[KEYCLOAK-4979] Move picketlink schema, fix resolver and some related tests

This commit is contained in:
Thomas Skjølberg 2017-05-26 21:37:45 +02:00 committed by Hynek Mlnařík
parent 186b10ab53
commit 5f20df00d0
54 changed files with 7967 additions and 92 deletions

View file

@ -16,21 +16,19 @@
*/
package org.keycloak.saml.processing.core.util;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.util.StringUtil;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.net.URL;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import org.jboss.logging.Logger;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
/**
* An LSResource Resolver for schema validation
*
@ -39,22 +37,22 @@ import java.util.Map;
*/
public class IDFedLSInputResolver implements LSResourceResolver {
private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
protected static final Logger logger = Logger.getLogger(IDFedLSInputResolver.class);
private static Map<String, LSInput> lsmap = new HashMap<String, LSInput>();
private static Map<String, String> schemaLocationMap = new LinkedHashMap<String, String>();
private static Map<String, String> schemaLocationMap = new LinkedHashMap<String, String>(); // thread safe for reading
static {
// XML Schema/DTD
schemaLocationMap.put("datatypes.dtd", "schema/w3c/xmlschema/datatypes.dtd");
schemaLocationMap.put("XMLSchema.dtd", "schema/w3c/xmlschema/XMLSchema.dtd");
schemaLocationMap.put("http://www.w3.org/2001/XMLSchema.dtd", "schema/w3c/xmlschema/XMLSchema.dtd");
schemaLocationMap.put("http://www.w3.org/2001/xml.xsd", "schema/w3c/xmlschema/xml.xsd");
// XML DSIG
schemaLocationMap.put("http://www.w3.org/2000/09/xmldsig#", "schema/w3c/xmldsig/xmldsig-core-schema.xsd");
schemaLocationMap.put("http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd",
"schema/w3c/xmldsig/xmldsig-core-schema.xsd");
schemaLocationMap.put("http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd", "schema/w3c/xmldsig/xmldsig-core-schema.xsd");
// XML Enc
schemaLocationMap.put("http://www.w3.org/2001/04/xmlenc#", "schema/w3c/xmlenc/xenc-schema.xsd");
@ -63,14 +61,17 @@ public class IDFedLSInputResolver implements LSResourceResolver {
// XACML
schemaLocationMap.put("access_control-xacml-2.0-context-schema-os.xsd",
"schema/access_control-xacml-2.0-context-schema-os.xsd");
"schema/xacml/access_control-xacml-2.0-context-schema-os.xsd");
schemaLocationMap.put("http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd",
"schema/xacml/access_control-xacml-2.0-context-schema-os.xsd");
schemaLocationMap.put("access_control-xacml-2.0-policy-schema-os.xsd",
"schema/access_control-xacml-2.0-policy-schema-os.xsd");
"schema/xacml/access_control-xacml-2.0-policy-schema-os.xsd");
// SAML
schemaLocationMap.put("saml-schema-assertion-2.0.xsd", "schema/saml/v2/saml-schema-assertion-2.0.xsd");
schemaLocationMap.put("http://www.oasis-open.org/committees/download.php/11027/sstc-saml-schema-assertion-2.0.xsd", "schema/saml/v2/saml-schema-assertion-2.0.xsd");
schemaLocationMap.put("saml-schema-protocol-2.0.xsd", "schema/saml/v2/saml-schema-protocol-2.0.xsd");
schemaLocationMap.put("http://www.oasis-open.org/committees/download.php/11026/sstc-saml-schema-protocol-2.0.xsd", "schema/saml/v2/saml-schema-protocol-2.0.xsd");
schemaLocationMap.put("saml-schema-metadata-2.0.xsd", "schema/saml/v2/saml-schema-metadata-2.0.xsd");
schemaLocationMap.put("saml-schema-x500-2.0.xsd", "schema/saml/v2/saml-schema-x500-2.0.xsd");
schemaLocationMap.put("saml-schema-xacml-2.0.xsd", "schema/saml/v2/saml-schema-xacml-2.0.xsd");
@ -90,6 +91,7 @@ public class IDFedLSInputResolver implements LSResourceResolver {
schemaLocationMap.put("access_control-xacml-2.0-saml-protocol-schema-os.xsd",
"schema/saml/v2/access_control-xacml-2.0-saml-protocol-schema-os.xsd");
// WS-T
schemaLocationMap.put("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "schema/wstrust/v1_3/ws-trust-1.3.xsd");
schemaLocationMap.put("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
@ -97,42 +99,33 @@ public class IDFedLSInputResolver implements LSResourceResolver {
schemaLocationMap.put("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
"schema/wstrust/v1_3/oasis-200401-wss-wssecurity-utility-1.0.xsd");
schemaLocationMap.put("http://schemas.xmlsoap.org/ws/2004/09/policy", "schema/wstrust/v1_3/ws-policy.xsd");
schemaLocationMap.put("http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd", "schema/wstrust/v1_3/ws-policy.xsd");
schemaLocationMap.put("http://www.w3.org/2005/08/addressing", "schema/wstrust/v1_3/ws-addr.xsd");
schemaLocationMap.put("http://www.w3.org/2006/03/addressing/ws-addr.xsd", "schema/wstrust/v1_3/ws-addr.xsd");
}
public static Collection<String> schemas() {
Collection<String> schemaValues = schemaLocationMap.values();
Collection<String> schemaValues = new HashSet<String>(schemaLocationMap.values());
schemaValues.remove("schema/w3c/xmlschema/datatypes.dtd");
schemaValues.remove("schema/w3c/xmlschema/XMLSchema.dtd");
logger.info("Considered the schemas:" + schemaValues);
return schemaValues;
}
public LSInput resolveResource(String type, String namespaceURI, final String publicId, final String systemId,
final String baseURI) {
LSInput lsi = null;
if (systemId == null)
throw logger.nullValueError("systemid");
if (StringUtil.isNotNull(systemId) && systemId.endsWith("dtd") && StringUtil.isNotNull(baseURI)) {
lsi = lsmap.get(baseURI);
public IDFedLSInput resolveResource(String type, String namespaceURI, final String publicId, final String systemId, final String baseURI) {
if (systemId == null) {
throw new IllegalArgumentException("Expected systemId");
}
if (lsi == null)
lsi = lsmap.get(systemId);
if (lsi == null) {
final String loc = schemaLocationMap.get(systemId);
if (loc == null)
return null;
lsi = new PicketLinkLSInput(baseURI, loc, publicId, systemId);
logger.trace("Loaded:" + lsi);
lsmap.put(systemId, lsi);
final String loc = schemaLocationMap.get(systemId);
if (loc == null) {
return null;
}
return lsi;
return new IDFedLSInput(baseURI, loc, publicId, systemId);
}
public static class PicketLinkLSInput implements LSInput {
public static class IDFedLSInput implements LSInput {
private final String baseURI;
@ -142,7 +135,7 @@ public class IDFedLSInputResolver implements LSResourceResolver {
private final String systemId;
public PicketLinkLSInput(String baseURI, String loc, String publicID, String systemID) {
public IDFedLSInput(String baseURI, String loc, String publicID, String systemID) {
this.baseURI = baseURI;
this.loc = loc;
this.publicId = publicID;
@ -159,10 +152,11 @@ public class IDFedLSInputResolver implements LSResourceResolver {
try {
is = url.openStream();
} catch (IOException e) {
throw new RuntimeException(logger.classNotLoadedError(loc));
throw new RuntimeException(e);
}
if (is == null) {
throw new RuntimeException("inputstream is null for " + loc);
}
if (is == null)
throw logger.nullValueError("inputstream is null for " + loc);
return is;
}

View file

@ -51,8 +51,8 @@ public class SchemaManagerUtil {
public static List<String> getXACMLSchemas() {
List<String> list = new ArrayList<String>();
list.add("schema/access_control-xacml-2.0-policy-schema-os.xsd");
list.add("schema/access_control-xacml-2.0-context-schema-os.xsd");
list.add("schema/xacml/access_control-xacml-2.0-policy-schema-os.xsd");
list.add("schema/xacml/access_control-xacml-2.0-context-schema-os.xsd");
return list;
}

View file

@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
<annotation>
<documentation>
Document identifier: oasis-sstc-saml-schema-assertion-1.1
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
Revision history:
V1.0 (November, 2002):
Initial standard schema.
V1.1 (September, 2003):
* Note that V1.1 of this schema has the same XML namespace as V1.0.
Rebased ID content directly on XML Schema types
Added DoNotCacheCondition element and DoNotCacheConditionType
</documentation>
</annotation>
<simpleType name="DecisionType">
<restriction base="string">
<enumeration value="Permit"/>
<enumeration value="Deny"/>
<enumeration value="Indeterminate"/>
</restriction>
</simpleType>
<element name="AssertionIDReference" type="NCName"/>
<element name="Assertion" type="saml:AssertionType"/>
<complexType name="AssertionType">
<sequence>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="saml:Advice" minOccurs="0"/>
<choice maxOccurs="unbounded">
<element ref="saml:Statement"/>
<element ref="saml:SubjectStatement"/>
<element ref="saml:AuthenticationStatement"/>
<element ref="saml:AuthorizationDecisionStatement"/>
<element ref="saml:AttributeStatement"/>
</choice>
<element ref="ds:Signature" minOccurs="0"/>
</sequence>
<attribute name="MajorVersion" type="integer" use="required"/>
<attribute name="MinorVersion" type="integer" use="required"/>
<attribute name="AssertionID" type="ID" use="required"/>
<attribute name="Issuer" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AudienceRestrictionCondition"/>
<element ref="saml:DoNotCacheCondition"/>
<element ref="saml:Condition"/>
</choice>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>
<element name="Condition" type="saml:ConditionAbstractType"/>
<complexType name="ConditionAbstractType" abstract="true"/>
<element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
<complexType name="AudienceRestrictionConditionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Audience" type="anyURI"/>
<element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType"/>
<complexType name="DoNotCacheConditionType">
<complexContent>
<extension base="saml:ConditionAbstractType"/>
</complexContent>
</complexType>
<element name="Advice" type="saml:AdviceType"/>
<complexType name="AdviceType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AssertionIDReference"/>
<element ref="saml:Assertion"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
<complexType name="SubjectStatementAbstractType" abstract="true">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:Subject"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Subject" type="saml:SubjectType"/>
<complexType name="SubjectType">
<choice>
<sequence>
<element ref="saml:NameIdentifier"/>
<element ref="saml:SubjectConfirmation" minOccurs="0"/>
</sequence>
<element ref="saml:SubjectConfirmation"/>
</choice>
</complexType>
<element name="NameIdentifier" type="saml:NameIdentifierType"/>
<complexType name="NameIdentifierType">
<simpleContent>
<extension base="string">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="Format" type="anyURI" use="optional"/>
</extension>
</simpleContent>
</complexType>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
<element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
<element ref="ds:KeyInfo" minOccurs="0"/>
</sequence>
</complexType>
<element name="SubjectConfirmationData" type="anyType"/>
<element name="ConfirmationMethod" type="anyURI"/>
<element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
<complexType name="AuthenticationStatementType">
<complexContent>
<extension base="saml:SubjectStatementAbstractType">
<sequence>
<element ref="saml:SubjectLocality" minOccurs="0"/>
<element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="AuthenticationMethod" type="anyURI" use="required"/>
<attribute name="AuthenticationInstant" type="dateTime" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
<complexType name="SubjectLocalityType">
<attribute name="IPAddress" type="string" use="optional"/>
<attribute name="DNSAddress" type="string" use="optional"/>
</complexType>
<element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
<complexType name="AuthorityBindingType">
<attribute name="AuthorityKind" type="QName" use="required"/>
<attribute name="Location" type="anyURI" use="required"/>
<attribute name="Binding" type="anyURI" use="required"/>
</complexType>
<element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
<complexType name="AuthorizationDecisionStatementType">
<complexContent>
<extension base="saml:SubjectStatementAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
<attribute name="Decision" type="saml:DecisionType" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="Action" type="saml:ActionType"/>
<complexType name="ActionType">
<simpleContent>
<extension base="string">
<attribute name="Namespace" type="anyURI"/>
</extension>
</simpleContent>
</complexType>
<element name="Evidence" type="saml:EvidenceType"/>
<complexType name="EvidenceType">
<choice maxOccurs="unbounded">
<element ref="saml:AssertionIDReference"/>
<element ref="saml:Assertion"/>
</choice>
</complexType>
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
<complexType name="AttributeStatementType">
<complexContent>
<extension base="saml:SubjectStatementAbstractType">
<sequence>
<element ref="saml:Attribute" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
<complexType name="AttributeDesignatorType">
<attribute name="AttributeName" type="string" use="required"/>
<attribute name="AttributeNamespace" type="anyURI" use="required"/>
</complexType>
<element name="Attribute" type="saml:AttributeType"/>
<complexType name="AttributeType">
<complexContent>
<extension base="saml:AttributeDesignatorType">
<sequence>
<element ref="saml:AttributeValue" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeValue" type="anyType"/>
</schema>

