| <?xml version="1.0" encoding="UTF-8"?> |
| <xs:schema targetNamespace="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" elementFormDefault="qualified" attributeFormDefault="unqualified"> |
| <!-- --> |
| <xs:element name="PolicySet" type="xacml:PolicySetType"/> |
| <xs:complexType name="PolicySetType"> |
| <xs:sequence> |
| <xs:element ref="xacml:Description" minOccurs="0"/> |
| <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> |
| <xs:element ref="xacml:Target"/> |
| <xs:choice minOccurs="0" maxOccurs="unbounded"> |
| <xs:element ref="xacml:PolicySet"/> |
| <xs:element ref="xacml:Policy"/> |
| <xs:element ref="xacml:PolicySetIdReference"/> |
| <xs:element ref="xacml:PolicyIdReference"/> |
| </xs:choice> |
| <xs:element ref="xacml:Obligations" minOccurs="0"/> |
| </xs:sequence> |
| <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/> |
| <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="PolicySetIdReference" type="xs:anyURI"/> |
| <xs:element name="PolicyIdReference" type="xs:anyURI"/> |
| <!-- --> |
| <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/> |
| <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/> |
| <xs:complexType name="DefaultsType"> |
| <xs:sequence> |
| <xs:choice> |
| <xs:element ref="xacml:XPathVersion"/> |
| </xs:choice> |
| </xs:sequence> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="XPathVersion" type="xs:anyURI"/> |
| <!-- --> |
| <xs:element name="Policy" type="xacml:PolicyType"/> |
| <xs:complexType name="PolicyType"> |
| <xs:sequence> |
| <xs:element ref="xacml:Description" minOccurs="0"/> |
| <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/> |
| <xs:element ref="xacml:Target"/> |
| <xs:element ref="xacml:Rule" minOccurs="0" maxOccurs="unbounded"/> |
| <xs:element ref="xacml:Obligations" minOccurs="0"/> |
| </xs:sequence> |
| <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/> |
| <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Description" type="xs:string"/> |
| <!-- --> |
| <xs:element name="Rule" type="xacml:RuleType"/> |
| <xs:complexType name="RuleType"> |
| <xs:sequence> |
| <xs:element ref="xacml:Description" minOccurs="0"/> |
| <xs:element ref="xacml:Target" minOccurs="0"/> |
| <xs:element ref="xacml:Condition" minOccurs="0"/> |
| </xs:sequence> |
| <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> |
| <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:simpleType name="EffectType"> |
| <xs:restriction base="xs:string"> |
| <xs:enumeration value="Permit"/> |
| <xs:enumeration value="Deny"/> |
| </xs:restriction> |
| </xs:simpleType> |
| <!-- --> |
| <xs:element name="Target" type="xacml:TargetType"/> |
| <xs:complexType name="TargetType"> |
| <xs:sequence> |
| <xs:element ref="xacml:Subjects"/> |
| <xs:element ref="xacml:Resources"/> |
| <xs:element ref="xacml:Actions"/> |
| </xs:sequence> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Subjects" type="xacml:SubjectsType"/> |
| <xs:complexType name="SubjectsType"> |
| <xs:choice> |
| <xs:element ref="xacml:Subject" maxOccurs="unbounded"/> |
| <xs:element ref="xacml:AnySubject"/> |
| </xs:choice> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Subject" type="xacml:SubjectType"/> |
| <xs:complexType name="SubjectType"> |
| <xs:sequence> |
| <xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/> |
| </xs:sequence> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="AnySubject"/> |
| <!-- --> |
| <xs:element name="Resources" type="xacml:ResourcesType"/> |
| <xs:complexType name="ResourcesType"> |
| <xs:choice> |
| <xs:element ref="xacml:Resource" maxOccurs="unbounded"/> |
| <xs:element ref="xacml:AnyResource"/> |
| </xs:choice> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="AnyResource"/> |
| <!-- --> |
| <xs:element name="Resource" type="xacml:ResourceType"/> |
| <xs:complexType name="ResourceType"> |
| <xs:sequence> |
| <xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/> |
| </xs:sequence> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Actions" type="xacml:ActionsType"/> |
| <xs:complexType name="ActionsType"> |
| <xs:choice> |
| <xs:element ref="xacml:Action" maxOccurs="unbounded"/> |
| <xs:element ref="xacml:AnyAction"/> |
| </xs:choice> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="AnyAction"/> |
| <!-- --> |
| <xs:element name="Action" type="xacml:ActionType"/> |
| <xs:complexType name="ActionType"> |
| <xs:sequence> |
| <xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/> |
