1# zxid/sg/saml-schema-metadata-2.0.sh .sg 2# Slightly edited, 27.5.2006, Sampo Kellomaki (sampo@iki.fi) 3# 22.11.2009, added shib metadata support --Sampo 4# $Id: saml-schema-metadata-2.0.sg,v 1.4 2009-11-24 23:53:40 sampo Exp $ 5 6target(md,urn:oasis:names:tc:SAML:2.0:metadata) 7import(ds,http://www.w3.org/2000/09/xmldsig#,http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd) 8import(xenc,http://www.w3.org/2001/04/xmlenc#,http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd) 9import(sa,urn:oasis:names:tc:SAML:2.0:assertion,saml-schema-assertion-2.0.xsd) 10ns(idpdisc,urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol) 11# import(xml,http://www.w3.org/XML/1998/namespace,http://www.w3.org/2001/xml.xsd) 12ns(xs, http://www.w3.org/2001/XMLSchema) 13ns(xml, http://www.w3.org/XML/1998/namespace) 14ns(shibmd, urn:mace:shibboleth:metadata:1.0) 15 16%entityIDType: base(xs:anyURI) ; 17 18%localizedNameType: base(xs:string) 19 @xml:lang? -> %xs:string #@xml:lang vs. @lang *** 20 #@lang? -> %xs:string 21 ; 22 23%localizedURIType: base(xs:anyURI) 24 @xml:lang? -> %xs:string #@xml:lang vs. @lang *** 25 #@lang? -> %xs:string 26 ; 27 28Extensions -> %md:ExtensionsType 29%ExtensionsType: 30 shibmd:Scope* 31 shibmd:KeyAuthority* 32 idpdisc:DiscoveryResponse* 33 any+ 34 ; 35 36# What about IndexedEndpointType as needed in idpdisc,urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol --Sampo 37 38%EndpointType: 39 any* 40 @Binding -> %xs:anyURI 41 @Location -> %xs:anyURI 42 @ResponseLocation? -> %xs:anyURI 43 @index? -> %xs:unsignedShort 44 @isDefault? -> %xs:boolean 45 @any 46 ; 47 48EntitiesDescriptor -> %md:EntitiesDescriptorType 49%EntitiesDescriptorType: 50 ds:Signature? 51 md:Extensions? 52 md:EntityDescriptor* # these were originally choice unbounded 53 md:EntitiesDescriptor* 54 @validUntil? -> %dateTime 55 @cacheDuration? -> %duration 56 @ID? -> %xs:ID 57 @Name? -> %xs:string 58 ; 59 60EntityDescriptor -> %md:EntityDescriptorType 61%EntityDescriptorType: 62 ds:Signature? 63 md:Extensions? 64 md:RoleDescriptor* # following were originally choice unbounded 65 md:IDPSSODescriptor* 66 md:SPSSODescriptor* 67 md:AuthnAuthorityDescriptor* 68 md:AttributeAuthorityDescriptor* 69 md:PDPDescriptor* 70 md:AffiliationDescriptor* 71 md:Organization? 72 md:ContactPerson* 73 md:AdditionalMetadataLocation* 74 @entityID -> %md:entityIDType 75 @validUntil? -> %dateTime 76 @cacheDuration? -> %duration 77 @ID? -> %xs:ID 78 @any 79 ; 80 81Organization -> %md:OrganizationType 82%OrganizationType: 83 md:Extensions? 84 md:OrganizationName+ 85 md:OrganizationDisplayName+ 86 md:OrganizationURL+ 87 @any 88 ; 89 90OrganizationName -> %md:localizedNameType 91OrganizationDisplayName -> %md:localizedNameType 92OrganizationURL -> %md:localizedURIType 93 94ContactPerson -> %md:ContactType 95%ContactType: 96 md:Extensions? 97 md:Company? 98 md:GivenName? 99 md:SurName? 100 md:EmailAddress* 101 md:TelephoneNumber* 102 @contactType -> %md:ContactTypeType 103 @any 104 ; 105 106Company -> %xs:string 107GivenName -> %xs:string 108SurName -> %xs:string 109EmailAddress -> %xs:anyURI 110TelephoneNumber -> %xs:string 111 112%ContactTypeType: enum( technical support administrative billing other ) ; 113 114AdditionalMetadataLocation -> %md:AdditionalMetadataLocationType 115%AdditionalMetadataLocationType: base(xs:anyURI) 116 @namespace -> %xs:anyURI 117 ; 118 119RoleDescriptor -> %md:RoleDescriptorType 120%RoleDescriptorType: 121 ds:Signature? 