1 | <?xml version="1.0" encoding="UTF-8"?>
|
---|
2 | <xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" elementFormDefault="qualified" attributeFormDefault="unqualified">
|
---|
3 | <!-- -->
|
---|
4 | <xs:element name="PolicySet" type="xacml:PolicySetType"/>
|
---|
5 | <xs:complexType name="PolicySetType">
|
---|
6 | <xs:sequence>
|
---|
7 | <xs:element ref="xacml:Description" minOccurs="0"/>
|
---|
8 | <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/>
|
---|
9 | <xs:element ref="xacml:Target"/>
|
---|
10 | <xs:choice minOccurs="0" maxOccurs="unbounded">
|
---|
11 | <xs:element ref="xacml:PolicySet"/>
|
---|
12 | <xs:element ref="xacml:Policy"/>
|
---|
13 | <xs:element ref="xacml:PolicySetIdReference"/>
|
---|
14 | <xs:element ref="xacml:PolicyIdReference"/>
|
---|
15 | <xs:element ref="xacml:CombinerParameters"/>
|
---|
16 | <xs:element ref="xacml:PolicyCombinerParameters"/>
|
---|
17 | <xs:element ref="xacml:PolicySetCombinerParameters"/>
|
---|
18 | </xs:choice>
|
---|
19 | <xs:element ref="xacml:Obligations" minOccurs="0"/>
|
---|
20 | </xs:sequence>
|
---|
21 | <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/>
|
---|
22 | <xs:attribute name="Version" type="xacml:VersionType" default="1.0"/>
|
---|
23 | <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/>
|
---|
24 | </xs:complexType>
|
---|
25 | <!-- -->
|
---|
26 | <xs:element name="CombinerParameters" type="xacml:CombinerParametersType"/>
|
---|
27 | <xs:complexType name="CombinerParametersType">
|
---|
28 | <xs:sequence>
|
---|
29 | <xs:element ref="xacml:CombinerParameter" minOccurs="0" maxOccurs="unbounded"/>
|
---|
30 | </xs:sequence>
|
---|
31 | </xs:complexType>
|
---|
32 | <!-- -->
|
---|
33 | <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
|
---|
34 | <xs:complexType name="CombinerParameterType">
|
---|
35 | <xs:sequence>
|
---|
36 | <xs:element ref="xacml:AttributeValue"/>
|
---|
37 | </xs:sequence>
|
---|
38 | <xs:attribute name="ParameterName" type="xs:string" use="required"/>
|
---|
39 | </xs:complexType>
|
---|
40 | <!-- -->
|
---|
41 | <xs:element name="RuleCombinerParameters" type="xacml:RuleCombinerParametersType"/>
|
---|
42 | <xs:complexType name="RuleCombinerParametersType">
|
---|
43 | <xs:complexContent>
|
---|
44 | <xs:extension base="xacml:CombinerParametersType">
|
---|
45 | <xs:attribute name="RuleIdRef" type="xs:string" use="required"/>
|
---|
46 | </xs:extension>
|
---|
47 | </xs:complexContent>
|
---|
48 | </xs:complexType>
|
---|
49 | <!-- -->
|
---|
50 | <xs:element name="PolicyCombinerParameters" type="xacml:PolicyCombinerParametersType"/>
|
---|
51 | <xs:complexType name="PolicyCombinerParametersType">
|
---|
52 | <xs:complexContent>
|
---|
53 | <xs:extension base="xacml:CombinerParametersType">
|
---|
54 | <xs:attribute name="PolicyIdRef" type="xs:anyURI" use="required"/>
|
---|
55 | </xs:extension>
|
---|
56 | </xs:complexContent>
|
---|
57 | </xs:complexType>
|
---|
58 | <!-- -->
|
---|
59 | <xs:element name="PolicySetCombinerParameters" type="xacml:PolicySetCombinerParametersType"/>
|
---|
60 | <xs:complexType name="PolicySetCombinerParametersType">
|
---|
61 | <xs:complexContent>
|
---|
62 | <xs:extension base="xacml:CombinerParametersType">
|
---|
63 | <xs:attribute name="PolicySetIdRef" type="xs:anyURI" use="required"/>
|
---|
64 | </xs:extension>
|
---|
65 | </xs:complexContent>
|
---|
66 | </xs:complexType>
|
---|
67 | <!-- -->
|
---|
68 | <xs:element name="PolicySetIdReference" type="xacml:IdReferenceType"/>
|
---|
69 | <xs:element name="PolicyIdReference" type="xacml:IdReferenceType"/>
|
---|
70 | <!-- -->
|
---|
71 | <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/>