View file

@ -0,0 +1,227 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified" version="1.1">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
<annotation>
<documentation>
Document identifier: oasis-sstc-saml-schema-assertion-1.1
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
Revision history:
V1.0 (November, 2002):
Initial standard schema.
V1.1 (September, 2003):
* Note that V1.1 of this schema has the same XML namespace as V1.0.
Rebased ID content directly on XML Schema types
Added DoNotCacheCondition element and DoNotCacheConditionType
</documentation>
</annotation>
<simpleType name="DecisionType">
<restriction base="string">
<enumeration value="Permit"/>
<enumeration value="Deny"/>
<enumeration value="Indeterminate"/>
</restriction>
</simpleType>
<element name="AssertionIDReference" type="NCName"/>
<element name="Assertion" type="saml:AssertionType"/>
<complexType name="AssertionType">
<sequence>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="saml:Advice" minOccurs="0"/>
<choice maxOccurs="unbounded">
<element ref="saml:Statement"/>
<element ref="saml:SubjectStatement"/>
<element ref="saml:AuthenticationStatement"/>
<element ref="saml:AuthorizationDecisionStatement"/>
<element ref="saml:AttributeStatement"/>
</choice>
<element ref="ds:Signature" minOccurs="0"/>
</sequence>
<attribute name="MajorVersion" type="integer" use="required"/>
<attribute name="MinorVersion" type="integer" use="required"/>
<attribute name="AssertionID" type="ID" use="required"/>
<attribute name="Issuer" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AudienceRestrictionCondition"/>
<element ref="saml:DoNotCacheCondition"/>
<element ref="saml:Condition"/>
</choice>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>
<element name="Condition" type="saml:ConditionAbstractType"/>
<complexType name="ConditionAbstractType" abstract="true"/>
<element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
<complexType name="AudienceRestrictionConditionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Audience" type="anyURI"/>
<element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType"/>
<complexType name="DoNotCacheConditionType">
<complexContent>
<extension base="saml:ConditionAbstractType"/>
</complexContent>
</complexType>
<element name="Advice" type="saml:AdviceType"/>
<complexType name="AdviceType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AssertionIDReference"/>
<element ref="saml:Assertion"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
<complexType name="SubjectStatementAbstractType" abstract="true">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:Subject"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Subject" type="saml:SubjectType"/>
<complexType name="SubjectType">
<choice>
<sequence>
<element ref="saml:NameIdentifier"/>
<element ref="saml:SubjectConfirmation" minOccurs="0"/>
</sequence>
<element ref="saml:SubjectConfirmation"/>
</choice>
</complexType>
<element name="NameIdentifier" type="saml:NameIdentifierType"/>
<complexType name="NameIdentifierType">
<simpleContent>
<extension base="string">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="Format" type="anyURI" use="optional"/>
</extension>
</simpleContent>
</complexType>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
<element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
<element ref="ds:KeyInfo" minOccurs="0"/>
</sequence>
</complexType>
<element name="SubjectConfirmationData" type="anyType"/>
<element name="ConfirmationMethod" type="anyURI"/>
<element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
<complexType name="AuthenticationStatementType">
<complexContent>
<extension base="saml:SubjectStatementAbstractType">
<sequence>
<element ref="saml:SubjectLocality" minOccurs="0"/>
<element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="AuthenticationMethod" type="anyURI" use="required"/>
<attribute name="AuthenticationInstant" type="dateTime" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
<complexType name="SubjectLocalityType">
<attribute name="IPAddress" type="string" use="optional"/>
<attribute name="DNSAddress" type="string" use="optional"/>
</complexType>
<element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
<complexType name="AuthorityBindingType">
<attribute name="AuthorityKind" type="QName" use="required"/>
<attribute name="Location" type="anyURI" use="required"/>
<attribute name="Binding" type="anyURI" use="required"/>
</complexType>
<element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
<complexType name="AuthorizationDecisionStatementType">
<complexContent>
<extension base="saml:SubjectStatementAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
<attribute name="Decision" type="saml:DecisionType" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="Action" type="saml:ActionType"/>
<complexType name="ActionType">
<simpleContent>
<extension base="string">
<attribute name="Namespace" type="anyURI"/>
</extension>
</simpleContent>
</complexType>
<element name="Evidence" type="saml:EvidenceType"/>
<complexType name="EvidenceType">
<choice maxOccurs="unbounded">
<element ref="saml:AssertionIDReference"/>
<element ref="saml:Assertion"/>
</choice>
</complexType>
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
<complexType name="AttributeStatementType">
<complexContent>
<extension base="saml:SubjectStatementAbstractType">
<sequence>
<element ref="saml:Attribute" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
<complexType name="AttributeDesignatorType">
<attribute name="AttributeName" type="string" use="required"/>
<attribute name="AttributeNamespace" type="anyURI" use="required"/>
</complexType>
<element name="Attribute" type="saml:AttributeType"/>
<complexType name="AttributeType">
<complexContent>
<extension base="saml:AttributeDesignatorType">
<sequence>
<element ref="saml:AttributeValue" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeValue" type="anyType"/>
</schema>

View file

@ -0,0 +1,153 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified" version="1.1">
<import namespace="urn:oasis:names:tc:SAML:1.0:assertion"
schemaLocation="oasis-sstc-saml-schema-assertion-1.1.xsd"/>
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
<annotation>
<documentation>
Document identifier: oasis-sstc-saml-schema-protocol-1.1
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
Revision history:
V1.0 (November, 2002):
Initial standard schema.
V1.1 (September, 2003):
* Note that V1.1 of this schema has the same XML namespace as V1.0.
Rebased ID content directly on XML Schema types
</documentation>
</annotation>
<complexType name="RequestAbstractType" abstract="true">
<sequence>
<element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
<element ref="ds:Signature" minOccurs="0"/>
</sequence>
<attribute name="RequestID" type="ID" use="required"/>
<attribute name="MajorVersion" type="integer" use="required"/>
<attribute name="MinorVersion" type="integer" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="RespondWith" type="QName"/>
<element name="Request" type="samlp:RequestType"/>
<complexType name="RequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<choice>
<element ref="samlp:Query"/>
<element ref="samlp:SubjectQuery"/>
<element ref="samlp:AuthenticationQuery"/>
<element ref="samlp:AttributeQuery"/>
<element ref="samlp:AuthorizationDecisionQuery"/>
<element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
<element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="AssertionArtifact" type="string"/>
<element name="Query" type="samlp:QueryAbstractType"/>
<complexType name="QueryAbstractType" abstract="true"/>
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
<complexType name="SubjectQueryAbstractType" abstract="true">
<complexContent>
<extension base="samlp:QueryAbstractType">
<sequence>
<element ref="saml:Subject"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
<complexType name="AuthenticationQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<attribute name="AuthenticationMethod" type="anyURI"/>
</extension>
</complexContent>
</complexType>
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
<complexType name="AttributeQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Resource" type="anyURI" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
<complexType name="AuthorizationDecisionQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
</extension>
</complexContent>
</complexType>
<complexType name="ResponseAbstractType" abstract="true">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
</sequence>
<attribute name="ResponseID" type="ID" use="required"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="MajorVersion" type="integer" use="required"/>
<attribute name="MinorVersion" type="integer" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Recipient" type="anyURI" use="optional"/>
</complexType>
<element name="Response" type="samlp:ResponseType"/>
<complexType name="ResponseType">
<complexContent>
<extension base="samlp:ResponseAbstractType">
<sequence>
<element ref="samlp:Status"/>
<element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Status" type="samlp:StatusType"/>
<complexType name="StatusType">
<sequence>
<element ref="samlp:StatusCode"/>
<element ref="samlp:StatusMessage" minOccurs="0"/>
<element ref="samlp:StatusDetail" minOccurs="0"/>
</sequence>
</complexType>
<element name="StatusCode" type="samlp:StatusCodeType"/>
<complexType name="StatusCodeType">
<sequence>
<element ref="samlp:StatusCode" minOccurs="0"/>
</sequence>
<attribute name="Value" type="QName" use="required"/>
</complexType>
<element name="StatusMessage" type="string"/>
<element name="StatusDetail" type="samlp:StatusDetailType"/>
<complexType name="StatusDetailType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
</schema>

View file

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/download.php/11027/sstc-saml-schema-assertion-2.0.xsd"/>
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="http://www.oasis-open.org/committees/download.php/11026/sstc-saml-schema-protocol-2.0.xsd"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/>
<xs:annotation>
<xs:documentation>
Document identifier: access_control-xacml-2.0-saml-assertion-schema-cd-02.xsd
Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-assertion-schema-cd-os.xsd
</xs:documentation>
</xs:annotation>
<!-- -->
<xs:element name="XACMLAuthzDecisionStatement"
type="xacml-saml:XACMLAuthzDecisionStatementType"/>
<xs:complexType name="XACMLAuthzDecisionStatementType">
<xs:complexContent>
<xs:extension base="saml:StatementAbstractType">
<xs:sequence>
<xs:element ref="xacml-context:Response"/>
<xs:element ref="xacml-context:Request" minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="XACMLPolicyStatement"
type="xacml-saml:XACMLPolicyStatementType"/>
<xs:complexType name="XACMLPolicyStatementType">
<xs:complexContent>
<xs:extension base="saml:StatementAbstractType">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml:Policy"/>
<xs:element ref="xacml:PolicySet"/>
</xs:choice>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</schema>

View file

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/download.php/11027/sstc-saml-schema-assertion-2.0.xsd"/>
<xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="http://www.oasis-open.org/committees/download.php/11026/sstc-saml-schema-protocol-2.0.xsd"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd"/>
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
schemaLocation="http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"/>
<xs:annotation>
<xs:documentation>
Document identifier: access_control-xacml-2.0-saml-protocol-schema-os.xsd
Location: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-protocol-schema-os.xsd
</xs:documentation>
</xs:annotation>
<!-- -->
<xs:element name="XACMLAuthzDecisionQuery"
type="xacml-samlp:XACMLAuthzDecisionQueryType"/>
<xs:complexType name="XACMLAuthzDecisionQueryType">
<xs:complexContent>
<xs:extension base="samlp:RequestAbstractType">
<xs:sequence>
<xs:element ref="xacml-context:Request"/>
</xs:sequence>
<xs:attribute name="InputContextOnly"
type="boolean"
use="optional"
default="false"/>
<xs:attribute name="ReturnContext"
type="boolean"
use="optional"
default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="XACMLPolicyQuery"
type="xacml-samlp:XACMLPolicyQueryType"/>
<xs:complexType name="XACMLPolicyQueryType">
<xs:complexContent>
<xs:extension base="samlp:RequestAbstractType">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml-context:Request"/>
<xs:element ref="xacml:Target"/>
<xs:element ref="xacml:PolicySetIdReference"/>
<xs:element ref="xacml:PolicyIdReference"/>
</xs:choice>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</schema>

View file

@ -0,0 +1,283 @@
<?xml version="1.0" encoding="US-ASCII"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-assertion-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New assertion schema for SAML V2.0 namespace.
</documentation>
</annotation>
<attributeGroup name="IDNameQualifiers">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
</attributeGroup>
<element name="BaseID" type="saml:BaseIDAbstractType"/>
<complexType name="BaseIDAbstractType" abstract="true">
<attributeGroup ref="saml:IDNameQualifiers"/>
</complexType>
<element name="NameID" type="saml:NameIDType"/>
<complexType name="NameIDType">
<simpleContent>
<extension base="string">
<attributeGroup ref="saml:IDNameQualifiers"/>
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPProvidedID" type="string" use="optional"/>
</extension>
</simpleContent>
</complexType>
<complexType name="EncryptedElementType">
<sequence>
<element ref="xenc:EncryptedData"/>
<element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="EncryptedID" type="saml:EncryptedElementType"/>
<element name="Issuer" type="saml:NameIDType"/>
<element name="AssertionIDRef" type="NCName"/>
<element name="AssertionURIRef" type="anyURI"/>
<element name="Assertion" type="saml:AssertionType"/>
<complexType name="AssertionType">
<sequence>
<element ref="saml:Issuer"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="saml:Advice" minOccurs="0"/>
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Statement"/>
<element ref="saml:AuthnStatement"/>
<element ref="saml:AuthzDecisionStatement"/>
<element ref="saml:AttributeStatement"/>
</choice>
</sequence>
<attribute name="Version" type="string" use="required"/>
<attribute name="ID" type="ID" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="Subject" type="saml:SubjectType"/>
<complexType name="SubjectType">
<choice>
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
</choice>
</complexType>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
<choice minOccurs="0">
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
</sequence>
<attribute name="Method" type="anyURI" use="required"/>
</complexType>
<element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
<complexType name="SubjectConfirmationDataType" mixed="true">
<complexContent>
<restriction base="anyType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
<attribute name="Recipient" type="anyURI" use="optional"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Address" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</restriction>
</complexContent>
</complexType>
<complexType name="KeyInfoConfirmationDataType" mixed="false">
<complexContent>
<restriction base="saml:SubjectConfirmationDataType">
<sequence>
<element ref="ds:KeyInfo" maxOccurs="unbounded"/>
</sequence>
</restriction>
</complexContent>
</complexType>
<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Condition"/>
<element ref="saml:AudienceRestriction"/>
<element ref="saml:OneTimeUse"/>
<element ref="saml:ProxyRestriction"/>
</choice>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>
<element name="Condition" type="saml:ConditionAbstractType"/>
<complexType name="ConditionAbstractType" abstract="true"/>
<element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
<complexType name="AudienceRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Audience" type="anyURI"/>
<element name="OneTimeUse" type="saml:OneTimeUseType"/>
<complexType name="OneTimeUseType">
<complexContent>
<extension base="saml:ConditionAbstractType"/>
</complexContent>
</complexType>
<element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
<complexType name="ProxyRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Count" type="nonNegativeInteger" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="Advice" type="saml:AdviceType"/>
<complexType name="AdviceType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="AuthnStatement" type="saml:AuthnStatementType"/>
<complexType name="AuthnStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:SubjectLocality" minOccurs="0"/>
<element ref="saml:AuthnContext"/>
</sequence>
<attribute name="AuthnInstant" type="dateTime" use="required"/>
<attribute name="SessionIndex" type="string" use="optional"/>
<attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
<complexType name="SubjectLocalityType">
<attribute name="Address" type="string" use="optional"/>
<attribute name="DNSName" type="string" use="optional"/>
</complexType>
<element name="AuthnContext" type="saml:AuthnContextType"/>
<complexType name="AuthnContextType">
<sequence>
<choice>
<sequence>
<element ref="saml:AuthnContextClassRef"/>
<choice minOccurs="0">
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</sequence>
<choice>
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</choice>
<element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AuthnContextClassRef" type="anyURI"/>
<element name="AuthnContextDeclRef" type="anyURI"/>
<element name="AuthnContextDecl" type="anyType"/>
<element name="AuthenticatingAuthority" type="anyURI"/>
<element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
<complexType name="AuthzDecisionStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
<attribute name="Decision" type="saml:DecisionType" use="required"/>
</extension>
</complexContent>
</complexType>
<simpleType name="DecisionType">
<restriction base="string">
<enumeration value="Permit"/>
<enumeration value="Deny"/>
<enumeration value="Indeterminate"/>
</restriction>
</simpleType>
<element name="Action" type="saml:ActionType"/>
<complexType name="ActionType">
<simpleContent>
<extension base="string">
<attribute name="Namespace" type="anyURI" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="Evidence" type="saml:EvidenceType"/>
<complexType name="EvidenceType">
<choice maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</complexType>
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
<complexType name="AttributeStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<choice maxOccurs="unbounded">
<element ref="saml:Attribute"/>
<element ref="saml:EncryptedAttribute"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="Attribute" type="saml:AttributeType"/>
<complexType name="AttributeType">
<sequence>
<element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Name" type="string" use="required"/>
<attribute name="NameFormat" type="anyURI" use="optional"/>
<attribute name="FriendlyName" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AttributeValue" type="anyType" nillable="true"/>
<element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
</schema>

View file

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac"
blockDefault="substitution"
version="2.0">
<xs:annotation>
<xs:documentation>
Document identifier: saml-schema-authn-context-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New core authentication context schema for SAML V2.0.
This is just an include of all types from the schema
referred to in the include statement below.
</xs:documentation>
</xs:annotation>
<xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>
</xs:schema>