122 md:Extensions? 123 md:KeyDescriptor* 124 md:Organization? 125 md:ContactPerson* 126 @ID? -> %xs:ID 127 @validUntil? -> %dateTime 128 @cacheDuration? -> %duration 129 @protocolSupportEnumeration -> %xs:anyURI 130 @errorURL? -> %xs:anyURI 131 @any 132 ; 133 134KeyDescriptor -> %md:KeyDescriptorType 135%KeyDescriptorType: 136 ds:KeyInfo 137 md:EncryptionMethod* 138 @use? -> %md:KeyTypes 139 ; 140 141%KeyTypes: enum( encryption signing ) ; 142EncryptionMethod -> %xenc:EncryptionMethodType 143%SSODescriptorType: base(md:RoleDescriptorType) 144 md:ArtifactResolutionService* 145 md:SingleLogoutService* 146 md:ManageNameIDService* 147 md:NameIDFormat* 148 ; 149 150ArtifactResolutionService -> %md:EndpointType 151SingleLogoutService -> %md:EndpointType 152ManageNameIDService -> %md:EndpointType 153NameIDFormat -> %xs:anyURI 154 155IDPSSODescriptor -> %md:IDPSSODescriptorType 156%IDPSSODescriptorType: base(md:SSODescriptorType) 157 md:SingleSignOnService+ 158 md:NameIDMappingService* 159 md:AssertionIDRequestService* 160 md:AttributeProfile* 161 sa:Attribute* 162 @WantAuthnRequestsSigned? -> %xs:boolean 163 ; 164 165SingleSignOnService -> %md:EndpointType 166NameIDMappingService -> %md:EndpointType 167AssertionIDRequestService -> %md:EndpointType 168AttributeProfile -> %xs:anyURI 169 170SPSSODescriptor -> %md:SPSSODescriptorType 171%SPSSODescriptorType: base(md:SSODescriptorType) 172 md:AssertionConsumerService+ 173 md:AttributeConsumingService* 174 @AuthnRequestsSigned? -> %xs:boolean 175 @WantAssertionsSigned? -> %xs:boolean 176 ; 177 178AssertionConsumerService -> %md:EndpointType 179 180AttributeConsumingService -> %md:AttributeConsumingServiceType 181%AttributeConsumingServiceType: 182 md:ServiceName+ 183 md:ServiceDescription* 184 md:RequestedAttribute+ 185 @index -> %xs:unsignedShort 186 @isDefault? -> %xs:boolean 187 ; 188 189ServiceName -> %md:localizedNameType 190ServiceDescription -> %md:localizedNameType 191 192RequestedAttribute -> %md:RequestedAttributeType 193%RequestedAttributeType: base(sa:AttributeType) 194 @isRequired? -> %xs:boolean 195 ; 196 197AuthnAuthorityDescriptor -> %md:AuthnAuthorityDescriptorType 198%AuthnAuthorityDescriptorType: base(md:RoleDescriptorType) 199 md:AuthnQueryService+ 200 md:AssertionIDRequestService* 201 md:NameIDFormat* 202 ; 203 204AuthnQueryService -> %md:EndpointType 205 206PDPDescriptor -> %md:PDPDescriptorType 207%PDPDescriptorType: base(md:RoleDescriptorType) 208 md:AuthzService+ 209 md:AssertionIDRequestService* 210 md:NameIDFormat* 211 ; 212 213AuthzService -> %md:EndpointType 214 215AttributeAuthorityDescriptor -> %md:AttributeAuthorityDescriptorType 216%AttributeAuthorityDescriptorType: base(md:RoleDescriptorType) 217 md:AttributeService+ 218 md:AssertionIDRequestService* 219 md:NameIDFormat* 220 md:AttributeProfile* 221 sa:Attribute* 222 ; 223 224AttributeService -> %md:EndpointType 225 226AffiliationDescriptor -> %md:AffiliationDescriptorType 227%AffiliationDescriptorType: 228 ds:Signature? 229 md:Extensions? 230 md:AffiliateMember+ 231 md:KeyDescriptor* 232 @affiliationOwnerID -> %md:entityIDType 233 @validUntil? -> %dateTime 234 @cacheDuration? -> %duration 235 @ID? -> %xs:ID 236 @any 237 ; 238 239AffiliateMember -> %md:entityIDType 240 241#EOF 242