|
---|
72 | <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/>
|
---|
73 | <xs:complexType name="DefaultsType">
|
---|
74 | <xs:sequence>
|
---|
75 | <xs:choice>
|
---|
76 | <xs:element ref="xacml:XPathVersion"/>
|
---|
77 | </xs:choice>
|
---|
78 | </xs:sequence>
|
---|
79 | </xs:complexType>
|
---|
80 | <!-- -->
|
---|
81 | <xs:element name="XPathVersion" type="xs:anyURI"/>
|
---|
82 | <!-- -->
|
---|
83 | <xs:complexType name="IdReferenceType">
|
---|
84 | <xs:simpleContent>
|
---|
85 | <xs:extension base="xs:anyURI">
|
---|
86 | <xs:attribute name="Version" type="xacml:VersionMatchType" use="optional"/>
|
---|
87 | <xs:attribute name="EarliestVersion" type="xacml:VersionMatchType" use="optional"/>
|
---|
88 | <xs:attribute name="LatestVersion" type="xacml:VersionMatchType" use="optional"/>
|
---|
89 | </xs:extension>
|
---|
90 | </xs:simpleContent>
|
---|
91 | </xs:complexType>
|
---|
92 | <!-- -->
|
---|
93 | <xs:simpleType name="VersionType">
|
---|
94 | <xs:restriction base="xs:string">
|
---|
95 | <xs:pattern value="(\d+\.)*\d+"/>
|
---|
96 | </xs:restriction>
|
---|
97 | </xs:simpleType>
|
---|
98 | <!-- -->
|
---|
99 | <xs:simpleType name="VersionMatchType">
|
---|
100 | <xs:restriction base="xs:string">
|
---|
101 | <xs:pattern value="((\d+|\*)\.)*(\d+|\*|\+)"/>
|
---|
102 | </xs:restriction>
|
---|
103 | </xs:simpleType>
|
---|
104 | <!-- -->
|
---|
105 | <xs:element name="Policy" type="xacml:PolicyType"/>
|
---|
106 | <xs:complexType name="PolicyType">
|
---|
107 | <xs:sequence>
|
---|
108 | <xs:element ref="xacml:Description" minOccurs="0"/>
|
---|
109 | <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/>
|
---|
110 | <!-- Had to comment out this element - JAXB could not deal with the same type
|
---|
111 | referenced twice in the same type definition. -->
|
---|
112 | <!-- <xs:element ref="xacml:CombinerParameters" minOccurs="0"/> -->
|
---|
113 | <xs:element ref="xacml:Target"/>
|
---|
114 | <xs:choice maxOccurs="unbounded">
|
---|
115 | <xs:element ref="xacml:CombinerParameters" minOccurs="0"/>
|
---|
116 | <xs:element ref="xacml:RuleCombinerParameters" minOccurs="0"/>
|
---|
117 | <xs:element ref="xacml:VariableDefinition"/>
|
---|
118 | <xs:element ref="xacml:Rule"/>
|
---|
119 | </xs:choice>
|
---|
120 | <xs:element ref="xacml:Obligations" minOccurs="0"/>
|
---|
121 | </xs:sequence>
|
---|
122 | <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/>
|
---|
123 | <xs:attribute name="Version" type="xacml:VersionType" default="1.0"/>
|
---|
124 | <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/>
|
---|
125 | </xs:complexType>
|
---|
126 | <!-- -->
|
---|
127 | <xs:element name="Description" type="xs:string"/>
|
---|
128 | <!-- -->
|
---|
129 | <xs:element name="Rule" type="xacml:RuleType"/>
|
---|
130 | <xs:complexType name="RuleType">
|
---|
131 | <xs:sequence>
|
---|
132 | <xs:element ref="xacml:Description" minOccurs="0"/>
|
---|
133 | <xs:element ref="xacml:Target" minOccurs="0"/>
|
---|
134 | <xs:element ref="xacml:Condition" minOccurs="0"/>
|
---|
135 | </xs:sequence>
|
---|
136 | <xs:attribute name="RuleId" type="xs:string" use="required"/>
|
---|
137 | <xs:attribute name="Effect" type="xacml:EffectType" use="required"/>
|
---|
138 | </xs:complexType>
|
---|
139 | <!-- -->
|
---|
140 | <xs:simpleType name="EffectType">
|
---|
141 | <xs:restriction base="xs:string">
|
---|
142 | <xs:enumeration value="Permit"/>
|
---|
143 | <xs:enumeration value="Deny"/>
|
---|
144 | </xs:restriction>
|
---|
145 | </xs:simpleType>
|
---|
146 | <!-- -->
|
---|
147 | <xs:element name="Target" type="xacml:TargetType"/>
|
---|
