1# zxid/sg/saml-schema-metadata-2.0.sh .sg
2# Slightly edited, 27.5.2006, Sampo Kellomaki (sampo@iki.fi)
3# 22.11.2009, added shib metadata support --Sampo
4# $Id: saml-schema-metadata-2.0.sg,v 1.4 2009-11-24 23:53:40 sampo Exp $
5
6target(md,urn:oasis:names:tc:SAML:2.0:metadata)
7import(ds,http://www.w3.org/2000/09/xmldsig#,http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd)
8import(xenc,http://www.w3.org/2001/04/xmlenc#,http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd)
9import(sa,urn:oasis:names:tc:SAML:2.0:assertion,saml-schema-assertion-2.0.xsd)
10ns(idpdisc,urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol)
11# import(xml,http://www.w3.org/XML/1998/namespace,http://www.w3.org/2001/xml.xsd)
12ns(xs,  http://www.w3.org/2001/XMLSchema)
13ns(xml, http://www.w3.org/XML/1998/namespace)
14ns(shibmd, urn:mace:shibboleth:metadata:1.0)
15
16%entityIDType:	 base(xs:anyURI) ;
17
18%localizedNameType:	 base(xs:string)
19  @xml:lang? -> %xs:string  #@xml:lang vs. @lang   ***
20  #@lang? -> %xs:string
21  ;
22
23%localizedURIType:	 base(xs:anyURI)
24  @xml:lang? -> %xs:string  #@xml:lang vs. @lang   ***
25  #@lang? -> %xs:string
26  ;
27
28Extensions	 -> %md:ExtensionsType
29%ExtensionsType:
30  shibmd:Scope*
31  shibmd:KeyAuthority*
32  idpdisc:DiscoveryResponse*
33  any+
34  ;
35
36# What about IndexedEndpointType as needed in idpdisc,urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol --Sampo
37
38%EndpointType:
39  any*
40  @Binding	 -> %xs:anyURI
41  @Location	 -> %xs:anyURI
42  @ResponseLocation?	 -> %xs:anyURI
43  @index?	 -> %xs:unsignedShort
44  @isDefault?	 -> %xs:boolean
45  @any
46  ;
47
48EntitiesDescriptor	 -> %md:EntitiesDescriptorType
49%EntitiesDescriptorType:
50  ds:Signature?
51  md:Extensions?
52  md:EntityDescriptor*         # these were originally choice unbounded
53  md:EntitiesDescriptor*
54  @validUntil?	 -> %dateTime
55  @cacheDuration?	 -> %duration
56  @ID?	 -> %xs:ID
57  @Name?	 -> %xs:string
58  ;
59
60EntityDescriptor	 -> %md:EntityDescriptorType
61%EntityDescriptorType:
62  ds:Signature?
63  md:Extensions?
64  md:RoleDescriptor*                 # following were originally choice unbounded
65  md:IDPSSODescriptor*
66  md:SPSSODescriptor*
67  md:AuthnAuthorityDescriptor*
68  md:AttributeAuthorityDescriptor*
69  md:PDPDescriptor*
70  md:AffiliationDescriptor*
71  md:Organization?
72  md:ContactPerson*
73  md:AdditionalMetadataLocation*
74  @entityID	 -> %md:entityIDType
75  @validUntil?	 -> %dateTime
76  @cacheDuration?	 -> %duration
77  @ID?	 -> %xs:ID
78  @any
79  ;
80
81Organization	 -> %md:OrganizationType
82%OrganizationType:
83  md:Extensions?
84  md:OrganizationName+
85  md:OrganizationDisplayName+
86  md:OrganizationURL+
87  @any
88  ;
89
90OrganizationName	 -> %md:localizedNameType
91OrganizationDisplayName	 -> %md:localizedNameType
92OrganizationURL	 -> %md:localizedURIType
93
94ContactPerson	 -> %md:ContactType
95%ContactType:
96  md:Extensions?
97  md:Company?
98  md:GivenName?
99  md:SurName?
100  md:EmailAddress*
101  md:TelephoneNumber*
102  @contactType	 -> %md:ContactTypeType
103  @any
104  ;
105
106Company	 -> %xs:string
107GivenName	 -> %xs:string
108SurName	 -> %xs:string
109EmailAddress	 -> %xs:anyURI
110TelephoneNumber	 -> %xs:string
111
112%ContactTypeType:	 enum( technical support administrative billing other ) ;
113
114AdditionalMetadataLocation	 -> %md:AdditionalMetadataLocationType
115%AdditionalMetadataLocationType:	 base(xs:anyURI)
116  @namespace	 -> %xs:anyURI
117  ;
118
119RoleDescriptor	 -> %md:RoleDescriptorType
120%RoleDescriptorType:
121  ds:Signature?