View file

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
Document identifier: saml-schema-authn-context-auth-telephony-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="Password"/>
<xs:element ref="SubscriberLineNumber"/>
<xs:element ref="UserSuffix"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="PSTN"/>
<xs:element ref="ISDN"/>
<xs:element ref="ADSL"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
Document identifier: saml-schema-authn-context-ip-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="IPAddress"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
Document identifier: saml-schema-authn-context-ippword-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="Password"/>
<xs:element ref="IPAddress"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
Document identifier: saml-schema-authn-context-kerberos-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="SharedSecretChallengeResponse"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SharedSecretChallengeResponseType">
<xs:complexContent>
<xs:restriction base="SharedSecretChallengeResponseType">
<xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,186 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="DigSig"/>
<xs:element ref="ZeroKnowledge"/>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkNoEncryption"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="OperationalProtectionType">
<xs:complexContent>
<xs:restriction base="OperationalProtectionType">
<xs:sequence>
<xs:element ref="SecurityAudit"/>
<xs:element ref="DeactivationCallCenter"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:complexContent>
<xs:restriction base="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="PrivateKeyProtection"/>
<xs:element ref="SecretKeyProtection"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:complexContent>
<xs:restriction base="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecretKeyProtectionType">
<xs:complexContent>
<xs:restriction base="SecretKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyStorageType">
<xs:complexContent>
<xs:restriction base="KeyStorageType">
<xs:attribute name="medium" use="required">
<xs:simpleType>
<xs:restriction base="mediumType">
<xs:enumeration value="smartcard"/>
<xs:enumeration value="MobileDevice"/>
<xs:enumeration value="MobileAuthCard"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecurityAuditType">
<xs:complexContent>
<xs:restriction base="SecurityAuditType">
<xs:sequence>
<xs:element ref="SwitchAudit"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="IdentificationType">
<xs:complexContent>
<xs:restriction base="IdentificationType">
<xs:sequence>
<xs:element ref="PhysicalVerification"/>
<xs:element ref="WrittenConsent"/>
<xs:element ref="GoverningAgreements"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="nym">
<xs:simpleType>
<xs:restriction base="nymType">
<xs:enumeration value="anonymity"/>
<xs:enumeration value="verinymity"/>
<xs:enumeration value="pseudonymity"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,183 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered
Document identifier: saml-schema-authn-context-mobileonefactor-unreg-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="DigSig"/>
<xs:element ref="ZeroKnowledge"/>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkNoEncryption"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="OperationalProtectionType">
<xs:complexContent>
<xs:restriction base="OperationalProtectionType">
<xs:sequence>
<xs:element ref="SecurityAudit"/>
<xs:element ref="DeactivationCallCenter"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:complexContent>
<xs:restriction base="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="PrivateKeyProtection"/>
<xs:element ref="SecretKeyProtection"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:complexContent>
<xs:restriction base="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecretKeyProtectionType">
<xs:complexContent>
<xs:restriction base="SecretKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyStorageType">
<xs:complexContent>
<xs:restriction base="KeyStorageType">
<xs:attribute name="medium" use="required">
<xs:simpleType>
<xs:restriction base="mediumType">
<xs:enumeration value="MobileDevice"/>
<xs:enumeration value="MobileAuthCard"/>
<xs:enumeration value="smartcard"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecurityAuditType">
<xs:complexContent>
<xs:restriction base="SecurityAuditType">
<xs:sequence>
<xs:element ref="SwitchAudit"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="IdentificationType">
<xs:complexContent>
<xs:restriction base="IdentificationType">
<xs:sequence>
<xs:element ref="GoverningAgreements"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="nym">
<xs:simpleType>
<xs:restriction base="nymType">
<xs:enumeration value="anonymity"/>
<xs:enumeration value="pseudonymity"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,202 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="DigSig"/>
<xs:element ref="ZeroKnowledge"/>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
<xs:element ref="ComplexAuthenticator"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="ComplexAuthenticatorType">
<xs:complexContent>
<xs:restriction base="ComplexAuthenticatorType">
<xs:sequence>
<xs:choice>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
</xs:choice>
<xs:element ref="Password"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkNoEncryption"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="OperationalProtectionType">
<xs:complexContent>
<xs:restriction base="OperationalProtectionType">
<xs:sequence>
<xs:element ref="SecurityAudit"/>
<xs:element ref="DeactivationCallCenter"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:complexContent>
<xs:restriction base="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="PrivateKeyProtection"/>
<xs:element ref="SecretKeyProtection"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:complexContent>
<xs:restriction base="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation"/>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecretKeyProtectionType">
<xs:complexContent>
<xs:restriction base="SecretKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation"/>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyStorageType">
<xs:complexContent>
<xs:restriction base="KeyStorageType">
<xs:attribute name="medium" use="required">
<xs:simpleType>
<xs:restriction base="mediumType">
<xs:enumeration value="MobileDevice"/>
<xs:enumeration value="MobileAuthCard"/>
<xs:enumeration value="smartcard"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecurityAuditType">
<xs:complexContent>
<xs:restriction base="SecurityAuditType">
<xs:sequence>
<xs:element ref="SwitchAudit"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="IdentificationType">
<xs:complexContent>
<xs:restriction base="IdentificationType">
<xs:sequence>
<xs:element ref="PhysicalVerification"/>
<xs:element ref="WrittenConsent"/>
<xs:element ref="GoverningAgreements"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="nym">
<xs:simpleType>
<xs:restriction base="nymType">
<xs:enumeration value="anonymity"/>
<xs:enumeration value="verinymity"/>
<xs:enumeration value="pseudonymity"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,200 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered
Document identifier: saml-schema-authn-context-mobiletwofactor-unreg-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="DigSig"/>
<xs:element ref="ZeroKnowledge"/>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
<xs:element ref="ComplexAuthenticator"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="ComplexAuthenticatorType">
<xs:complexContent>
<xs:restriction base="ComplexAuthenticatorType">
<xs:sequence>
<xs:choice>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
</xs:choice>
<xs:element ref="Password"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkNoEncryption"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="OperationalProtectionType">
<xs:complexContent>
<xs:restriction base="OperationalProtectionType">
<xs:sequence>
<xs:element ref="SecurityAudit"/>
<xs:element ref="DeactivationCallCenter"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:complexContent>
<xs:restriction base="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="PrivateKeyProtection"/>
<xs:element ref="SecretKeyProtection"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:complexContent>
<xs:restriction base="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation"/>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecretKeyProtectionType">
<xs:complexContent>
<xs:restriction base="SecretKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation"/>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyStorageType">
<xs:complexContent>
<xs:restriction base="KeyStorageType">
<xs:attribute name="medium" use="required">
<xs:simpleType>
<xs:restriction base="mediumType">
<xs:enumeration value="MobileDevice"/>
<xs:enumeration value="MobileAuthCard"/>
<xs:enumeration value="smartcard"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SecurityAuditType">
<xs:complexContent>
<xs:restriction base="SecurityAuditType">
<xs:sequence>
<xs:element ref="SwitchAudit"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="IdentificationType">
<xs:complexContent>
<xs:restriction base="IdentificationType">
<xs:sequence>
<xs:element ref="GoverningAgreements"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="nym">
<xs:simpleType>
<xs:restriction base="nymType">
<xs:enumeration value="anonymity"/>
<xs:enumeration value="pseudonymity"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony
Document identifier: saml-schema-authn-context-nomad-telephony-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="Password"/>
<xs:element ref="SubscriberLineNumber"/>
<xs:element ref="UserSuffix"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="PSTN"/>
<xs:element ref="ISDN"/>
<xs:element ref="ADSL"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,80 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony
Document identifier: saml-schema-authn-context-personal-telephony-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="SubscriberLineNumber"/>
<xs:element ref="UserSuffix"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="PSTN"/>
<xs:element ref="ISDN"/>
<xs:element ref="ADSL"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PGP
Document identifier: saml-schema-authn-context-pgp-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="DigSig"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PublicKeyType">
<xs:complexContent>
<xs:restriction base="PublicKeyType">
<xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Document identifier: saml-schema-authn-context-ppt-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
<xs:element ref="IPSec"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Document identifier: saml-schema-authn-context-pword-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
Document identifier: saml-schema-authn-context-session-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="PreviousSession"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
Document identifier: saml-schema-authn-context-smartcard-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="Smartcard"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,129 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
Document identifier: saml-schema-authn-context-smartcardpki-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:complexContent>
<xs:restriction base="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="PrivateKeyProtection"/>
</xs:choice>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="Smartcard"/>
<xs:element ref="ActivationPin"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="DigSig"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:complexContent>
<xs:restriction base="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation"/>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyActivationType">
<xs:complexContent>
<xs:restriction base="KeyActivationType">
<xs:sequence>
<xs:element ref="ActivationPin"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyStorageType">
<xs:complexContent>
<xs:restriction base="KeyStorageType">
<xs:attribute name="medium" use="required">
<xs:simpleType>
<xs:restriction base="mediumType">
<xs:enumeration value="smartcard"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,129 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI
Document identifier: saml-schema-authn-context-softwarepki-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:complexContent>
<xs:restriction base="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="PrivateKeyProtection"/>
</xs:choice>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="ActivationPin"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:choice>
<xs:element ref="DigSig"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:complexContent>
<xs:restriction base="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation"/>
<xs:element ref="KeyStorage"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyActivationType">
<xs:complexContent>
<xs:restriction base="KeyActivationType">
<xs:sequence>
<xs:element ref="ActivationPin"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="KeyStorageType">
<xs:complexContent>
<xs:restriction base="KeyStorageType">
<xs:attribute name="medium" use="required">
<xs:simpleType>
<xs:restriction base="mediumType">
<xs:enumeration value="memory"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI
Document identifier: saml-schema-authn-context-spki-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="DigSig"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PublicKeyType">
<xs:complexContent>
<xs:restriction base="PublicKeyType">
<xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,82 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword
Document identifier: saml-schema-authn-context-srp-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="SharedSecretChallengeResponse"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="SharedSecretChallengeResponseType">
<xs:complexContent>
<xs:restriction base="SharedSecretChallengeResponseType">
<xs:attribute name="method" type="xs:anyURI" fixed="urn:ietf:rfc:2945"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,97 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
Document identifier: saml-schema-authn-context-sslcert-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="DigSig"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PublicKeyType">
<xs:complexContent>
<xs:restriction base="PublicKeyType">
<xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="SSL"/>
<xs:element ref="WTLS"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony
Document identifier: saml-schema-authn-context-telephony-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="SubscriberLineNumber"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:complexContent>
<xs:restriction base="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice>
<xs:element ref="PSTN"/>
<xs:element ref="ISDN"/>
<xs:element ref="ADSL"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,105 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
Document identifier: saml-schema-authn-context-timesync-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="Token"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TokenType">
<xs:complexContent>
<xs:restriction base="TokenType">
<xs:sequence>
<xs:element ref="TimeSyncToken"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="TimeSyncTokenType">
<xs:complexContent>
<xs:restriction base="TimeSyncTokenType">
<xs:attribute name="DeviceType" use="required">
<xs:simpleType>
<xs:restriction base="DeviceTypeType">
<xs:enumeration value="hardware"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="SeedLength" use="required">
<xs:simpleType>
<xs:restriction base="xs:integer">
<xs:minInclusive value="64"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="DeviceInHand" use="required">
<xs:simpleType>
<xs:restriction base="booleanType">
<xs:enumeration value="true"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,823 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
version="2.0">
<xs:annotation>
<xs:documentation>
Document identifier: saml-schema-authn-context-types-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New core authentication context schema types for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType">
<xs:annotation>
<xs:documentation>
A particular assertion on an identity
provider's part with respect to the authentication
context associated with an authentication assertion.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Identification" type="IdentificationType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that describe the
processes and mechanisms
the Authentication Authority uses to initially create
an association between a Principal
and the identity (or name) by which the Principal will
be known
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PhysicalVerification">
<xs:annotation>
<xs:documentation>
This element indicates that identification has been
performed in a physical
face-to-face meeting with the principal and not in an
online manner.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="credentialLevel">
<xs:simpleType>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="primary"/>
<xs:enumeration value="secondary"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="WrittenConsent" type="ExtensionOnlyType"/>
<xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType">
<xs:annotation>
<xs:documentation>
Refers to those characterstics that describe how the
'secret' (the knowledge or possession
of which allows the Principal to authenticate to the
Authentication Authority) is kept secure
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
<xs:annotation>
<xs:documentation>
This element indicates the types and strengths of
facilities
of a UA used to protect a shared secret key from
unauthorized access and/or use.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
<xs:annotation>
<xs:documentation>
This element indicates the types and strengths of
facilities
of a UA used to protect a private key from
unauthorized access and/or use.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeyActivation" type="KeyActivationType">
<xs:annotation>
<xs:documentation>The actions that must be performed
before the private key can be used.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeySharing" type="KeySharingType">
<xs:annotation>
<xs:documentation>Whether or not the private key is shared
with the certificate authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeyStorage" type="KeyStorageType">
<xs:annotation>
<xs:documentation>
In which medium is the key stored.
memory - the key is stored in memory.
smartcard - the key is stored in a smartcard.
token - the key is stored in a hardware token.
MobileDevice - the key is stored in a mobile device.
MobileAuthCard - the key is stored in a mobile
authentication card.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/>
<xs:element name="UserSuffix" type="ExtensionOnlyType"/>
<xs:element name="Password" type="PasswordType">
<xs:annotation>
<xs:documentation>
This element indicates that a password (or passphrase)
has been used to
authenticate the Principal to a remote system.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationPin" type="ActivationPinType">
<xs:annotation>
<xs:documentation>
This element indicates that a Pin (Personal
Identification Number) has been used to authenticate the Principal to
some local system in order to activate a key.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Token" type="TokenType">
<xs:annotation>
<xs:documentation>
This element indicates that a hardware or software
token is used
as a method of identifying the Principal.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="TimeSyncToken" type="TimeSyncTokenType">
<xs:annotation>
<xs:documentation>
This element indicates that a time synchronization
token is used to identify the Principal. hardware -
the time synchonization
token has been implemented in hardware. software - the
time synchronization
token has been implemented in software. SeedLength -
the length, in bits, of the
random seed used in the time synchronization token.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Smartcard" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that a smartcard is used to
identity the Principal.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Length" type="LengthType">
<xs:annotation>
<xs:documentation>
This element indicates the minimum and/or maximum
ASCII length of the password which is enforced (by the UA or the
IdP). In other words, this is the minimum and/or maximum number of
ASCII characters required to represent a valid password.
min - the minimum number of ASCII characters required
in a valid password, as enforced by the UA or the IdP.
max - the maximum number of ASCII characters required
in a valid password, as enforced by the UA or the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimit" type="ActivationLimitType">
<xs:annotation>
<xs:documentation>
This element indicates the length of time for which an
PIN-based authentication is valid.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Generation">
<xs:annotation>
<xs:documentation>
Indicates whether the password was chosen by the
Principal or auto-supplied by the Authentication Authority.
principalchosen - the Principal is allowed to choose
the value of the password. This is true even if
the initial password is chosen at random by the UA or
the IdP and the Principal is then free to change
the password.
automatic - the password is chosen by the UA or the
IdP to be cryptographically strong in some sense,
or to satisfy certain password rules, and that the
Principal is not free to change it or to choose a new password.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="mechanism" use="required">
<xs:simpleType>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="principalchosen"/>
<xs:enumeration value="automatic"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="AuthnMethod" type="AuthnMethodBaseType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that define the
mechanisms by which the Principal authenticates to the Authentication
Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
<xs:annotation>
<xs:documentation>
The method that a Principal employs to perform
authentication to local system components.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Authenticator" type="AuthenticatorBaseType">
<xs:annotation>
<xs:documentation>
The method applied to validate a principal's
authentication across a network
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType">
<xs:annotation>
<xs:documentation>
Supports Authenticators with nested combinations of
additional complexity.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PreviousSession" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
Indicates that the Principal has been strongly
authenticated in a previous session during which the IdP has set a
cookie in the UA. During the present session the Principal has only
been authenticated by the UA returning the cookie to the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ResumeSession" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
Rather like PreviousSession but using stronger
security. A secret that was established in a previous session with
the Authentication Authority has been cached by the local system and
is now re-used (e.g. a Master Secret is used to derive new session
keys in TLS, SSL, WTLS).
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ZeroKnowledge" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated by a zero knowledge technique as specified in ISO/IEC
9798-5.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/>
<xs:complexType name="SharedSecretChallengeResponseType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated by a challenge-response protocol utilizing shared secret
keys and symmetric cryptography.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="method" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="DigSig" type="PublicKeyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated by a mechanism which involves the Principal computing a
digital signature over at least challenge data provided by the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AsymmetricDecryption" type="PublicKeyType">
<xs:annotation>
<xs:documentation>
The local system has a private key but it is used
in decryption mode, rather than signature mode. For example, the
Authentication Authority generates a secret and encrypts it using the
local system's public key: the local system then proves it has
decrypted the secret.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AsymmetricKeyAgreement" type="PublicKeyType">
<xs:annotation>
<xs:documentation>
The local system has a private key and uses it for
shared secret key agreement with the Authentication Authority (e.g.
via Diffie Helman).
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="PublicKeyType">
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="keyValidation" use="optional"/>
</xs:complexType>
<xs:element name="IPAddress" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Principal has been
authenticated through connection from a particular IP address.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
The local system and Authentication Authority
share a secret key. The local system uses this to encrypt a
randomised string to pass to the Authentication Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">
<xs:annotation>
<xs:documentation>
The protocol across which Authenticator information is
transferred to an Authentication Authority verifier.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="HTTP" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using bare HTTP utilizing no additional security
protocols.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="IPSec" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using a transport mechanism protected by an IPSEC session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="WTLS" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using a transport mechanism protected by a WTLS session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted solely across a mobile network using no additional
security mechanism.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/>
<xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/>
<xs:element name="SSL" type="ExtensionOnlyType">
<xs:annotation>
<xs:documentation>
This element indicates that the Authenticator has been
transmitted using a transport mechnanism protected by an SSL or TLS
session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PSTN" type="ExtensionOnlyType"/>
<xs:element name="ISDN" type="ExtensionOnlyType"/>
<xs:element name="ADSL" type="ExtensionOnlyType"/>
<xs:element name="OperationalProtection" type="OperationalProtectionType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that describe
procedural security controls employed by the Authentication Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SecurityAudit" type="SecurityAuditType"/>
<xs:element name="SwitchAudit" type="ExtensionOnlyType"/>
<xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/>
<xs:element name="GoverningAgreements" type="GoverningAgreementsType">
<xs:annotation>
<xs:documentation>
Provides a mechanism for linking to external (likely
human readable) documents in which additional business agreements,
(e.g. liability constraints, obligations, etc) can be placed.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>
<xs:simpleType name="nymType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="anonymity"/>
<xs:enumeration value="verinymity"/>
<xs:enumeration value="pseudonymity"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod" minOccurs="0"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:complexType>
<xs:complexType name="IdentificationType">
<xs:sequence>
<xs:element ref="PhysicalVerification" minOccurs="0"/>
<xs:element ref="WrittenConsent" minOccurs="0"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="nym" type="nymType">
<xs:annotation>
<xs:documentation>
This attribute indicates whether or not the
Identification mechanisms allow the actions of the Principal to be
linked to an actual end user.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:complexType name="TechnicalProtectionBaseType">
<xs:sequence>
<xs:choice minOccurs="0">
<xs:element ref="PrivateKeyProtection"/>
<xs:element ref="SecretKeyProtection"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="OperationalProtectionType">
<xs:sequence>
<xs:element ref="SecurityAudit" minOccurs="0"/>
<xs:element ref="DeactivationCallCenter" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
<xs:element ref="Authenticator" minOccurs="0"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="GoverningAgreementsType">
<xs:sequence>
<xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="GoverningAgreementRefType">
<xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="Password" minOccurs="0"/>
<xs:element ref="RestrictedPassword" minOccurs="0"/>
<xs:element ref="Token" minOccurs="0"/>
<xs:element ref="Smartcard" minOccurs="0"/>
<xs:element ref="ActivationPin" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:complexType>
<xs:group name="AuthenticatorChoiceGroup">
<xs:choice>
<xs:element ref="PreviousSession"/>
<xs:element ref="ResumeSession"/>
<xs:element ref="DigSig"/>
<xs:element ref="Password"/>
<xs:element ref="RestrictedPassword"/>
<xs:element ref="ZeroKnowledge"/>
<xs:element ref="SharedSecretChallengeResponse"/>
<xs:element ref="SharedSecretDynamicPlaintext"/>
<xs:element ref="IPAddress"/>
<xs:element ref="AsymmetricDecryption"/>
<xs:element ref="AsymmetricKeyAgreement"/>
<xs:element ref="SubscriberLineNumber"/>
<xs:element ref="UserSuffix"/>
<xs:element ref="ComplexAuthenticator"/>
</xs:choice>
</xs:group>
<xs:group name="AuthenticatorSequenceGroup">
<xs:sequence>
<xs:element ref="PreviousSession" minOccurs="0"/>
<xs:element ref="ResumeSession" minOccurs="0"/>
<xs:element ref="DigSig" minOccurs="0"/>
<xs:element ref="Password" minOccurs="0"/>
<xs:element ref="RestrictedPassword" minOccurs="0"/>
<xs:element ref="ZeroKnowledge" minOccurs="0"/>
<xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/>
<xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/>
<xs:element ref="IPAddress" minOccurs="0"/>
<xs:element ref="AsymmetricDecryption" minOccurs="0"/>
<xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/>
<xs:element ref="SubscriberLineNumber" minOccurs="0"/>
<xs:element ref="UserSuffix" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:group>
<xs:complexType name="AuthenticatorBaseType">
<xs:sequence>
<xs:group ref="AuthenticatorChoiceGroup"/>
<xs:group ref="AuthenticatorSequenceGroup"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ComplexAuthenticatorType">
<xs:sequence>
<xs:group ref="AuthenticatorChoiceGroup"/>
<xs:group ref="AuthenticatorSequenceGroup"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="AuthenticatorTransportProtocolType">
<xs:sequence>
<xs:choice minOccurs="0">
<xs:element ref="HTTP"/>
<xs:element ref="SSL"/>
<xs:element ref="MobileNetworkNoEncryption"/>
<xs:element ref="MobileNetworkRadioEncryption"/>
<xs:element ref="MobileNetworkEndToEndEncryption"/>
<xs:element ref="WTLS"/>
<xs:element ref="IPSec"/>
<xs:element ref="PSTN"/>
<xs:element ref="ISDN"/>
<xs:element ref="ADSL"/>
</xs:choice>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="KeyActivationType">
<xs:sequence>
<xs:element ref="ActivationPin" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="KeySharingType">
<xs:attribute name="sharing" type="xs:boolean" use="required"/>
</xs:complexType>
<xs:complexType name="PrivateKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation" minOccurs="0"/>
<xs:element ref="KeyStorage" minOccurs="0"/>
<xs:element ref="KeySharing" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="PasswordType">
<xs:sequence>
<xs:element ref="Length" minOccurs="0"/>
<xs:element ref="Alphabet" minOccurs="0"/>
<xs:element ref="Generation" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="RestrictedPassword" type="RestrictedPasswordType"/>
<xs:complexType name="RestrictedPasswordType">
<xs:complexContent>
<xs:restriction base="PasswordType">
<xs:sequence>
<xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>
<xs:element ref="Generation" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="RestrictedLengthType">
<xs:complexContent>
<xs:restriction base="LengthType">
<xs:attribute name="min" use="required">
<xs:simpleType>
<xs:restriction base="xs:integer">
<xs:minInclusive value="3"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="max" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="ActivationPinType">
<xs:sequence>
<xs:element ref="Length" minOccurs="0"/>
<xs:element ref="Alphabet" minOccurs="0"/>
<xs:element ref="Generation" minOccurs="0"/>
<xs:element ref="ActivationLimit" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Alphabet" type="AlphabetType"/>
<xs:complexType name="AlphabetType">
<xs:attribute name="requiredChars" type="xs:string" use="required"/>
<xs:attribute name="excludedChars" type="xs:string" use="optional"/>
<xs:attribute name="case" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="TokenType">
<xs:sequence>
<xs:element ref="TimeSyncToken"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="DeviceTypeType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="hardware"/>
<xs:enumeration value="software"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="booleanType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="true"/>
<xs:enumeration value="false"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="TimeSyncTokenType">
<xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/>
<xs:attribute name="SeedLength" type="xs:integer" use="required"/>
<xs:attribute name="DeviceInHand" type="booleanType" use="required"/>
</xs:complexType>
<xs:complexType name="ActivationLimitType">
<xs:choice>
<xs:element ref="ActivationLimitDuration"/>
<xs:element ref="ActivationLimitUsages"/>
<xs:element ref="ActivationLimitSession"/>
</xs:choice>
</xs:complexType>
<xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">
<xs:annotation>
<xs:documentation>
This element indicates that the Key Activation Limit is
defined as a specific duration of time.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">
<xs:annotation>
<xs:documentation>
This element indicates that the Key Activation Limit is
defined as a number of usages.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">
<xs:annotation>
<xs:documentation>
This element indicates that the Key Activation Limit is
the session.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:complexType name="ActivationLimitDurationType">
<xs:attribute name="duration" type="xs:duration" use="required"/>
</xs:complexType>
<xs:complexType name="ActivationLimitUsagesType">
<xs:attribute name="number" type="xs:integer" use="required"/>
</xs:complexType>
<xs:complexType name="ActivationLimitSessionType"/>
<xs:complexType name="LengthType">
<xs:attribute name="min" type="xs:integer" use="required"/>
<xs:attribute name="max" type="xs:integer" use="optional"/>
</xs:complexType>
<xs:simpleType name="mediumType">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="memory"/>
<xs:enumeration value="smartcard"/>
<xs:enumeration value="token"/>
<xs:enumeration value="MobileDevice"/>
<xs:enumeration value="MobileAuthCard"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="KeyStorageType">
<xs:attribute name="medium" type="mediumType" use="required"/>
</xs:complexType>
<xs:complexType name="SecretKeyProtectionType">
<xs:sequence>
<xs:element ref="KeyActivation" minOccurs="0"/>
<xs:element ref="KeyStorage" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="SecurityAuditType">
<xs:sequence>
<xs:element ref="SwitchAudit" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ExtensionOnlyType">
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Extension" type="ExtensionType"/>
<xs:complexType name="ExtensionType">
<xs:sequence>
<xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:schema>