148 | <xs:complexType name="TargetType">
|
---|
149 | <xs:sequence>
|
---|
150 | <xs:element ref="xacml:Subjects" minOccurs="0"/>
|
---|
151 | <xs:element ref="xacml:Resources" minOccurs="0"/>
|
---|
152 | <xs:element ref="xacml:Actions" minOccurs="0"/>
|
---|
153 | <xs:element ref="xacml:Environments" minOccurs="0"/>
|
---|
154 | </xs:sequence>
|
---|
155 | </xs:complexType>
|
---|
156 | <!-- -->
|
---|
157 | <xs:element name="Subjects" type="xacml:SubjectsType"/>
|
---|
158 | <xs:complexType name="SubjectsType">
|
---|
159 | <xs:sequence>
|
---|
160 | <xs:element ref="xacml:Subject" maxOccurs="unbounded"/>
|
---|
161 | </xs:sequence>
|
---|
162 | </xs:complexType>
|
---|
163 | <!-- -->
|
---|
164 | <xs:element name="Subject" type="xacml:SubjectType"/>
|
---|
165 | <xs:complexType name="SubjectType">
|
---|
166 | <xs:sequence>
|
---|
167 | <xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/>
|
---|
168 | </xs:sequence>
|
---|
169 | </xs:complexType>
|
---|
170 | <!-- -->
|
---|
171 | <xs:element name="Resources" type="xacml:ResourcesType"/>
|
---|
172 | <xs:complexType name="ResourcesType">
|
---|
173 | <xs:sequence>
|
---|
174 | <xs:element ref="xacml:Resource" maxOccurs="unbounded"/>
|
---|
175 | </xs:sequence>
|
---|
176 | </xs:complexType>
|
---|
177 | <!-- -->
|
---|
178 | <xs:element name="Resource" type="xacml:ResourceType"/>
|
---|
179 | <xs:complexType name="ResourceType">
|
---|
180 | <xs:sequence>
|
---|
181 | <xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/>
|
---|
182 | </xs:sequence>
|
---|
183 | </xs:complexType>
|
---|
184 | <!-- -->
|
---|
185 | <xs:element name="Actions" type="xacml:ActionsType"/>
|
---|
186 | <xs:complexType name="ActionsType">
|
---|
187 | <xs:sequence>
|
---|
188 | <xs:element ref="xacml:Action" maxOccurs="unbounded"/>
|
---|
189 | </xs:sequence>
|
---|
190 | </xs:complexType>
|
---|
191 | <!-- -->
|
---|
192 | <xs:element name="Action" type="xacml:ActionType"/>
|
---|
193 | <xs:complexType name="ActionType">
|
---|
194 | <xs:sequence>
|
---|
195 | <xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/>
|
---|
196 | </xs:sequence>
|
---|
197 | </xs:complexType>
|
---|
198 | <!-- -->
|
---|
199 | <xs:element name="Environments" type="xacml:EnvironmentsType"/>
|
---|
200 | <xs:complexType name="EnvironmentsType">
|
---|
201 | <xs:sequence>
|
---|
202 | <xs:element ref="xacml:Environment" maxOccurs="unbounded"/>
|
---|
203 | </xs:sequence>
|
---|
204 | </xs:complexType>
|
---|
205 | <!-- -->
|
---|
206 | <xs:element name="Environment" type="xacml:EnvironmentType"/>
|
---|
207 | <xs:complexType name="EnvironmentType">
|
---|
208 | <xs:sequence>
|
---|
209 | <xs:element ref="xacml:EnvironmentMatch" maxOccurs="unbounded"/>
|
---|
210 | </xs:sequence>
|
---|
211 | </xs:complexType>
|
---|
212 | <!-- -->
|
---|
213 | <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/>
|
---|
214 | <xs:complexType name="SubjectMatchType">
|
---|
215 | <xs:sequence>
|
---|
216 | <xs:element ref="xacml:AttributeValue"/>
|
---|
217 | <xs:choice>
|
---|
218 | <xs:element ref="xacml:SubjectAttributeDesignator"/>
|
---|
219 | <xs:element ref="xacml:AttributeSelector"/>
|
---|
220 | </xs:choice>
|
---|
221 | </xs:sequence>
|
---|
222 | <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
|
---|
223 | </xs:complexType>
|
---|
224 | <!-- -->
|
---|
225 | <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/>
|
---|
226 | <xs:complexType name="ResourceMatchType">
|
---|
227 | <xs:sequence>
|
---|
228 | <xs:element ref="xacml:AttributeValue"/>
|
---|
229 | <xs:choice>
|
---|
230 | <xs:element ref="xacml:ResourceAttributeDesignator"/>
|
---|