122  md:Extensions?
123  md:KeyDescriptor*
124  md:Organization?
125  md:ContactPerson*
126  @ID?	 -> %xs:ID
127  @validUntil?	 -> %dateTime
128  @cacheDuration?	 -> %duration
129  @protocolSupportEnumeration	 -> %xs:anyURI
130  @errorURL?	 -> %xs:anyURI
131  @any
132  ;
133
134KeyDescriptor	 -> %md:KeyDescriptorType
135%KeyDescriptorType:
136  ds:KeyInfo
137  md:EncryptionMethod*
138  @use?	 -> %md:KeyTypes
139  ;
140
141%KeyTypes:	 enum( encryption signing ) ;
142EncryptionMethod	 -> %xenc:EncryptionMethodType
143%SSODescriptorType:	 base(md:RoleDescriptorType)
144  md:ArtifactResolutionService*
145  md:SingleLogoutService*
146  md:ManageNameIDService*
147  md:NameIDFormat*
148  ;
149
150ArtifactResolutionService	 -> %md:EndpointType
151SingleLogoutService	 -> %md:EndpointType
152ManageNameIDService	 -> %md:EndpointType
153NameIDFormat	 -> %xs:anyURI
154
155IDPSSODescriptor	 -> %md:IDPSSODescriptorType
156%IDPSSODescriptorType:	 base(md:SSODescriptorType)
157  md:SingleSignOnService+
158  md:NameIDMappingService*
159  md:AssertionIDRequestService*
160  md:AttributeProfile*
161  sa:Attribute*
162  @WantAuthnRequestsSigned?	 -> %xs:boolean
163  ;
164
165SingleSignOnService	 -> %md:EndpointType
166NameIDMappingService	 -> %md:EndpointType
167AssertionIDRequestService	 -> %md:EndpointType
168AttributeProfile	 -> %xs:anyURI
169
170SPSSODescriptor	 -> %md:SPSSODescriptorType
171%SPSSODescriptorType:	 base(md:SSODescriptorType)
172  md:AssertionConsumerService+
173  md:AttributeConsumingService*
174  @AuthnRequestsSigned?	 -> %xs:boolean
175  @WantAssertionsSigned?	 -> %xs:boolean
176  ;
177
178AssertionConsumerService	 -> %md:EndpointType
179
180AttributeConsumingService	 -> %md:AttributeConsumingServiceType
181%AttributeConsumingServiceType:
182  md:ServiceName+
183  md:ServiceDescription*
184  md:RequestedAttribute+
185  @index	 -> %xs:unsignedShort
186  @isDefault?	 -> %xs:boolean
187  ;
188
189ServiceName	 -> %md:localizedNameType
190ServiceDescription	 -> %md:localizedNameType
191
192RequestedAttribute	 -> %md:RequestedAttributeType
193%RequestedAttributeType:	 base(sa:AttributeType)
194  @isRequired?	 -> %xs:boolean
195  ;
196
197AuthnAuthorityDescriptor	 -> %md:AuthnAuthorityDescriptorType
198%AuthnAuthorityDescriptorType:	 base(md:RoleDescriptorType)
199    md:AuthnQueryService+
200    md:AssertionIDRequestService*
201    md:NameIDFormat*
202  ;
203
204AuthnQueryService	 -> %md:EndpointType
205
206PDPDescriptor	 -> %md:PDPDescriptorType
207%PDPDescriptorType:	 base(md:RoleDescriptorType)
208  md:AuthzService+
209  md:AssertionIDRequestService*
210  md:NameIDFormat*
211  ;
212
213AuthzService	 -> %md:EndpointType
214
215AttributeAuthorityDescriptor	 -> %md:AttributeAuthorityDescriptorType
216%AttributeAuthorityDescriptorType:	 base(md:RoleDescriptorType)
217  md:AttributeService+
218  md:AssertionIDRequestService*
219  md:NameIDFormat*
220  md:AttributeProfile*
221  sa:Attribute*
222  ;
223
224AttributeService	 -> %md:EndpointType
225
226AffiliationDescriptor	 -> %md:AffiliationDescriptorType
227%AffiliationDescriptorType:
228  ds:Signature?
229  md:Extensions?
230  md:AffiliateMember+
231  md:KeyDescriptor*
232  @affiliationOwnerID	 -> %md:entityIDType
233  @validUntil?	 -> %dateTime
234  @cacheDuration?	 -> %duration
235  @ID?	 -> %xs:ID
236  @any
237  ;
238
239AffiliateMember	 -> %md:entityIDType
240
241#EOF
242