| </xs:sequence> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/> |
| <xs:complexType name="SubjectMatchType"> |
| <xs:sequence> |
| <xs:element ref="xacml:AttributeValue"/> |
| <xs:choice> |
| <xs:element ref="xacml:SubjectAttributeDesignator"/> |
| <xs:element ref="xacml:AttributeSelector"/> |
| </xs:choice> |
| </xs:sequence> |
| <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/> |
| <xs:complexType name="ResourceMatchType"> |
| <xs:sequence> |
| <xs:element ref="xacml:AttributeValue"/> |
| <xs:choice> |
| <xs:element ref="xacml:ResourceAttributeDesignator"/> |
| <xs:element ref="xacml:AttributeSelector"/> |
| </xs:choice> |
| </xs:sequence> |
| <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="ActionMatch" type="xacml:ActionMatchType"/> |
| <xs:complexType name="ActionMatchType"> |
| <xs:sequence> |
| <xs:element ref="xacml:AttributeValue"/> |
| <xs:choice> |
| <xs:element ref="xacml:ActionAttributeDesignator"/> |
| <xs:element ref="xacml:AttributeSelector"/> |
| </xs:choice> |
| </xs:sequence> |
| <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType"/> |
| <xs:complexType name="AttributeSelectorType"> |
| <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> |
| <xs:attribute name="DataType" type="xs:anyURI" use="required"/> |
| <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType"/> |
| <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType"/> |
| <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType"/> |
| <!-- --> |
| <xs:complexType name="AttributeDesignatorType"> |
| <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> |
| <xs:attribute name="DataType" type="xs:anyURI" use="required"/> |
| <xs:attribute name="Issuer" type="xs:string" use="optional"/> |
| <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType"/> |
| <xs:complexType name="SubjectAttributeDesignatorType"> |
| <xs:complexContent> |
| <xs:extension base="xacml:AttributeDesignatorType"> |
| <xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/> |
| </xs:extension> |
| </xs:complexContent> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="AttributeValue" type="xacml:AttributeValueType"/> |
| <xs:complexType name="AttributeValueType" mixed="true"> |
| <xs:sequence> |
| <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
| </xs:sequence> |
| <xs:attribute name="DataType" type="xs:anyURI" use="required"/> |
| <xs:anyAttribute namespace="##any" processContents="lax"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Function" type="xacml:FunctionType"/> |
| <xs:complexType name="FunctionType"> |
| <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Apply" type="xacml:ApplyType"/> |
| <xs:element name="Condition" type="xacml:ApplyType"/> |
| <!-- --> |
| <xs:complexType name="ApplyType"> |
| <xs:choice minOccurs="0" maxOccurs="unbounded"> |
| <xs:element ref="xacml:Apply"/> |
| <xs:element ref="xacml:Function"/> |
| <xs:element ref="xacml:AttributeValue"/> |
| <xs:element ref="xacml:SubjectAttributeDesignator"/> |
| <xs:element ref="xacml:ResourceAttributeDesignator"/> |
| <xs:element ref="xacml:ActionAttributeDesignator"/> |
| <xs:element ref="xacml:EnvironmentAttributeDesignator"/> |
| <xs:element ref="xacml:AttributeSelector"/> |
| </xs:choice> |
| <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> |
| <!-- Legal types for the first and subsequent operands are defined in the accompanying table --> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Obligations" type="xacml:ObligationsType"/> |
| <xs:complexType name="ObligationsType"> |
| <xs:sequence> |
| <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/> |
| </xs:sequence> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="Obligation" type="xacml:ObligationType"/> |
| <xs:complexType name="ObligationType"> |
| <xs:sequence> |
| <xs:element ref="xacml:AttributeAssignment" maxOccurs="unbounded"/> |
| </xs:sequence> |
| <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/> |
| <xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/> |
| </xs:complexType> |
| <!-- --> |
| <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/> |
| <xs:complexType name="AttributeAssignmentType" mixed="true"> |
| <xs:complexContent mixed="true"> |
| <xs:extension base="xacml:AttributeValueType"> |
| <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> |
| </xs:extension> |
| </xs:complexContent> |
| </xs:complexType> |
| <!-- --> |
| </xs:schema> |