231 | <xs:element ref="xacml:AttributeSelector"/>
|
---|
232 | </xs:choice>
|
---|
233 | </xs:sequence>
|
---|
234 | <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
|
---|
235 | </xs:complexType>
|
---|
236 | <!-- -->
|
---|
237 | <xs:element name="ActionMatch" type="xacml:ActionMatchType"/>
|
---|
238 | <xs:complexType name="ActionMatchType">
|
---|
239 | <xs:sequence>
|
---|
240 | <xs:element ref="xacml:AttributeValue"/>
|
---|
241 | <xs:choice>
|
---|
242 | <xs:element ref="xacml:ActionAttributeDesignator"/>
|
---|
243 | <xs:element ref="xacml:AttributeSelector"/>
|
---|
244 | </xs:choice>
|
---|
245 | </xs:sequence>
|
---|
246 | <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
|
---|
247 | </xs:complexType>
|
---|
248 | <!-- -->
|
---|
249 | <xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType"/>
|
---|
250 | <xs:complexType name="EnvironmentMatchType">
|
---|
251 | <xs:sequence>
|
---|
252 | <xs:element ref="xacml:AttributeValue"/>
|
---|
253 | <xs:choice>
|
---|
254 | <xs:element ref="xacml:EnvironmentAttributeDesignator"/>
|
---|
255 | <xs:element ref="xacml:AttributeSelector"/>
|
---|
256 | </xs:choice>
|
---|
257 | </xs:sequence>
|
---|
258 | <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
|
---|
259 | </xs:complexType>
|
---|
260 | <!-- -->
|
---|
261 | <xs:element name="VariableDefinition" type="xacml:VariableDefinitionType"/>
|
---|
262 | <xs:complexType name="VariableDefinitionType">
|
---|
263 | <xs:sequence>
|
---|
264 | <xs:element ref="xacml:Expression"/>
|
---|
265 | </xs:sequence>
|
---|
266 | <xs:attribute name="VariableId" type="xs:string" use="required"/>
|
---|
267 | </xs:complexType>
|
---|
268 | <!-- -->
|
---|
269 | <xs:element name="Expression" type="xacml:ExpressionType" abstract="true"/>
|
---|
270 | <xs:complexType name="ExpressionType" abstract="true"/>
|
---|
271 | <!-- -->
|
---|
272 | <xs:element name="VariableReference" type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/>
|
---|
273 | <xs:complexType name="VariableReferenceType">
|
---|
274 | <xs:complexContent>
|
---|
275 | <xs:extension base="xacml:ExpressionType">
|
---|
276 | <xs:attribute name="VariableId" type="xs:string" use="required"/>
|
---|
277 | </xs:extension>
|
---|
278 | </xs:complexContent>
|
---|
279 | </xs:complexType>
|
---|
280 | <!-- -->
|
---|
281 | <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType" substitutionGroup="xacml:Expression"/>
|
---|
282 | <xs:complexType name="AttributeSelectorType">
|
---|
283 | <xs:complexContent>
|
---|
284 | <xs:extension base="xacml:ExpressionType">
|
---|
285 | <xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
|
---|
286 | <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
|
---|
287 | <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/>
|
---|
288 | </xs:extension>
|
---|
289 | </xs:complexContent>
|
---|
290 | </xs:complexType>
|
---|
291 | <!-- -->
|
---|
292 | <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
|
---|
293 | <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
|
---|
294 | <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
|
---|
295 | <!-- -->
|
---|
296 | <xs:complexType name="AttributeDesignatorType">
|
---|
297 | <xs:complexContent>
|
---|
298 | <xs:extension base="xacml:ExpressionType">
|
---|
299 | <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
|
---|
300 | <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
|
---|
301 | <xs:attribute name="Issuer" type="xs:string" use="optional"/>
|
---|
302 | <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/>
|
---|
303 | </xs:extension>
|
---|
304 | </xs:complexContent>
|
---|
305 | </xs:complexType>
|
---|
306 | <!-- -->
