Skip to Content.
Sympa Menu

shibboleth-dev - Revised registry schema

Subject: Shibboleth Developers

List archive

Revised registry schema


Chronological Thread 
  • From: Scott Cantor <>
  • To: 'Shibboleth Design Team' <>
  • Subject: Revised registry schema
  • Date: Mon, 10 Jun 2002 22:54:10 -0400
  • Importance: Normal
  • Organization: The Ohio State University
Per suggestion from Bob, I've factored out SiteType and OriginSiteType,
and added a placeholder element for DestinationSite.

This isn't at all set in stone, it's easy enough to change it later
after we ship some code. The interface between the HS evaluation code
that uses the information to check trust and this data is abstracted,
and the implementation can be changed easily later.

-- Scott
<?xml version="1.0" encoding="US-ASCII"?>
<schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:shib="urn:mace:shibboleth:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
    <import namespace="http://www.w3.org/2000/09/xmldsig#"; schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
    <import namespace="http://www.w3.org/XML/1998/namespace"; schemaLocation="http://www.w3.org/2001/xml.xsd"/>
    
    <element name="RealTimeReleaseURL" type="anyURI">
        <annotation>Used by AA in samlp:StatusDetail to signal user wants real-time attribute release.</annotation>
    </element>
    
    <!--
    The following SAML sub-status codes are defined in this namespace:
    
        "RealTimeRelease"
            Used with samlp:Responder, signals user wants real-time attribute release
        
        "InvalidHandle"
            Used with samlp:Requester, signals AA did not recognize handle as valid
    -->
    
    <complexType name="SiteType">
        <annotation> All sites have a Name attribute, plus optional i18n-ized aliases. </annotation>
        <sequence>
            <element name="Alias" minOccurs="0" maxOccurs="unbounded">
                <complexType>
                    <simpleContent>
                        <extension base="string">
                            <attribute ref="xml:lang"/>
                        </extension>
                    </simpleContent>
                </complexType>
            </element>
        </sequence>
        <attribute name="Name" type="string" use="required"/>
    </complexType>
    <complexType name="OriginSiteType">
        <annotation>Origin sites add at least one handle service (with a name and optional KeyInfo), plus optional domains trusted for attribute scoping.</annotation>
        <complexContent>
            <extension base="shib:SiteType">
                <sequence>
                    <element name="HandleService" maxOccurs="unbounded">
                        <complexType>
                            <sequence>
                                <element ref="ds:KeyInfo" minOccurs="0"/>
                            </sequence>
                            <attribute name="Name" type="string" use="required"/>
                        </complexType>
                    </element>
                    <element name="Domain" type="string" minOccurs="0" maxOccurs="unbounded"/>
                </sequence>
            </extension>
        </complexContent>
    </complexType>
    <element name="OriginSite" type="shib:OriginSiteType"/>
    <element name="DestinationSite" type="shib:SiteType"/>
    <element name="Sites">
        <annotation> The registry of sites plus an optional enveloped signature. </annotation>
        <complexType>
            <sequence>
                <choice maxOccurs="unbounded">
                    <element ref="shib:OriginSite"/>
                    <element ref="shib:DestinationSite"/>
                </choice>
                <element ref="ds:Signature" minOccurs="0"/>
            </sequence>
        </complexType>
    </element>
</schema>

Archive powered by MHonArc 2.6.16.

Top of Page