View file

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:X509
Document identifier: saml-schema-authn-context-x509-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="DigSig"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PublicKeyType">
<xs:complexContent>
<xs:restriction base="PublicKeyType">
<xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
finalDefault="extension"
blockDefault="substitution"
version="2.0">
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
<xs:annotation>
<xs:documentation>
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig
Document identifier: saml-schema-authn-context-xmldsig-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
New authentication context class schema for SAML V2.0.
</xs:documentation>
</xs:annotation>
<xs:complexType name="AuthnContextDeclarationBaseType">
<xs:complexContent>
<xs:restriction base="AuthnContextDeclarationBaseType">
<xs:sequence>
<xs:element ref="Identification" minOccurs="0"/>
<xs:element ref="TechnicalProtection" minOccurs="0"/>
<xs:element ref="OperationalProtection" minOccurs="0"/>
<xs:element ref="AuthnMethod"/>
<xs:element ref="GoverningAgreements" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthnMethodBaseType">
<xs:complexContent>
<xs:restriction base="AuthnMethodBaseType">
<xs:sequence>
<xs:element ref="PrincipalAuthenticationMechanism"/>
<xs:element ref="Authenticator"/>
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PrincipalAuthenticationMechanismType">
<xs:complexContent>
<xs:restriction base="PrincipalAuthenticationMechanismType">
<xs:sequence>
<xs:element ref="RestrictedPassword"/>
</xs:sequence>
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="AuthenticatorBaseType">
<xs:complexContent>
<xs:restriction base="AuthenticatorBaseType">
<xs:sequence>
<xs:element ref="DigSig"/>
</xs:sequence>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PublicKeyType">
<xs:complexContent>
<xs:restriction base="PublicKeyType">
<xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:ietf:rfc:3075"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
</xs:redefine>
</xs:schema>

View file

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<annotation>
<documentation>
Document identifier: saml-schema-dce-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
Custom schema for DCE attribute profile, first published in SAML 2.0.
</documentation>
</annotation>
<complexType name="DCEValueType">
<simpleContent>
<extension base="anyURI">
<attribute ref="dce:Realm" use="optional"/>
<attribute ref="dce:FriendlyName" use="optional"/>
</extension>
</simpleContent>
</complexType>
<attribute name="Realm" type="anyURI"/>
<attribute name="FriendlyName" type="string"/>
</schema>

View file

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
schemaLocation="saml-schema-protocol-2.0.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://schemas.xmlsoap.org/soap/envelope/"
schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>
<annotation>
<documentation>
Document identifier: saml-schema-ecp-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
Custom schema for ECP profile, first published in SAML 2.0.
</documentation>
</annotation>
<element name="Request" type="ecp:RequestType"/>
<complexType name="RequestType">
<sequence>
<element ref="saml:Issuer"/>
<element ref="samlp:IDPList" minOccurs="0"/>
</sequence>
<attribute ref="S:mustUnderstand" use="required"/>
<attribute ref="S:actor" use="required"/>
<attribute name="ProviderName" type="string" use="optional"/>
<attribute name="IsPassive" type="boolean" use="optional"/>
</complexType>
<element name="Response" type="ecp:ResponseType"/>
<complexType name="ResponseType">
<attribute ref="S:mustUnderstand" use="required"/>
<attribute ref="S:actor" use="required"/>
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/>
</complexType>
<element name="RelayState" type="ecp:RelayStateType"/>
<complexType name="RelayStateType">
<simpleContent>
<extension base="string">
<attribute ref="S:mustUnderstand" use="required"/>
<attribute ref="S:actor" use="required"/>
</extension>
</simpleContent>
</complexType>
</schema>