|
---|
307 | <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType" substitutionGroup="xacml:Expression"/>
|
---|
308 | <xs:complexType name="SubjectAttributeDesignatorType">
|
---|
309 | <xs:complexContent>
|
---|
310 | <xs:extension base="xacml:AttributeDesignatorType">
|
---|
311 | <xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
|
---|
312 | </xs:extension>
|
---|
313 | </xs:complexContent>
|
---|
314 | </xs:complexType>
|
---|
315 | <!-- -->
|
---|
316 | <xs:element name="AttributeValue" type="xacml:AttributeValueType" substitutionGroup="xacml:Expression"/>
|
---|
317 | <xs:complexType name="AttributeValueType" mixed="true">
|
---|
318 | <xs:complexContent mixed="true">
|
---|
319 | <xs:extension base="xacml:ExpressionType">
|
---|
320 | <xs:sequence>
|
---|
321 | <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
---|
322 | </xs:sequence>
|
---|
323 | <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
|
---|
324 | <xs:anyAttribute namespace="##any" processContents="lax"/>
|
---|
325 | </xs:extension>
|
---|
326 | </xs:complexContent>
|
---|
327 | </xs:complexType>
|
---|
328 | <!-- -->
|
---|
329 | <xs:element name="Function" type="xacml:FunctionType" substitutionGroup="xacml:Expression"/>
|
---|
330 | <xs:complexType name="FunctionType">
|
---|
331 | <xs:complexContent>
|
---|
332 | <xs:extension base="xacml:ExpressionType">
|
---|
333 | <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
|
---|
334 | </xs:extension>
|
---|
335 | </xs:complexContent>
|
---|
336 | </xs:complexType>
|
---|
337 | <!-- -->
|
---|
338 | <xs:element name="Condition" type="xacml:ConditionType"/>
|
---|
339 | <xs:complexType name="ConditionType">
|
---|
340 | <xs:sequence>
|
---|
341 | <xs:element ref="xacml:Expression"/>
|
---|
342 | </xs:sequence>
|
---|
343 | </xs:complexType>
|
---|
344 | <!-- -->
|
---|
345 | <xs:element name="Apply" type="xacml:ApplyType" substitutionGroup="xacml:Expression"/>
|
---|
346 | <xs:complexType name="ApplyType">
|
---|
347 | <xs:complexContent>
|
---|
348 | <xs:extension base="xacml:ExpressionType">
|
---|
349 | <xs:sequence>
|
---|
350 | <xs:element ref="xacml:Expression" minOccurs="0" maxOccurs="unbounded"/>
|
---|
351 | </xs:sequence>
|
---|
352 | <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
|
---|
353 | </xs:extension>
|
---|
354 | </xs:complexContent>
|
---|
355 | </xs:complexType>
|
---|
356 | <!-- -->
|
---|
357 | <xs:element name="Obligations" type="xacml:ObligationsType"/>
|
---|
358 | <xs:complexType name="ObligationsType">
|
---|
359 | <xs:sequence>
|
---|
360 | <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/>
|
---|
361 | </xs:sequence>
|
---|
362 | </xs:complexType>
|
---|
363 | <!-- -->
|
---|
364 | <xs:element name="Obligation" type="xacml:ObligationType"/>
|
---|
365 | <xs:complexType name="ObligationType">
|
---|
366 | <xs:sequence>
|
---|
367 | <xs:element ref="xacml:AttributeAssignment" minOccurs="0" maxOccurs="unbounded"/>
|
---|
368 | </xs:sequence>
|
---|
369 | <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/>
|
---|
370 | <xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/>
|
---|
371 | </xs:complexType>
|
---|
372 | <!-- -->
|
---|
373 | <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/>
|
---|
374 | <xs:complexType name="AttributeAssignmentType" mixed="true">
|
---|
375 | <xs:complexContent mixed="true">
|
---|
376 | <xs:extension base="xacml:AttributeValueType">
|
---|
377 | <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
|
---|
378 | </xs:extension>
|
---|
379 | </xs:complexContent>
|
---|
380 | </xs:complexType>
|
---|
381 | <!-- -->
|
---|
382 | </xs:schema>
|
---|