[shibboleth-sp2] 15/89: SSPCPP-697 - Align the filter schema(s) and functor types where feasible.
Ferenc Wágner
wferi at moszumanska.debian.org
Thu Sep 1 09:24:04 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository shibboleth-sp2.
commit 36b223930f3e7c2603746808063d15de9b7c48a7
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Thu May 5 14:10:37 2016 -0400
SSPCPP-697 - Align the filter schema(s) and functor types where feasible.
https://issues.shibboleth.net/jira/browse/SSPCPP-697
Brought over some of the schema changes since V3.
Added AttributeIssuerRegistrationAuthority for SP use.
---
schemas/shibboleth-2.0-afp-mf-basic.xsd | 48 ++------------
schemas/shibboleth-2.0-afp-mf-saml.xsd | 109 +++++++++++++++++++++++++++++++-
2 files changed, 114 insertions(+), 43 deletions(-)
diff --git a/schemas/shibboleth-2.0-afp-mf-basic.xsd b/schemas/shibboleth-2.0-afp-mf-basic.xsd
index 24d1526..608b1c8 100644
--- a/schemas/shibboleth-2.0-afp-mf-basic.xsd
+++ b/schemas/shibboleth-2.0-afp-mf-basic.xsd
@@ -28,7 +28,7 @@
</annotation>
<complexContent>
<extension base="afp:MatchFunctorType">
- <choice minOccurs="2" maxOccurs="unbounded">
+ <choice maxOccurs="unbounded">
<element name="Rule" type="afp:MatchFunctorType">
<annotation>
<documentation>
@@ -56,18 +56,18 @@
</annotation>
<complexContent>
<extension base="afp:MatchFunctorType">
- <choice minOccurs="2" maxOccurs="unbounded">
+ <choice maxOccurs="unbounded">
<element name="Rule" type="afp:MatchFunctorType">
<annotation>
<documentation>
- The set of match function rules to be ANDed.
+ The set of match function rules to be ORed.
</documentation>
</annotation>
</element>
<element name="RuleReference" type="afp:ReferenceType">
<annotation>
<documentation>
- The set of match function rules to be ANDed.
+ The set of match function rules to be ORed.
</documentation>
</annotation>
</element>
@@ -88,14 +88,14 @@
<element name="Rule" type="afp:MatchFunctorType">
<annotation>
<documentation>
- The set of match function rules to be ANDed.
+ The set of match function rules to be negated.
</documentation>
</annotation>
</element>
<element name="RuleReference" type="afp:ReferenceType">
<annotation>
<documentation>
- The set of match function rules to be ANDed.
+ The set of match function rules to be negated.
</documentation>
</annotation>
</element>
@@ -304,42 +304,6 @@
</complexContent>
</complexType>
- <!-- Misc. Functions -->
- <complexType name="Script">
- <annotation>
- <documentation>
- A match function that evaluates a script to determine if some criteria is met. The script MUST return a
- boolean.
- </documentation>
- </annotation>
- <complexContent>
- <extension base="afp:MatchFunctorType">
- <choice>
- <element name="Script" type="string" minOccurs="0">
- <annotation>
- <documentation>The script to evaluate to construct the attribute.</documentation>
- </annotation>
- </element>
- <element name="ScriptFile" type="string" minOccurs="0">
- <annotation>
- <documentation>
- The filesystem path to the script to evaluate to construct the attribute.
- </documentation>
- </annotation>
- </element>
- </choice>
- <attribute name="language" type="string">
- <annotation>
- <documentation>
- The JSR-233 name for the scripting language that will be used. By default "javascript" is
- supported.