View file

@ -0,0 +1,337 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-metadata-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
Schema for SAML metadata, first published in SAML 2.0.
</documentation>
</annotation>
<simpleType name="entityIDType">
<restriction base="anyURI">
<maxLength value="1024"/>
</restriction>
</simpleType>
<complexType name="localizedNameType">
<simpleContent>
<extension base="string">
<attribute ref="xml:lang" use="required"/>
</extension>
</simpleContent>
</complexType>
<complexType name="localizedURIType">
<simpleContent>
<extension base="anyURI">
<attribute ref="xml:lang" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="Extensions" type="md:ExtensionsType"/>
<complexType final="#all" name="ExtensionsType">
<sequence>
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="EndpointType">
<sequence>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Binding" type="anyURI" use="required"/>
<attribute name="Location" type="anyURI" use="required"/>
<attribute name="ResponseLocation" type="anyURI" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<complexType name="IndexedEndpointType">
<complexContent>
<extension base="md:EndpointType">
<attribute name="index" type="unsignedShort" use="required"/>
<attribute name="isDefault" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
<complexType name="EntitiesDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<choice minOccurs="1" maxOccurs="unbounded">
<element ref="md:EntityDescriptor"/>
<element ref="md:EntitiesDescriptor"/>
</choice>
</sequence>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="ID" type="ID" use="optional"/>
<attribute name="Name" type="string" use="optional"/>
</complexType>
<element name="EntityDescriptor" type="md:EntityDescriptorType"/>
<complexType name="EntityDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<choice>
<choice maxOccurs="unbounded">
<element ref="md:RoleDescriptor"/>
<element ref="md:IDPSSODescriptor"/>
<element ref="md:SPSSODescriptor"/>
<element ref="md:AuthnAuthorityDescriptor"/>
<element ref="md:AttributeAuthorityDescriptor"/>
<element ref="md:PDPDescriptor"/>
</choice>
<element ref="md:AffiliationDescriptor"/>
</choice>
<element ref="md:Organization" minOccurs="0"/>
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="entityID" type="md:entityIDType" use="required"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="ID" type="ID" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="Organization" type="md:OrganizationType"/>
<complexType name="OrganizationType">
<sequence>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:OrganizationName" maxOccurs="unbounded"/>
<element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
<element ref="md:OrganizationURL" maxOccurs="unbounded"/>
</sequence>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="OrganizationName" type="md:localizedNameType"/>
<element name="OrganizationDisplayName" type="md:localizedNameType"/>
<element name="OrganizationURL" type="md:localizedURIType"/>
<element name="ContactPerson" type="md:ContactType"/>
<complexType name="ContactType">
<sequence>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:Company" minOccurs="0"/>
<element ref="md:GivenName" minOccurs="0"/>
<element ref="md:SurName" minOccurs="0"/>
<element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="contactType" type="md:ContactTypeType" use="required"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="Company" type="string"/>
<element name="GivenName" type="string"/>
<element name="SurName" type="string"/>
<element name="EmailAddress" type="anyURI"/>
<element name="TelephoneNumber" type="string"/>
<simpleType name="ContactTypeType">
<restriction base="string">
<enumeration value="technical"/>
<enumeration value="support"/>
<enumeration value="administrative"/>
<enumeration value="billing"/>
<enumeration value="other"/>
</restriction>
</simpleType>
<element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
<complexType name="AdditionalMetadataLocationType">
<simpleContent>
<extension base="anyURI">
<attribute name="namespace" type="anyURI" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="RoleDescriptor" type="md:RoleDescriptorType"/>
<complexType name="RoleDescriptorType" abstract="true">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:Organization" minOccurs="0"/>
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="ID" type="ID" use="optional"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
<attribute name="errorURL" type="anyURI" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<simpleType name="anyURIListType">
<list itemType="anyURI"/>
</simpleType>
<element name="KeyDescriptor" type="md:KeyDescriptorType"/>
<complexType name="KeyDescriptorType">
<sequence>
<element ref="ds:KeyInfo"/>
<element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="use" type="md:KeyTypes" use="optional"/>
</complexType>
<simpleType name="KeyTypes">
<restriction base="string">
<enumeration value="encryption"/>
<enumeration value="signing"/>
</restriction>
</simpleType>
<element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
<complexType name="SSODescriptorType" abstract="true">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
<element name="SingleLogoutService" type="md:EndpointType"/>
<element name="ManageNameIDService" type="md:EndpointType"/>
<element name="NameIDFormat" type="anyURI"/>
<element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
<complexType name="IDPSSODescriptorType">
<complexContent>
<extension base="md:SSODescriptorType">
<sequence>
<element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
<element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SingleSignOnService" type="md:EndpointType"/>
<element name="NameIDMappingService" type="md:EndpointType"/>
<element name="AssertionIDRequestService" type="md:EndpointType"/>
<element name="AttributeProfile" type="anyURI"/>
<element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
<complexType name="SPSSODescriptorType">
<complexContent>
<extension base="md:SSODescriptorType">
<sequence>
<element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
<element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
<attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
<element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
<complexType name="AttributeConsumingServiceType">
<sequence>
<element ref="md:ServiceName" maxOccurs="unbounded"/>
<element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
</sequence>
<attribute name="index" type="unsignedShort" use="required"/>
<attribute name="isDefault" type="boolean" use="optional"/>
</complexType>
<element name="ServiceName" type="md:localizedNameType"/>
<element name="ServiceDescription" type="md:localizedNameType"/>
<element name="RequestedAttribute" type="md:RequestedAttributeType"/>
<complexType name="RequestedAttributeType">
<complexContent>
<extension base="saml:AttributeType">
<attribute name="isRequired" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
<complexType name="AuthnAuthorityDescriptorType">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthnQueryService" type="md:EndpointType"/>
<element name="PDPDescriptor" type="md:PDPDescriptorType"/>
<complexType name="PDPDescriptorType">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:AuthzService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthzService" type="md:EndpointType"/>
<element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
<complexType name="AttributeAuthorityDescriptorType">
<complexContent>
<extension base="md:RoleDescriptorType">
<sequence>
<element ref="md:AttributeService" maxOccurs="unbounded"/>
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AttributeService" type="md:EndpointType"/>
<element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
<complexType name="AffiliationDescriptorType">
<sequence>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="md:Extensions" minOccurs="0"/>
<element ref="md:AffiliateMember" maxOccurs="unbounded"/>
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
<attribute name="validUntil" type="dateTime" use="optional"/>
<attribute name="cacheDuration" type="duration" use="optional"/>
<attribute name="ID" type="ID" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AffiliateMember" type="md:entityIDType"/>
</schema>

View file

@ -0,0 +1,302 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-protocol-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New protocol schema based in a SAML V2.0 namespace.
</documentation>
</annotation>
<complexType name="RequestAbstractType" abstract="true">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Extensions" type="samlp:ExtensionsType"/>
<complexType name="ExtensionsType">
<sequence>
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="StatusResponseType">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
<element ref="samlp:Status"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Status" type="samlp:StatusType"/>
<complexType name="StatusType">
<sequence>
<element ref="samlp:StatusCode"/>
<element ref="samlp:StatusMessage" minOccurs="0"/>
<element ref="samlp:StatusDetail" minOccurs="0"/>
</sequence>
</complexType>
<element name="StatusCode" type="samlp:StatusCodeType"/>
<complexType name="StatusCodeType">
<sequence>
<element ref="samlp:StatusCode" minOccurs="0"/>
</sequence>
<attribute name="Value" type="anyURI" use="required"/>
</complexType>
<element name="StatusMessage" type="string"/>
<element name="StatusDetail" type="samlp:StatusDetailType"/>
<complexType name="StatusDetailType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
<complexType name="AssertionIDRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
<complexType name="SubjectQueryAbstractType" abstract="true">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:Subject"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
<complexType name="AuthnQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
</sequence>
<attribute name="SessionIndex" type="string" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
<complexType name="RequestedAuthnContextType">
<choice>
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
</choice>
<attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
</complexType>
<simpleType name="AuthnContextComparisonType">
<restriction base="string">
<enumeration value="exact"/>
<enumeration value="minimum"/>
<enumeration value="maximum"/>
<enumeration value="better"/>
</restriction>
</simpleType>
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
<complexType name="AttributeQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
<complexType name="AuthzDecisionQueryType">
<complexContent>
<extension base="samlp:SubjectQueryAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
</extension>
</complexContent>
</complexType>
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
<complexType name="AuthnRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
<element ref="samlp:Scoping" minOccurs="0"/>
</sequence>
<attribute name="ForceAuthn" type="boolean" use="optional"/>
<attribute name="IsPassive" type="boolean" use="optional"/>
<attribute name="ProtocolBinding" type="anyURI" use="optional"/>
<attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
<attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
<attribute name="ProviderName" type="string" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
<complexType name="NameIDPolicyType">
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
<attribute name="AllowCreate" type="boolean" use="optional"/>
</complexType>
<element name="Scoping" type="samlp:ScopingType"/>
<complexType name="ScopingType">
<sequence>
<element ref="samlp:IDPList" minOccurs="0"/>
<element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
</complexType>
<element name="RequesterID" type="anyURI"/>
<element name="IDPList" type="samlp:IDPListType"/>
<complexType name="IDPListType">
<sequence>
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
<element ref="samlp:GetComplete" minOccurs="0"/>
</sequence>
</complexType>
<element name="IDPEntry" type="samlp:IDPEntryType"/>
<complexType name="IDPEntryType">
<attribute name="ProviderID" type="anyURI" use="required"/>
<attribute name="Name" type="string" use="optional"/>
<attribute name="Loc" type="anyURI" use="optional"/>
</complexType>
<element name="GetComplete" type="anyURI"/>
<element name="Response" type="samlp:ResponseType"/>
<complexType name="ResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
<complexType name="ArtifactResolveType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<element ref="samlp:Artifact"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Artifact" type="string"/>
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
<complexType name="ArtifactResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
<complexType name="ManageNameIDRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<choice>
<element ref="samlp:NewID"/>
<element ref="samlp:NewEncryptedID"/>
<element ref="samlp:Terminate"/>
</choice>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="NewID" type="string"/>
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
<element name="Terminate" type="samlp:TerminateType"/>
<complexType name="TerminateType"/>
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
<complexType name="LogoutRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Reason" type="string" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SessionIndex" type="string"/>
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
<complexType name="NameIDMappingRequestType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="samlp:NameIDPolicy"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
<complexType name="NameIDMappingResponseType">
<complexContent>
<extension base="samlp:StatusResponseType">
<choice>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
</extension>
</complexContent>
</complexType>
</schema>

View file

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<annotation>
<documentation>
Document identifier: saml-schema-x500-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
Custom schema for X.500 attribute profile, first published in SAML 2.0.
</documentation>
</annotation>
<attribute name="Encoding" type="string"/>
</schema>

View file

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<annotation>
<documentation>
Document identifier: saml-schema-xacml-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V2.0 (March, 2005):
Custom schema for XACML attribute profile, first published in SAML 2.0.
</documentation>
</annotation>
<attribute name="DataType" type="anyURI"/>
</schema>

View file

@ -0,0 +1,319 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE schema
PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
[
<!ATTLIST schema
xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
<!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
<!ENTITY % p ''>
<!ENTITY % s ''>
]>
<!-- Schema for XML Signatures
http://www.w3.org/2000/09/xmldsig#
$Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
Copyright 2001 The Internet Society and W3C (Massachusetts Institute
of Technology, Institut National de Recherche en Informatique et en
Automatique, Keio University). All Rights Reserved.
http://www.w3.org/Consortium/Legal/
This document is governed by the W3C Software License [1] as described
in the FAQ [2].
[1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
[2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
-->
<schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
targetNamespace="http://www.w3.org/2000/09/xmldsig#"
version="0.1" elementFormDefault="qualified">
<!-- Basic Types Defined for Signatures -->
<simpleType name="CryptoBinary">
<restriction base="base64Binary">
</restriction>
</simpleType>
<!-- Start Signature -->
<element name="Signature" type="ds:SignatureType"/>
<complexType name="SignatureType">
<sequence>
<element ref="ds:SignedInfo"/>
<element ref="ds:SignatureValue"/>
<element ref="ds:KeyInfo" minOccurs="0"/>
<element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="SignatureValue" type="ds:SignatureValueType"/>
<complexType name="SignatureValueType">
<simpleContent>
<extension base="base64Binary">
<attribute name="Id" type="ID" use="optional"/>
</extension>
</simpleContent>
</complexType>
<!-- Start SignedInfo -->
<element name="SignedInfo" type="ds:SignedInfoType"/>
<complexType name="SignedInfoType">
<sequence>
<element ref="ds:CanonicalizationMethod"/>
<element ref="ds:SignatureMethod"/>
<element ref="ds:Reference" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
<complexType name="CanonicalizationMethodType" mixed="true">
<sequence>
<any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) namespace -->
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<element name="SignatureMethod" type="ds:SignatureMethodType"/>
<complexType name="SignatureMethodType" mixed="true">
<sequence>
<element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
<any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) external namespace -->
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<!-- Start Reference -->
<element name="Reference" type="ds:ReferenceType"/>
<complexType name="ReferenceType">
<sequence>
<element ref="ds:Transforms" minOccurs="0"/>
<element ref="ds:DigestMethod"/>
<element ref="ds:DigestValue"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
<attribute name="URI" type="anyURI" use="optional"/>
<attribute name="Type" type="anyURI" use="optional"/>
</complexType>
<element name="Transforms" type="ds:TransformsType"/>
<complexType name="TransformsType">
<sequence>
<element ref="ds:Transform" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="Transform" type="ds:TransformType"/>
<complexType name="TransformType" mixed="true">
<choice minOccurs="0" maxOccurs="unbounded">
<any namespace="##other" processContents="lax"/>
<!-- (1,1) elements from (0,unbounded) namespaces -->
<element name="XPath" type="string"/>
</choice>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<!-- End Reference -->
<element name="DigestMethod" type="ds:DigestMethodType"/>
<complexType name="DigestMethodType" mixed="true">
<sequence>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<element name="DigestValue" type="ds:DigestValueType"/>
<simpleType name="DigestValueType">
<restriction base="base64Binary"/>
</simpleType>
<!-- End SignedInfo -->
<!-- Start KeyInfo -->
<element name="KeyInfo" type="ds:KeyInfoType"/>
<complexType name="KeyInfoType" mixed="true">
<choice maxOccurs="unbounded">
<element ref="ds:KeyName"/>
<element ref="ds:KeyValue"/>
<element ref="ds:RetrievalMethod"/>
<element ref="ds:X509Data"/>
<element ref="ds:PGPData"/>
<element ref="ds:SPKIData"/>
<element ref="ds:MgmtData"/>
<any processContents="lax" namespace="##other"/>
<!-- (1,1) elements from (0,unbounded) namespaces -->
</choice>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="KeyName" type="string"/>
<element name="MgmtData" type="string"/>
<element name="KeyValue" type="ds:KeyValueType"/>
<complexType name="KeyValueType" mixed="true">
<choice>
<element ref="ds:DSAKeyValue"/>
<element ref="ds:RSAKeyValue"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
<complexType name="RetrievalMethodType">
<sequence>
<element ref="ds:Transforms" minOccurs="0"/>
</sequence>
<attribute name="URI" type="anyURI"/>
<attribute name="Type" type="anyURI" use="optional"/>
</complexType>
<!-- Start X509Data -->
<element name="X509Data" type="ds:X509DataType"/>
<complexType name="X509DataType">
<sequence maxOccurs="unbounded">
<choice>
<element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
<element name="X509SKI" type="base64Binary"/>
<element name="X509SubjectName" type="string"/>
<element name="X509Certificate" type="base64Binary"/>
<element name="X509CRL" type="base64Binary"/>
<any namespace="##other" processContents="lax"/>
</choice>
</sequence>
</complexType>
<complexType name="X509IssuerSerialType">
<sequence>
<element name="X509IssuerName" type="string"/>
<element name="X509SerialNumber" type="integer"/>
</sequence>
</complexType>
<!-- End X509Data -->
<!-- Begin PGPData -->
<element name="PGPData" type="ds:PGPDataType"/>
<complexType name="PGPDataType">
<choice>
<sequence>
<element name="PGPKeyID" type="base64Binary"/>
<element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
<any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
<sequence>
<element name="PGPKeyPacket" type="base64Binary"/>
<any namespace="##other" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
</choice>
</complexType>
<!-- End PGPData -->
<!-- Begin SPKIData -->
<element name="SPKIData" type="ds:SPKIDataType"/>
<complexType name="SPKIDataType">
<sequence maxOccurs="unbounded">
<element name="SPKISexp" type="base64Binary"/>
<any namespace="##other" processContents="lax" minOccurs="0"/>
</sequence>
</complexType>
<!-- End SPKIData -->
<!-- End KeyInfo -->
<!-- Start Object (Manifest, SignatureProperty) -->
<element name="Object" type="ds:ObjectType"/>
<complexType name="ObjectType" mixed="true">
<sequence minOccurs="0" maxOccurs="unbounded">
<any namespace="##any" processContents="lax"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
<attribute name="MimeType" type="string" use="optional"/>
<!-- add a grep facet -->
<attribute name="Encoding" type="anyURI" use="optional"/>
</complexType>
<element name="Manifest" type="ds:ManifestType"/>
<complexType name="ManifestType">
<sequence>
<element ref="ds:Reference" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
<complexType name="SignaturePropertiesType">
<sequence>
<element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<element name="SignatureProperty" type="ds:SignaturePropertyType"/>
<complexType name="SignaturePropertyType" mixed="true">
<choice maxOccurs="unbounded">
<any namespace="##other" processContents="lax"/>
<!-- (1,1) elements from (1,unbounded) namespaces -->
</choice>
<attribute name="Target" type="anyURI" use="required"/>
<attribute name="Id" type="ID" use="optional"/>
</complexType>
<!-- End Object (Manifest, SignatureProperty) -->
<!-- Start Algorithm Parameters -->
<simpleType name="HMACOutputLengthType">
<restriction base="integer"/>
</simpleType>
<!-- Start KeyValue Element-types -->
<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
<complexType name="DSAKeyValueType">
<sequence>
<sequence minOccurs="0">
<element name="P" type="ds:CryptoBinary"/>
<element name="Q" type="ds:CryptoBinary"/>
</sequence>
<element name="G" type="ds:CryptoBinary" minOccurs="0"/>
<element name="Y" type="ds:CryptoBinary"/>
<element name="J" type="ds:CryptoBinary" minOccurs="0"/>
<sequence minOccurs="0">
<element name="Seed" type="ds:CryptoBinary"/>
<element name="PgenCounter" type="ds:CryptoBinary"/>
</sequence>
</sequence>
</complexType>
<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
<complexType name="RSAKeyValueType">
<sequence>
<element name="Modulus" type="ds:CryptoBinary"/>
<element name="Exponent" type="ds:CryptoBinary"/>
</sequence>
</complexType>
<!-- End KeyValue Element-types -->
<!-- End Signature -->
</schema>

