa11:Advice? 25 sa11:Statement* 26 sa11:SubjectStatement* 27 sa11:AuthenticationStatement* 28 sa11:AuthorizationDecisionStatement* 29 sa11:AttributeStatement* 30 xasa:XACMLAuthzDecisionStatement* 31 xasa:XACMLPolicyStatement* 32 xasacd1:XACMLAuthzDecisionStatement* 33 xasacd1:XACMLPolicyStatement* 34 ds:Signature? 35 @MajorVersion -> %xs:integer 36 @MinorVersion -> %xs:integer 37 @AssertionID -> %xs:ID 38 @Issuer -> %xs:string 39 @IssueInstant -> %xs:dateTime 40 ; 41 42Conditions -> %sa11:ConditionsType 43%ConditionsType: 44 sa11:AudienceRestrictionCondition* 45 sa11:DoNotCacheCondition* 46 sa11:Condition* 47 @NotBefore? -> %xs:dateTime 48 @NotOnOrAfter? -> %xs:dateTime 49 ; 50Condition -> %sa11:ConditionAbstractType 51 52AudienceRestrictionCondition -> %sa11:AudienceRestrictionConditionType 53%AudienceRestrictionConditionType: base(sa11:ConditionAbstractType) 54 sa11:Audience+ 55 ; 56 57Audience -> %xs:anyURI 58 59DoNotCacheCondition -> %sa11:DoNotCacheConditionType 60%DoNotCacheConditionType: base(sa11:ConditionAbstractType) ; 61 62Advice -> %sa11:AdviceType 63%AdviceType: 64 sa11:AssertionIDReference* 65 sa11:Assertion* 66 ff12:Assertion* 67 sa:Assertion* 68 any* ns(##other) processContents(lax) 69 ; 70 71Statement -> %sa11:StatementAbstractType 72 73SubjectStatement -> %sa11:SubjectStatementAbstractType 74%SubjectStatementAbstractType: base(sa11:StatementAbstractType) 75 sa11:Subject 76 ; 77 78Subject -> %sa11:SubjectType 79%SubjectType: 80 sa11:NameIdentifier? 81 sa11:SubjectConfirmation? 82 ; 83 84NameIdentifier -> %sa11:NameIdentifierType 85%NameIdentifierType: base(xs:string) 86 @NameQualifier? -> %xs:string 87 @Format? -> %xs:anyURI 88 ; 89 90SubjectConfirmation -> %sa11:SubjectConfirmationType 91%SubjectConfirmationType: 92 sa11:ConfirmationMethod+ 93 sa11:SubjectConfirmationData? 94 ds:KeyInfo? 95 ; 96 97SubjectConfirmationData -> %xs:anyType 98ConfirmationMethod -> %xs:anyURI 99 100AuthenticationStatement -> %sa11:AuthenticationStatementType 101%AuthenticationStatementType: base(sa11:SubjectStatementAbstractType) 102 sa11:SubjectLocality? 103 sa11:AuthorityBinding* 104 @AuthenticationMethod -> %xs:anyURI 105 @AuthenticationInstant -> %xs:dateTime 106 ; 107 108SubjectLocality -> %sa11:SubjectLocalityType 109%SubjectLocalityType: 110 @IPAddress? -> %xs:string 111 @DNSAddress? -> %xs:string 112 ; 113 114AuthorityBinding -> %sa11:AuthorityBindingType 115%AuthorityBindingType: 116 @AuthorityKind -> %xs:QName 117 @Location -> %xs:anyURI 118 @Binding -> %xs:anyURI 119 ; 120 121AuthorizationDecisionStatement -> %sa11:AuthorizationDecisionStatementType 122%AuthorizationDecisionStatementType: base(sa11:SubjectStatementAbstractType) 123 sa11:Action+ 124 sa11:Evidence? 125 @Resource -> %xs:anyURI 126 @Decision -> %sa11:DecisionType 127 ; 128 129Action -> %sa11:ActionType 130%ActionType: base(string) 131 @Namespace? -> %xs:anyURI 132 ; 133 134Evidence -> %sa11:EvidenceType 135%EvidenceType: 136 sa11:AssertionIDReference* 137 sa11:Assertion* 138 ; 139 140AttributeStatement -> %sa11:AttributeStatementType 141%AttributeStatementType: base(sa11:SubjectStatementAbstractType) 142 sa11:Attribute+ 143 ; 144 145AttributeDesignator -> %sa11:AttributeDesignatorType 146%AttributeDesignatorType: 147 @AttributeName -> %xs:string 148 @AttributeNamespace -> %xs:anyURI 149 ; 150 151Attribute -> %sa11:AttributeType 152%AttributeType: base(sa11:AttributeDesignatorType) 153 sa11:AttributeValue+ 154 ; 155 156# To cater for discovery bootstraps we add them to schema here --Sampo 157#AttributeValue -> %xs:anyType 158 159AttributeValue -> %sa11:AttributeValueType 160%AttributeValueType: 161 di12:ResourceOffering* 162 a:EndpointReference* 163 ; 164 165#EOF 166