- </documentation>
- </annotation>
- </attribute>
- </extension>
- </complexContent>
- </complexType>
-
<complexType name="NumberOfAttributeValues">
<annotation>
<documentation>
diff --git a/schemas/shibboleth-2.0-afp-mf-saml.xsd b/schemas/shibboleth-2.0-afp-mf-saml.xsd
index 9494070..86380b1 100644
--- a/schemas/shibboleth-2.0-afp-mf-saml.xsd
+++ b/schemas/shibboleth-2.0-afp-mf-saml.xsd
@@ -1,5 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
-<schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" elementFormDefault="qualified">
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
+ xmlns:afp="urn:mace:shibboleth:2.0:afp"
+ targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml"
+ elementFormDefault="qualified"
+ version="2.6">
<import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
@@ -22,11 +27,25 @@
</complexContent>
</complexType>
+ <complexType name="EntityAttributeExactMatch">
+ <annotation>
+ <documentation>
+ A match function that checks if the attribute requester contains an entity attribute with the
+ specified value.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityAttributeExactMatchType"/>
+ </complexContent>
+ </complexType>
+
<complexType name="AttributeRequesterEntityAttributeExactMatch">
<annotation>
<documentation>
A match function that checks if the attribute requester contains an entity attribute with the
specified value.
+
+ Deprecated in favor of "EntityAttributeExactMatch".
</documentation>
</annotation>
<complexContent>
@@ -68,11 +87,25 @@
</complexContent>
</complexType>
+ <complexType name="EntityAttributeRegexMatch">
+ <annotation>
+ <documentation>
+ A match function that checks if the attribute requester contains an entity attribute with a
+ value that matches the given regular expression.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityAttributeRegexMatchType"/>
+ </complexContent>
+ </complexType>
+
<complexType name="AttributeRequesterEntityAttributeRegexMatch">
<annotation>
<documentation>
A match function that checks if the attribute requester contains an entity attribute with a
value that matches the given regular expression.
+
+ Deprecated in favor of "EntityAttributeRegexMatch".
</documentation>
</annotation>
<complexContent>
@@ -115,11 +148,25 @@
</complexContent>
</complexType>
+ <complexType name="NameIDFormatExactMatch">
+ <annotation>
+ <documentation>
+ A match function that evaluates to true if the attribute requester supports a specified
+ NameID format.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:NameIDFormatExactMatchType"/>
+ </complexContent>
+ </complexType>
+
<complexType name="AttributeRequesterNameIDFormatExactMatch">
<annotation>
<documentation>
A match function that evaluates to true if the attribute requester supports a specified
NameID format.
+
+ Deprecated in favor of "NameIDFormatExactMatch".
</documentation>
</annotation>
<complexContent>
@@ -144,6 +191,8 @@
<documentation>
A match function that evaluates to true if the attribute requester is found in metadata and is a member
of the given entity group.
+
+ Deprecated in favor of "InEntityGroup".
</documentation>
</annotation>
<complexContent>
@@ -151,6 +200,18 @@
</complexContent>
</complexType>
+ <complexType name="InEntityGroup">
+ <annotation>
+ <documentation>
+ A match function that evaluates to true if the attribute requester is found in metadata and
+ is a member of the given entity group.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityGroupMatchType"/>
+ </complexContent>
+ </complexType>
+
<complexType name="AttributeIssuerInEntityGroup">
<annotation>
<documentation>
@@ -186,6 +247,48 @@
</complexContent>
</complexType>
+ <complexType name="AttributeIssuerRegistrationAuthority">
+ <annotation>
+ <documentation>
+ A match function that matches the attribute issuer's MDRPI content against a list of potential values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:RegistrationAuthorityMatchType" />
+ </complexContent>
+ </complexType>
+
+ <complexType name="RegistrationAuthority">
+ <annotation>
+ <documentation>
+ A match function that matches the SP (requester) MDRPI against a list of potential values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:RegistrationAuthorityMatchType" />
+ </complexContent>
+ </complexType>
+
+ <complexType name="RegistrationAuthorityMatchType" abstract="true">
+ <complexContent>
+ <extension base="afp:MatchFunctorType">
+ <attribute name="registrars" type="saml:anyURIListType" use="required">
+ <annotation>
+ <documentation>The string values to match.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="matchIfMetadataSilent" type="boolean">
+ <annotation>
+ <documentation>
+ A boolean flag indicating whether a match should occur if the metadata does
+ not contain an MDRPI statement (coded) default is false.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
<complexType name="NameIDQualifierString">
<annotation>
<documentation>
@@ -260,4 +363,8 @@
</complexContent>
</complexType>
+ <simpleType name="anyURIListType">
+ <list itemType="string"/>
+ </simpleType>
+
</schema>
\ No newline at end of file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list