View file

@ -0,0 +1,154 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE schema PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
"http://www.w3.org/2001/XMLSchema.dtd"
[
<!ATTLIST schema
xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
<!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
<!ENTITY % p ''>
<!ENTITY % s ''>
]>
<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
targetNamespace='http://www.w3.org/2001/04/xmlenc#'
elementFormDefault='qualified'>
<import namespace='http://www.w3.org/2000/09/xmldsig#'
schemaLocation='http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd'/>
<complexType name='EncryptedType' abstract='true'>
<sequence>
<element name='EncryptionMethod' type='xenc:EncryptionMethodType'
minOccurs='0'/>
<element ref='ds:KeyInfo' minOccurs='0'/>
<element ref='xenc:CipherData'/>
<element ref='xenc:EncryptionProperties' minOccurs='0'/>
</sequence>
<attribute name='Id' type='ID' use='optional'/>
<attribute name='Type' type='anyURI' use='optional'/>
<attribute name='MimeType' type='string' use='optional'/>
<attribute name='Encoding' type='anyURI' use='optional'/>
</complexType>
<complexType name='EncryptionMethodType' mixed='true'>
<sequence>
<element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
<element name='OAEPparams' minOccurs='0' type='base64Binary'/>
<any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</sequence>
<attribute name='Algorithm' type='anyURI' use='required'/>
</complexType>
<simpleType name='KeySizeType'>
<restriction base="integer"/>
</simpleType>
<element name='CipherData' type='xenc:CipherDataType'/>
<complexType name='CipherDataType'>
<choice>
<element name='CipherValue' type='base64Binary'/>
<element ref='xenc:CipherReference'/>
</choice>
</complexType>
<element name='CipherReference' type='xenc:CipherReferenceType'/>
<complexType name='CipherReferenceType'>
<choice>
<element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
</choice>
<attribute name='URI' type='anyURI' use='required'/>
</complexType>
<complexType name='TransformsType'>
<sequence>
<element ref='ds:Transform' maxOccurs='unbounded'/>
</sequence>
</complexType>
<element name='EncryptedData' type='xenc:EncryptedDataType'/>
<complexType name='EncryptedDataType'>
<complexContent>
<extension base='xenc:EncryptedType'>
</extension>
</complexContent>
</complexType>
<!-- Children of ds:KeyInfo -->
<element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
<complexType name='EncryptedKeyType'>
<complexContent>
<extension base='xenc:EncryptedType'>
<sequence>
<element ref='xenc:ReferenceList' minOccurs='0'/>
<element name='CarriedKeyName' type='string' minOccurs='0'/>
</sequence>
<attribute name='Recipient' type='string'
use='optional'/>
</extension>
</complexContent>
</complexType>
<element name="AgreementMethod" type="xenc:AgreementMethodType"/>
<complexType name="AgreementMethodType" mixed="true">
<sequence>
<element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
<!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
<any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
<element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
<element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
<!-- End Children of ds:KeyInfo -->
<element name='ReferenceList'>
<complexType>
<choice minOccurs='1' maxOccurs='unbounded'>
<element name='DataReference' type='xenc:ReferenceType'/>
<element name='KeyReference' type='xenc:ReferenceType'/>
</choice>
</complexType>
</element>
<complexType name='ReferenceType'>
<sequence>
<any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</sequence>
<attribute name='URI' type='anyURI' use='required'/>
</complexType>
<element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
<complexType name='EncryptionPropertiesType'>
<sequence>
<element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
</sequence>
<attribute name='Id' type='ID' use='optional'/>
</complexType>
<element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
<complexType name='EncryptionPropertyType' mixed='true'>
<choice maxOccurs='unbounded'>
<any namespace='##other' processContents='lax'/>
</choice>
<attribute name='Target' type='anyURI' use='optional'/>
<attribute name='Id' type='ID' use='optional'/>
<anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
</complexType>
</schema>

View file

@ -0,0 +1,402 @@
<!-- DTD for XML Schemas: Part 1: Structures
Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
<!-- $Id: XMLSchema.dtd 20476 2004-04-17 13:29:24Z tdiesler $ -->
<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
<!-- prose copy in the structures REC is the definitive version --> <!--d-->
<!-- (which shouldn't differ from this one except for this --> <!--d-->
<!-- comment and entity expansions, but just in case) --> <!--d-->
<!-- With the exception of cases with multiple namespace
prefixes for the XML Schema namespace, any XML document which is
not valid per this DTD given redefinitions in its internal subset of the
'p' and 's' parameter entities below appropriate to its namespace
declaration of the XML Schema namespace is almost certainly not
a valid schema. -->
<!-- The simpleType element and its constituent parts
are defined in XML Schema: Part 2: Datatypes -->
<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
schema document to establish a different
namespace prefix -->
<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
also define %s as the suffix for the appropriate
namespace declaration (e.g. :foo) -->
<!ENTITY % nds 'xmlns%s;'>
<!-- Define all the element names, with optional prefix -->
<!ENTITY % schema "%p;schema">
<!ENTITY % complexType "%p;complexType">
<!ENTITY % complexContent "%p;complexContent">
<!ENTITY % simpleContent "%p;simpleContent">
<!ENTITY % extension "%p;extension">
<!ENTITY % element "%p;element">
<!ENTITY % unique "%p;unique">
<!ENTITY % key "%p;key">
<!ENTITY % keyref "%p;keyref">
<!ENTITY % selector "%p;selector">
<!ENTITY % field "%p;field">
<!ENTITY % group "%p;group">
<!ENTITY % all "%p;all">
<!ENTITY % choice "%p;choice">
<!ENTITY % sequence "%p;sequence">
<!ENTITY % any "%p;any">
<!ENTITY % anyAttribute "%p;anyAttribute">
<!ENTITY % attribute "%p;attribute">
<!ENTITY % attributeGroup "%p;attributeGroup">
<!ENTITY % include "%p;include">
<!ENTITY % import "%p;import">
<!ENTITY % redefine "%p;redefine">
<!ENTITY % notation "%p;notation">
<!-- annotation elements -->
<!ENTITY % annotation "%p;annotation">
<!ENTITY % appinfo "%p;appinfo">
<!ENTITY % documentation "%p;documentation">
<!-- Customisation entities for the ATTLIST of each element type.
Define one of these if your schema takes advantage of the
anyAttribute='##other' in the schema for schemas -->
<!ENTITY % schemaAttrs ''>
<!ENTITY % complexTypeAttrs ''>
<!ENTITY % complexContentAttrs ''>
<!ENTITY % simpleContentAttrs ''>
<!ENTITY % extensionAttrs ''>
<!ENTITY % elementAttrs ''>
<!ENTITY % groupAttrs ''>
<!ENTITY % allAttrs ''>
<!ENTITY % choiceAttrs ''>
<!ENTITY % sequenceAttrs ''>
<!ENTITY % anyAttrs ''>
<!ENTITY % anyAttributeAttrs ''>
<!ENTITY % attributeAttrs ''>
<!ENTITY % attributeGroupAttrs ''>
<!ENTITY % uniqueAttrs ''>
<!ENTITY % keyAttrs ''>
<!ENTITY % keyrefAttrs ''>
<!ENTITY % selectorAttrs ''>
<!ENTITY % fieldAttrs ''>
<!ENTITY % includeAttrs ''>
<!ENTITY % importAttrs ''>
<!ENTITY % redefineAttrs ''>
<!ENTITY % notationAttrs ''>
<!ENTITY % annotationAttrs ''>
<!ENTITY % appinfoAttrs ''>
<!ENTITY % documentationAttrs ''>
<!ENTITY % complexDerivationSet "CDATA">
<!-- #all or space-separated list drawn from derivationChoice -->
<!ENTITY % blockSet "CDATA">
<!-- #all or space-separated list drawn from
derivationChoice + 'substitution' -->
<!ENTITY % mgs '%all; | %choice; | %sequence;'>
<!ENTITY % cs '%choice; | %sequence;'>
<!ENTITY % formValues '(qualified|unqualified)'>
<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
<!-- This is used in part2 -->
<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
%xs-datatypes;
<!-- the duplication below is to produce an unambiguous content model
which allows annotation everywhere -->
<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
((%simpleType; | %complexType;
| %element; | %attribute;
| %attributeGroup; | %group;
| %notation; ),
(%annotation;)*)* )>
<!ATTLIST %schema;
targetNamespace %URIref; #IMPLIED
version CDATA #IMPLIED
%nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
xmlns CDATA #IMPLIED
finalDefault %complexDerivationSet; ''
blockDefault %blockSet; ''
id ID #IMPLIED
elementFormDefault %formValues; 'unqualified'
attributeFormDefault %formValues; 'unqualified'
xml:lang CDATA #IMPLIED
%schemaAttrs;>
<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
because at the Infoset level where schemas operate,
xmlns(:prefix) is NOT an attribute! -->
<!-- The declaration of xmlns is a convenience for schema authors -->
<!-- The id attribute here and below is for use in external references
from non-schemas using simple fragment identifiers.
It is NOT used for schema-to-schema reference, internal or
external. -->
<!-- a type is a named content type specification which allows attribute
declarations-->
<!-- -->
<!ELEMENT %complexType; ((%annotation;)?,
(%simpleContent;|%complexContent;|
%particleAndAttrs;))>
<!ATTLIST %complexType;
name %NCName; #IMPLIED
id ID #IMPLIED
abstract %boolean; #IMPLIED
final %complexDerivationSet; #IMPLIED
block %complexDerivationSet; #IMPLIED
mixed (true|false) 'false'
%complexTypeAttrs;>
<!-- particleAndAttrs is shorthand for a root type -->
<!-- mixed is disallowed if simpleContent, overriden if complexContent
has one too. -->
<!-- If anyAttribute appears in one or more referenced attributeGroups
and/or explicitly, the intersection of the permissions is used -->
<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
<!ATTLIST %complexContent;
mixed (true|false) #IMPLIED
id ID #IMPLIED
%complexContentAttrs;>
<!-- restriction should use the branch defined above, not the simple
one from part2; extension should use the full model -->
<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
<!ATTLIST %simpleContent;
id ID #IMPLIED
%simpleContentAttrs;>
<!-- restriction should use the simple branch from part2, not the
one defined above; extension should have no particle -->
<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
<!ATTLIST %extension;
base %QName; #REQUIRED
id ID #IMPLIED
%extensionAttrs;>
<!-- an element is declared by either:
a name and a type (either nested or referenced via the type attribute)
or a ref to an existing element declaration -->
<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
(%unique; | %key; | %keyref;)*)>
<!-- simpleType or complexType only if no type|ref attribute -->
<!-- ref not allowed at top level -->
<!ATTLIST %element;
name %NCName; #IMPLIED
id ID #IMPLIED
ref %QName; #IMPLIED
type %QName; #IMPLIED
minOccurs %nonNegativeInteger; #IMPLIED
maxOccurs CDATA #IMPLIED
nillable %boolean; #IMPLIED
substitutionGroup %QName; #IMPLIED
abstract %boolean; #IMPLIED
final %complexDerivationSet; #IMPLIED
block %blockSet; #IMPLIED
default CDATA #IMPLIED
fixed CDATA #IMPLIED
form %formValues; #IMPLIED
%elementAttrs;>
<!-- type and ref are mutually exclusive.
name and ref are mutually exclusive, one is required -->
<!-- In the absence of type AND ref, type defaults to type of
substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
<!-- default and fixed are mutually exclusive -->
<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
<!ATTLIST %group;
name %NCName; #IMPLIED
ref %QName; #IMPLIED
minOccurs %nonNegativeInteger; #IMPLIED
maxOccurs CDATA #IMPLIED
id ID #IMPLIED
%groupAttrs;>
<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
<!ATTLIST %all;
minOccurs (1) #IMPLIED
maxOccurs (1) #IMPLIED
id ID #IMPLIED
%allAttrs;>
<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
<!ATTLIST %choice;
minOccurs %nonNegativeInteger; #IMPLIED
maxOccurs CDATA #IMPLIED
id ID #IMPLIED
%choiceAttrs;>
<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
<!ATTLIST %sequence;
minOccurs %nonNegativeInteger; #IMPLIED
maxOccurs CDATA #IMPLIED
id ID #IMPLIED
%sequenceAttrs;>
<!-- an anonymous grouping in a model, or
a top-level named group definition, or a reference to same -->
<!-- Note that if order is 'all', group is not allowed inside.
If order is 'all' THIS group must be alone (or referenced alone) at
the top level of a content model -->
<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
<!-- Should allow minOccurs=0 inside order='all' . . . -->
<!ELEMENT %any; (%annotation;)?>
<!ATTLIST %any;
namespace CDATA '##any'
processContents (skip|lax|strict) 'strict'
minOccurs %nonNegativeInteger; '1'
maxOccurs CDATA '1'
id ID #IMPLIED
%anyAttrs;>
<!-- namespace is interpreted as follows:
##any - - any non-conflicting WFXML at all
##other - - any non-conflicting WFXML from namespace other
than targetNamespace
##local - - any unqualified non-conflicting WFXML/attribute
one or - - any non-conflicting WFXML from
more URI the listed namespaces
references
##targetNamespace ##local may appear in the above list,
with the obvious meaning -->
<!ELEMENT %anyAttribute; (%annotation;)?>
<!ATTLIST %anyAttribute;
namespace CDATA '##any'
processContents (skip|lax|strict) 'strict'
id ID #IMPLIED
%anyAttributeAttrs;>
<!-- namespace is interpreted as for 'any' above -->
<!-- simpleType only if no type|ref attribute -->
<!-- ref not allowed at top level, name iff at top level -->
<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
<!ATTLIST %attribute;
name %NCName; #IMPLIED
id ID #IMPLIED
ref %QName; #IMPLIED
type %QName; #IMPLIED
use (prohibited|optional|required) #IMPLIED
default CDATA #IMPLIED
fixed CDATA #IMPLIED
form %formValues; #IMPLIED
%attributeAttrs;>
<!-- type and ref are mutually exclusive.
name and ref are mutually exclusive, one is required -->
<!-- default for use is optional when nested, none otherwise -->
<!-- default and fixed are mutually exclusive -->
<!-- type attr and simpleType content are mutually exclusive -->
<!-- an attributeGroup is a named collection of attribute decls, or a
reference thereto -->
<!ELEMENT %attributeGroup; ((%annotation;)?,
(%attribute; | %attributeGroup;)*,
(%anyAttribute;)?) >
<!ATTLIST %attributeGroup;
name %NCName; #IMPLIED
id ID #IMPLIED
ref %QName; #IMPLIED
%attributeGroupAttrs;>
<!-- ref iff no content, no name. ref iff not top level -->
<!-- better reference mechanisms -->
<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
<!ATTLIST %unique;
name %NCName; #REQUIRED
id ID #IMPLIED
%uniqueAttrs;>
<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
<!ATTLIST %key;
name %NCName; #REQUIRED
id ID #IMPLIED
%keyAttrs;>
<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
<!ATTLIST %keyref;
name %NCName; #REQUIRED
refer %QName; #REQUIRED
id ID #IMPLIED
%keyrefAttrs;>
<!ELEMENT %selector; ((%annotation;)?)>
<!ATTLIST %selector;
xpath %XPathExpr; #REQUIRED
id ID #IMPLIED
%selectorAttrs;>
<!ELEMENT %field; ((%annotation;)?)>
<!ATTLIST %field;
xpath %XPathExpr; #REQUIRED
id ID #IMPLIED
%fieldAttrs;>
<!-- Schema combination mechanisms -->
<!ELEMENT %include; (%annotation;)?>
<!ATTLIST %include;
schemaLocation %URIref; #REQUIRED
id ID #IMPLIED
%includeAttrs;>
<!ELEMENT %import; (%annotation;)?>
<!ATTLIST %import;
namespace %URIref; #IMPLIED
schemaLocation %URIref; #IMPLIED
id ID #IMPLIED
%importAttrs;>
<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
%attributeGroup; | %group;)*>
<!ATTLIST %redefine;
schemaLocation %URIref; #REQUIRED
id ID #IMPLIED
%redefineAttrs;>
<!ELEMENT %notation; (%annotation;)?>
<!ATTLIST %notation;
name %NCName; #REQUIRED
id ID #IMPLIED
public CDATA #REQUIRED
system %URIref; #IMPLIED
%notationAttrs;>
<!-- Annotation is either application information or documentation -->
<!-- By having these here they are available for datatypes as well
as all the structures elements -->
<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
<!ATTLIST %annotation; %annotationAttrs;>
<!-- User must define annotation elements in internal subset for this
to work -->
<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
<!ATTLIST %appinfo;
source %URIref; #IMPLIED
id ID #IMPLIED
%appinfoAttrs;>
<!ELEMENT %documentation; ANY> <!-- too restrictive -->
<!ATTLIST %documentation;
source %URIref; #IMPLIED
id ID #IMPLIED
xml:lang CDATA #IMPLIED
%documentationAttrs;>
<!NOTATION XMLSchemaStructures PUBLIC
'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
<!NOTATION XML PUBLIC
'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >

