This file is indexed.

/usr/share/xml/shibboleth/shibboleth-2.0-afp.xsd is in shibboleth-sp2-schemas 2.4.3+dfsg-2ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
<?xml version="1.0" encoding="UTF-8"?>

<schema targetNamespace="urn:mace:shibboleth:2.0:afp"
    xmlns="http://www.w3.org/2001/XMLSchema"
    xmlns:afp="urn:mace:shibboleth:2.0:afp"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    elementFormDefault="qualified">

    <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="classpath:/schema/xmldsig-core-schema.xsd" />

    <annotation>
        <documentation>Schema for the attribute filter policies.</documentation>
    </annotation>

    <element name="AttributeFilterPolicyGroup" type="afp:AttributeFilterPolicyGroupType">
        <annotation>
            <documentation>
                Root element of the attribute filter policy. Represents a named group of filter policies.
            </documentation>
        </annotation>
    </element>
    <complexType name="AttributeFilterPolicyGroupType">
        <complexContent>
            <extension base="afp:IdentityType">
                <sequence>
                    <element ref="afp:PolicyRequirementRule" minOccurs="0" maxOccurs="unbounded">
                        <annotation>
                            <documentation>
                                Defines a set of applications requirements that may be reused across multiple filter
                                policies.
                            </documentation>
                        </annotation>
                    </element>
                    <element ref="afp:PermitValueRule" minOccurs="0" maxOccurs="unbounded">
                        <annotation>
                            <documentation>
                                Defines a permit value rule that may be reused across multiple attribute rules.
                            </documentation>
                        </annotation>
                    </element>
                    <element ref="afp:DenyValueRule" minOccurs="0" maxOccurs="unbounded">
                        <annotation>
                            <documentation>
                                Defines a deny value rule that may be reused across multiple attribute rules.
                            </documentation>
                        </annotation>
                    </element>
                    <element ref="afp:AttributeRule" minOccurs="0" maxOccurs="unbounded">
                        <annotation>
                            <documentation>
                                Defines an attribute rule that may be reused across multiple filter policies.
                            </documentation>
                        </annotation>
                    </element>
                    <element ref="afp:AttributeFilterPolicy" minOccurs="0" maxOccurs="unbounded">
                        <annotation>
                            <documentation>
                                A policy that defines the set of attribute value filters that will be applied if its
                                application requirements are met.
                            </documentation>
                        </annotation>
                    </element>
                    <element ref="ds:Signature" minOccurs="0">
                        <annotation>
                            <documentation>
                                Digital signature for the policy. Policies that are fetched from an external source,
                                such as a federation site, should be signed.
                            </documentation>
                        </annotation>
                    </element>
                </sequence>
            </extension>
        </complexContent>
    </complexType>

    <element name="AttributeFilterPolicy" type="afp:AttributeFilterPolicyType">
        <annotation>
            <documentation>
                A policy that defines a set of attribute value filters rules that should be used if given requirements
                are met.
            </documentation>
        </annotation>
    </element>
    <complexType name="AttributeFilterPolicyType">
        <complexContent>
            <extension base="afp:IdentityType">
                <sequence>
                    <choice>
                        <element ref="afp:PolicyRequirementRule">
                            <annotation>
                                <documentation>
                                    A requirement that if met signals that this filter policy should be used.
                                </documentation>
                            </annotation>
                        </element>
                        <element name="PolicyRequirementRuleReference" type="afp:ReferenceType">
                            <annotation>
                                <documentation>
                                    Reference to a PolicyRequirement defined within this policy group or another.
                                </documentation>
                            </annotation>
                        </element>
                    </choice>
                    <choice minOccurs="0" maxOccurs="unbounded">
                        <element ref="afp:AttributeRule">
                            <annotation>
                                <documentation>
                                    A rule that describes how values of an attribute will be filtered.
                                </documentation>
                            </annotation>
                        </element>
                        <element name="AttributeRuleReference" type="afp:ReferenceType">
                            <annotation>
                                <documentation>
                                    Reference to a AttributeRule defined within this policy group or another.
                                </documentation>
                            </annotation>
                        </element>
                    </choice>
                </sequence>
            </extension>
        </complexContent>
    </complexType>

    <element name="AttributeRule" type="afp:AttributeRuleType">
        <annotation>
            <documentation>A rule that describes how values of an attribute will be filtered.</documentation>
        </annotation>
    </element>
    <complexType name="AttributeRuleType">
        <complexContent>
            <extension base="afp:IdentityType">
                <choice>
                    <choice minOccurs="0">
                        <element ref="afp:PermitValueRule" />
                        <element name="PermitValueRuleReference" type="afp:ReferenceType">
                            <annotation>
                                <documentation>
                                    Reference to a PermitValueRule defined within this policy group or another.
                                </documentation>
                            </annotation>
                        </element>
                    </choice>
                    <choice minOccurs="0">
                        <element ref="afp:DenyValueRule" />
                        <element name="DenyValueRuleReference" type="afp:ReferenceType">
                            <annotation>
                                <documentation>
                                    Reference to a DenyValueRule defined within this policy group or another.
                                </documentation>
                            </annotation>
                        </element>
                    </choice>
                </choice>
                <attribute name="attributeID" type="string" use="required">
                    <annotation>
                        <documentation>The ID of the attribute to which this rule applies.</documentation>
                    </annotation>
                </attribute>
            </extension>
        </complexContent>
    </complexType>

    <element name="PolicyRequirementRule" type="afp:MatchFunctorType">
        <annotation>
            <documentation>A requirement that if met signals that a filter policy should be used.</documentation>
        </annotation>
    </element>
    <element name="PermitValueRule" type="afp:MatchFunctorType">
        <annotation>
            <documentation>
                A filter for attribute values. If the filter evaluates to true the value is permitted to be released.
            </documentation>
        </annotation>
    </element>
    <element name="DenyValueRule" type="afp:MatchFunctorType">
        <annotation>
            <documentation>
                A filter for attribute values. If the filter evaluates to true the value is denied and may not be released.
            </documentation>
        </annotation>
    </element>
    <complexType name="MatchFunctorType" abstract="true">
        <complexContent>
            <extension base="afp:IdentityType" />
        </complexContent>
    </complexType>

    <complexType name="IdentityType">
        <attribute name="id" type="string">
            <annotation>
                <documentation>An ID, unique within the policy and component type.</documentation>
            </annotation>
        </attribute>
    </complexType>

    <complexType name="ReferenceType">
        <attribute name="ref" type="string">
            <annotation>
                <documentation>Used to reference a globally defined policy component.</documentation>
            </annotation>
        </attribute>
    </complexType>

</schema>