View file

@ -0,0 +1,203 @@
<!--
DTD for XML Schemas: Part 2: Datatypes
$Id: datatypes.dtd 20476 2004-04-17 13:29:24Z tdiesler $
Note this DTD is NOT normative, or even definitive. - - the
prose copy in the datatypes REC is the definitive version
(which shouldn't differ from this one except for this comment
and entity expansions, but just in case)
-->
<!--
This DTD cannot be used on its own, it is intended
only for incorporation in XMLSchema.dtd, q.v.
-->
<!-- Define all the element names, with optional prefix -->
<!ENTITY % simpleType "%p;simpleType">
<!ENTITY % restriction "%p;restriction">
<!ENTITY % list "%p;list">
<!ENTITY % union "%p;union">
<!ENTITY % maxExclusive "%p;maxExclusive">
<!ENTITY % minExclusive "%p;minExclusive">
<!ENTITY % maxInclusive "%p;maxInclusive">
<!ENTITY % minInclusive "%p;minInclusive">
<!ENTITY % totalDigits "%p;totalDigits">
<!ENTITY % fractionDigits "%p;fractionDigits">
<!ENTITY % length "%p;length">
<!ENTITY % minLength "%p;minLength">
<!ENTITY % maxLength "%p;maxLength">
<!ENTITY % enumeration "%p;enumeration">
<!ENTITY % whiteSpace "%p;whiteSpace">
<!ENTITY % pattern "%p;pattern">
<!--
Customisation entities for the ATTLIST of each element
type. Define one of these if your schema takes advantage
of the anyAttribute='##other' in the schema for schemas
-->
<!ENTITY % simpleTypeAttrs "">
<!ENTITY % restrictionAttrs "">
<!ENTITY % listAttrs "">
<!ENTITY % unionAttrs "">
<!ENTITY % maxExclusiveAttrs "">
<!ENTITY % minExclusiveAttrs "">
<!ENTITY % maxInclusiveAttrs "">
<!ENTITY % minInclusiveAttrs "">
<!ENTITY % totalDigitsAttrs "">
<!ENTITY % fractionDigitsAttrs "">
<!ENTITY % lengthAttrs "">
<!ENTITY % minLengthAttrs "">
<!ENTITY % maxLengthAttrs "">
<!ENTITY % enumerationAttrs "">
<!ENTITY % whiteSpaceAttrs "">
<!ENTITY % patternAttrs "">
<!-- Define some entities for informative use as attribute
types -->
<!ENTITY % URIref "CDATA">
<!ENTITY % XPathExpr "CDATA">
<!ENTITY % QName "NMTOKEN">
<!ENTITY % QNames "NMTOKENS">
<!ENTITY % NCName "NMTOKEN">
<!ENTITY % nonNegativeInteger "NMTOKEN">
<!ENTITY % boolean "(true|false)">
<!ENTITY % simpleDerivationSet "CDATA">
<!--
#all or space-separated list drawn from derivationChoice
-->
<!--
Note that the use of 'facet' below is less restrictive
than is really intended: There should in fact be no
more than one of each of minInclusive, minExclusive,
maxInclusive, maxExclusive, totalDigits, fractionDigits,
length, maxLength, minLength within datatype,
and the min- and max- variants of Inclusive and Exclusive
are mutually exclusive. On the other hand, pattern and
enumeration may repeat.
-->
<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
<!ENTITY % bounds "%minBound; | %maxBound;">
<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
<!ENTITY % ordered "%bounds; | %numeric;">
<!ENTITY % unordered
"%pattern; | %enumeration; | %whiteSpace; | %length; |
%maxLength; | %minLength;">
<!ENTITY % facet "%ordered; | %unordered;">
<!ENTITY % facetAttr
"value CDATA #REQUIRED
id ID #IMPLIED">
<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
<!ENTITY % facetModel "(%annotation;)?">
<!ELEMENT %simpleType;
((%annotation;)?, (%restriction; | %list; | %union;))>
<!ATTLIST %simpleType;
name %NCName; #IMPLIED
final %simpleDerivationSet; #IMPLIED
id ID #IMPLIED
%simpleTypeAttrs;>
<!-- name is required at top level -->
<!ELEMENT %restriction; ((%annotation;)?,
(%restriction1; |
((%simpleType;)?,(%facet;)*)),
(%attrDecls;))>
<!ATTLIST %restriction;
base %QName; #IMPLIED
id ID #IMPLIED
%restrictionAttrs;>
<!--
base and simpleType child are mutually exclusive,
one is required.
restriction is shared between simpleType and
simpleContent and complexContent (in XMLSchema.xsd).
restriction1 is for the latter cases, when this
is restricting a complex type, as is attrDecls.
-->
<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
<!ATTLIST %list;
itemType %QName; #IMPLIED
id ID #IMPLIED
%listAttrs;>
<!--
itemType and simpleType child are mutually exclusive,
one is required
-->
<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
<!ATTLIST %union;
id ID #IMPLIED
memberTypes %QNames; #IMPLIED
%unionAttrs;>
<!--
At least one item in memberTypes or one simpleType
child is required
-->
<!ELEMENT %maxExclusive; %facetModel;>
<!ATTLIST %maxExclusive;
%facetAttr;
%fixedAttr;
%maxExclusiveAttrs;>
<!ELEMENT %minExclusive; %facetModel;>
<!ATTLIST %minExclusive;
%facetAttr;
%fixedAttr;
%minExclusiveAttrs;>
<!ELEMENT %maxInclusive; %facetModel;>
<!ATTLIST %maxInclusive;
%facetAttr;
%fixedAttr;
%maxInclusiveAttrs;>
<!ELEMENT %minInclusive; %facetModel;>
<!ATTLIST %minInclusive;
%facetAttr;
%fixedAttr;
%minInclusiveAttrs;>
<!ELEMENT %totalDigits; %facetModel;>
<!ATTLIST %totalDigits;
%facetAttr;
%fixedAttr;
%totalDigitsAttrs;>
<!ELEMENT %fractionDigits; %facetModel;>
<!ATTLIST %fractionDigits;
%facetAttr;
%fixedAttr;
%fractionDigitsAttrs;>
<!ELEMENT %length; %facetModel;>
<!ATTLIST %length;
%facetAttr;
%fixedAttr;
%lengthAttrs;>
<!ELEMENT %minLength; %facetModel;>
<!ATTLIST %minLength;
%facetAttr;
%fixedAttr;
%minLengthAttrs;>
<!ELEMENT %maxLength; %facetModel;>
<!ATTLIST %maxLength;
%facetAttr;
%fixedAttr;
%maxLengthAttrs;>
<!-- This one can be repeated -->
<!ELEMENT %enumeration; %facetModel;>
<!ATTLIST %enumeration;
%facetAttr;
%enumerationAttrs;>
<!ELEMENT %whiteSpace; %facetModel;>
<!ATTLIST %whiteSpace;
%facetAttr;
%fixedAttr;
%whiteSpaceAttrs;>
<!-- This one can be repeated -->
<!ELEMENT %pattern; %facetModel;>
<!ATTLIST %pattern;
%facetAttr;
%patternAttrs;>

View file

@ -0,0 +1,124 @@
<?xml version='1.0'?>
<!DOCTYPE xs:schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" >
<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xml:lang="en">
<xs:annotation>
<xs:documentation>
See http://www.w3.org/XML/1998/namespace.html and
http://www.w3.org/TR/REC-xml for information about this namespace.
This schema document describes the XML namespace, in a form
suitable for import by other schema documents.
Note that local names in this namespace are intended to be defined
only by the World Wide Web Consortium or its subgroups. The
following names are currently defined in this namespace and should
not be used with conflicting semantics by any Working Group,
specification, or document instance:
base (as an attribute name): denotes an attribute whose value
provides a URI to be used as the base for interpreting any
relative URIs in the scope of the element on which it
appears; its value is inherited. This name is reserved
by virtue of its definition in the XML Base specification.
lang (as an attribute name): denotes an attribute whose value
is a language code for the natural language of the content of
any element; its value is inherited. This name is reserved
by virtue of its definition in the XML specification.
space (as an attribute name): denotes an attribute whose
value is a keyword indicating what whitespace processing
discipline is intended for the content of the element; its
value is inherited. This name is reserved by virtue of its
definition in the XML specification.
Father (in any context at all): denotes Jon Bosak, the chair of
the original XML Working Group. This name is reserved by
the following decision of the W3C XML Plenary and
XML Coordination groups:
In appreciation for his vision, leadership and dedication
the W3C XML Plenary on this 10th day of February, 2000
reserves for Jon Bosak in perpetuity the XML name
xml:Father
</xs:documentation>
</xs:annotation>
<xs:annotation>
<xs:documentation>This schema defines attributes and an attribute group
suitable for use by
schemas wishing to allow xml:base, xml:lang or xml:space attributes
on elements they define.
To enable this, such a schema must import this schema
for the XML namespace, e.g. as follows:
&lt;schema . . .>
. . .
&lt;import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>
Subsequently, qualified reference to any of the attributes
or the group defined below will have the desired effect, e.g.
&lt;type . . .>
. . .
&lt;attributeGroup ref="xml:specialAttrs"/>
will define a type which will schema-validate an instance
element with any of those attributes
</xs:documentation>
</xs:annotation>
<xs:annotation>
<xs:documentation>In keeping with the XML Schema WG's standard versioning
policy, this schema document will persist at
http://www.w3.org/2001/03/xml.xsd.
At the date of issue it can also be found at
http://www.w3.org/2001/xml.xsd.
The schema document at that URI may however change in the future,
in order to remain compatible with the latest version of XML Schema
itself. In other words, if the XML Schema namespace changes, the version
of this document at
http://www.w3.org/2001/xml.xsd will change
accordingly; the version at
http://www.w3.org/2001/03/xml.xsd will not change.
</xs:documentation>
</xs:annotation>
<xs:attribute name="lang" type="xs:language">
<xs:annotation>
<xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter
codes as the enumerated possible values . . .
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="space" default="preserve">
<xs:simpleType>
<xs:restriction base="xs:NCName">
<xs:enumeration value="default"/>
<xs:enumeration value="preserve"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="base" type="xs:anyURI">
<xs:annotation>
<xs:documentation>See http://www.w3.org/TR/xmlbase/ for
information about this attribute.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup name="specialAttrs">
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
<xs:attribute ref="xml:space"/>
</xs:attributeGroup>
</xs:schema>

View file

@ -0,0 +1,210 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright © OASIS Open 2002-2004. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-->
<xsd:schema targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified" attributeFormDefault="unqualified" blockDefault="#all" version="0.2">
<xsd:import namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
<xsd:complexType name="AttributedString">
<xsd:annotation>
<xsd:documentation>This type represents an element with arbitrary attributes.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute ref="wsu:Id"/>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="PasswordString">
<xsd:annotation>
<xsd:documentation>This type is used for password elements per Section 4.1.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="wsse:AttributedString">
<xsd:attribute name="Type" type="xsd:anyURI"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EncodedString">
<xsd:annotation>
<xsd:documentation>This type is used for elements containing stringified binary data.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="wsse:AttributedString">
<xsd:attribute name="EncodingType" type="xsd:anyURI"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="UsernameTokenType">
<xsd:annotation>
<xsd:documentation>This type represents a username token per Section 4.1</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="Username" type="wsse:AttributedString"/>
<xsd:any processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute ref="wsu:Id"/>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:complexType>
<xsd:complexType name="BinarySecurityTokenType">
<xsd:annotation>
<xsd:documentation>A security token that is encoded in binary</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="wsse:EncodedString">
<xsd:attribute name="ValueType" type="xsd:anyURI"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="KeyIdentifierType">
<xsd:annotation>
<xsd:documentation>A security token key identifier</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="wsse:EncodedString">
<xsd:attribute name="ValueType" type="xsd:anyURI"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:simpleType name="tUsage">
<xsd:annotation>
<xsd:documentation>Typedef to allow a list of usages (as URIs).</xsd:documentation>
</xsd:annotation>
<xsd:list itemType="xsd:anyURI"/>
</xsd:simpleType>
<xsd:attribute name="Usage" type="tUsage">
<xsd:annotation>
<xsd:documentation>This global attribute is used to indicate the usage of a referenced or indicated token within
the containing context
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:complexType name="ReferenceType">
<xsd:annotation>
<xsd:documentation>This type represents a reference to an external security token.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="URI" type="xsd:anyURI"/>
<xsd:attribute name="ValueType" type="xsd:anyURI"/>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:complexType>
<xsd:complexType name="EmbeddedType">
<xsd:annotation>
<xsd:documentation>This type represents a reference to an embedded security token.</xsd:documentation>
</xsd:annotation>
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:any processContents="lax"/>
</xsd:choice>
<xsd:attribute name="ValueType" type="xsd:anyURI"/>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:complexType>
<xsd:complexType name="SecurityTokenReferenceType">
<xsd:annotation>
<xsd:documentation>This type is used reference a security token.</xsd:documentation>
</xsd:annotation>
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:any processContents="lax"/>
</xsd:choice>
<xsd:attribute ref="wsu:Id"/>
<xsd:attribute ref="wsse:Usage"/>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:complexType>
<xsd:complexType name="SecurityHeaderType">
<xsd:annotation>
<xsd:documentation>This complexType defines header block to use for security-relevant data directed at a specific
SOAP actor.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:any processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The use of "any" is to allow extensibility and different forms of security data.
</xsd:documentation>
</xsd:annotation>
</xsd:any>
</xsd:sequence>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:complexType>
<xsd:complexType name="TransformationParametersType">
<xsd:annotation>
<xsd:documentation>This complexType defines a container for elements to be specified from any namespace as
properties/parameters of a DSIG transformation.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:any processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The use of "any" is to allow extensibility from any namespace.</xsd:documentation>
</xsd:annotation>
</xsd:any>
</xsd:sequence>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:complexType>
<xsd:element name="UsernameToken" type="wsse:UsernameTokenType">
<xsd:annotation>
<xsd:documentation>This element defines the wsse:UsernameToken element per Section 4.1.</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="BinarySecurityToken" type="wsse:BinarySecurityTokenType">
<xsd:annotation>
<xsd:documentation>This element defines the wsse:BinarySecurityToken element per Section 4.2.</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="Reference" type="wsse:ReferenceType">
<xsd:annotation>
<xsd:documentation>This element defines a security token reference</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="Embedded" type="wsse:EmbeddedType">
<xsd:annotation>
<xsd:documentation>This element defines a security token embedded reference</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="KeyIdentifier" type="wsse:KeyIdentifierType">
<xsd:annotation>
<xsd:documentation>This element defines a key identifier reference</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="SecurityTokenReference" type="wsse:SecurityTokenReferenceType">
<xsd:annotation>
<xsd:documentation>This element defines the wsse:SecurityTokenReference per Section 4.3.</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="Security" type="wsse:SecurityHeaderType">
<xsd:annotation>
<xsd:documentation>This element defines the wsse:Security SOAP header element per Section 4.</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="TransformationParameters" type="wsse:TransformationParametersType">
<xsd:annotation>
<xsd:documentation>This element contains properties for transformations from any namespace, including DSIG.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="Password" type="wsse:PasswordString"/>
<xsd:element name="Nonce" type="wsse:EncodedString"/>
<xsd:simpleType name="FaultcodeEnum">
<xsd:restriction base="xsd:QName">
<xsd:enumeration value="wsse:UnsupportedSecurityToken"/>
<xsd:enumeration value="wsse:UnsupportedAlgorithm"/>
<xsd:enumeration value="wsse:InvalidSecurity"/>
<xsd:enumeration value="wsse:InvalidSecurityToken"/>
<xsd:enumeration value="wsse:FailedAuthentication"/>
<xsd:enumeration value="wsse:FailedCheck"/>
<xsd:enumeration value="wsse:SecurityTokenUnavailable"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:schema>

View file

@ -0,0 +1,109 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright © OASIS Open 2002-2004. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-->
<xsd:schema targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.1">
<!-- // Fault Codes /////////////////////////////////////////// -->
<xsd:simpleType name="tTimestampFault">
<xsd:annotation>
<xsd:documentation>
This type defines the fault code value for Timestamp message expiration.
</xsd:documentation>
</xsd:annotation>
<xsd:restriction base="xsd:QName">
<xsd:enumeration value="wsu:MessageExpired"/>
</xsd:restriction>
</xsd:simpleType>
<!-- // Global attributes //////////////////////////////////// -->
<xsd:attribute name="Id" type="xsd:ID">
<xsd:annotation>
<xsd:documentation>
This global attribute supports annotating arbitrary elements with an ID.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attributeGroup name="commonAtts">
<xsd:annotation>
<xsd:documentation>
Convenience attribute group used to simplify this schema.
</xsd:documentation>
</xsd:annotation>
<xsd:attribute ref="wsu:Id" use="optional"/>
<xsd:anyAttribute namespace="##other" processContents="lax"/>
</xsd:attributeGroup>
<!-- // Utility types //////////////////////////////////////// -->
<xsd:complexType name="AttributedDateTime">
<xsd:annotation>
<xsd:documentation>
This type is for elements whose [children] is a psuedo-dateTime and can have arbitrary attributes.
</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attributeGroup ref="wsu:commonAtts"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="AttributedURI">
<xsd:annotation>
<xsd:documentation>
This type is for elements whose [children] is an anyURI and can have arbitrary attributes.
</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:extension base="xsd:anyURI">
<xsd:attributeGroup ref="wsu:commonAtts"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<!-- // Timestamp header components /////////////////////////// -->
<xsd:complexType name="TimestampType">
<xsd:annotation>
<xsd:documentation>
This complex type ties together the timestamp related elements into a composite type.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element ref="wsu:Created" minOccurs="0"/>
<xsd:element ref="wsu:Expires" minOccurs="0"/>
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:any namespace="##other" processContents="lax"/>
</xsd:choice>
</xsd:sequence>
<xsd:attributeGroup ref="wsu:commonAtts"/>
</xsd:complexType>
<xsd:element name="Timestamp" type="wsu:TimestampType">
<xsd:annotation>
<xsd:documentation>
This element allows Timestamps to be applied anywhere element wildcards are present,
including as a SOAP header.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<!-- global element decls to allow individual elements to appear anywhere -->
<xsd:element name="Expires" type="wsu:AttributedDateTime">
<xsd:annotation>
<xsd:documentation>
This element allows an expiration time to be applied anywhere element wildcards are present.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="Created" type="wsu:AttributedDateTime">
<xsd:annotation>
<xsd:documentation>
This element allows a creation time to be applied anywhere element wildcards are present.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:schema>

View file

@ -0,0 +1,140 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
W3C XML Schema defined in the Web Services Addressing 1.0 specification
http://www.w3.org/TR/ws-addr-core
Copyright © 2005 World Wide Web Consortium,
(Massachusetts Institute of Technology, European Research Consortium for
Informatics and Mathematics, Keio University). All Rights Reserved. This
work is distributed under the W3C® Software License [1] in the hope that
it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[1] http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
$Id: ws-addr.xsd,v 1.2 2008/07/23 13:38:16 plehegar Exp $
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://www.w3.org/2005/08/addressing"
targetNamespace="http://www.w3.org/2005/08/addressing" blockDefault="#all" elementFormDefault="qualified"
finalDefault="" attributeFormDefault="unqualified">
<!-- Constructs from the WS-Addressing Core -->
<xs:element name="EndpointReference" type="tns:EndpointReferenceType"/>
<xs:complexType name="EndpointReferenceType" mixed="false">
<xs:sequence>
<xs:element name="Address" type="tns:AttributedURIType"/>
<xs:element ref="tns:ReferenceParameters" minOccurs="0"/>
<xs:element ref="tns:Metadata" minOccurs="0"/>
<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
<xs:element name="ReferenceParameters" type="tns:ReferenceParametersType"/>
<xs:complexType name="ReferenceParametersType" mixed="false">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
<xs:element name="Metadata" type="tns:MetadataType"/>
<xs:complexType name="MetadataType" mixed="false">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
<xs:element name="MessageID" type="tns:AttributedURIType"/>
<xs:element name="RelatesTo" type="tns:RelatesToType"/>
<xs:complexType name="RelatesToType" mixed="false">
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:attribute name="RelationshipType" type="tns:RelationshipTypeOpenEnum" use="optional"
default="http://www.w3.org/2005/08/addressing/reply"/>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="RelationshipTypeOpenEnum">
<xs:union memberTypes="tns:RelationshipType xs:anyURI"/>
</xs:simpleType>
<xs:simpleType name="RelationshipType">
<xs:restriction base="xs:anyURI">
<xs:enumeration value="http://www.w3.org/2005/08/addressing/reply"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="ReplyTo" type="tns:EndpointReferenceType"/>
<xs:element name="From" type="tns:EndpointReferenceType"/>
<xs:element name="FaultTo" type="tns:EndpointReferenceType"/>
<xs:element name="To" type="tns:AttributedURIType"/>
<xs:element name="Action" type="tns:AttributedURIType"/>
<xs:complexType name="AttributedURIType" mixed="false">
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- Constructs from the WS-Addressing SOAP binding -->
<xs:attribute name="IsReferenceParameter" type="xs:boolean"/>
<xs:simpleType name="FaultCodesOpenEnumType">
<xs:union memberTypes="tns:FaultCodesType xs:QName"/>
</xs:simpleType>
<xs:simpleType name="FaultCodesType">
<xs:restriction base="xs:QName">
<xs:enumeration value="tns:InvalidAddressingHeader"/>
<xs:enumeration value="tns:InvalidAddress"/>
<xs:enumeration value="tns:InvalidEPR"/>
<xs:enumeration value="tns:InvalidCardinality"/>
<xs:enumeration value="tns:MissingAddressInEPR"/>
<xs:enumeration value="tns:DuplicateMessageID"/>
<xs:enumeration value="tns:ActionMismatch"/>
<xs:enumeration value="tns:MessageAddressingHeaderRequired"/>
<xs:enumeration value="tns:DestinationUnreachable"/>
<xs:enumeration value="tns:ActionNotSupported"/>
<xs:enumeration value="tns:EndpointUnavailable"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="RetryAfter" type="tns:AttributedUnsignedLongType"/>
<xs:complexType name="AttributedUnsignedLongType" mixed="false">
<xs:simpleContent>
<xs:extension base="xs:unsignedLong">
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:element name="ProblemHeaderQName" type="tns:AttributedQNameType"/>
<xs:complexType name="AttributedQNameType" mixed="false">
<xs:simpleContent>
<xs:extension base="xs:QName">
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:element name="ProblemIRI" type="tns:AttributedURIType"/>
<xs:element name="ProblemAction" type="tns:ProblemActionType"/>
<xs:complexType name="ProblemActionType" mixed="false">
<xs:sequence>
<xs:element ref="tns:Action" minOccurs="0"/>
<xs:element name="SoapAction" minOccurs="0" type="xs:anyURI"/>
</xs:sequence>
<xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>
</xs:schema>

View file

@ -0,0 +1,117 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
(c) 2001-2006 BEA Systems Inc., International Business Machines Corporation, Microsoft Corporation, Inc., SAP AG, Sonic Software, and VeriSign, Inc. All rights reserved.
Permission to copy and display the WS-Policy Specification (the "Specification", which includes WSDL and schema documents), in any medium without fee or royalty is hereby granted, provided that you include the following on ALL copies of the WS-Policy Specification, that you make:
1. A link or URL to the WS-Policy Specification at one of the Authors' websites
2. The copyright notice as shown in the WS-Policy Specification.
BEA Systems, IBM, Microsoft, SAP, Sonic Software, and VeriSign (collectively, the "Authors") each agree to grant you a license, under royalty-free and otherwise reasonable, non-discriminatory terms and conditions, to their respective essential patent claims that they deem necessary to implement the WS-Policy Specification.
THE WS-POLICY SPECIFICATION IS PROVIDED "AS IS," AND THE AUTHORS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE WS-POLICY SPECIFICATION ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THE WS-POLICY SPECIFICATION.
The name and trademarks of the Authors may NOT be used in any manner, including advertising or publicity pertaining to the WS-Policy Specification or its contents without specific, written prior permission. Title to copyright in the WS-Policy Specification will at all times remain with the Authors.
No other rights are granted by implication, estoppel or otherwise.
-->
<xs:schema
targetNamespace="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:tns="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
elementFormDefault="qualified"
blockDefault="#all">
<xs:import
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
<xs:import
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
<!-- ////////// WS-Policy ////////// -->
<xs:element name="Policy">
<xs:complexType>
<xs:complexContent>
<xs:extension base="tns:OperatorContentType">
<xs:attribute name="Name" type="xs:anyURI"/>
<xs:attribute ref="wsu:Id"/>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
<xs:element name="All" type="tns:OperatorContentType"/>
<xs:element name="ExactlyOne" type="tns:OperatorContentType"/>
<xs:complexType name="OperatorContentType">
<xs:sequence>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="tns:Policy"/>
<xs:element ref="tns:All"/>
<xs:element ref="tns:ExactlyOne"/>
<xs:element ref="tns:PolicyReference"/>
<xs:any namespace="##other" processContents="lax"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:element name="PolicyReference">
<xs:complexType>
<xs:attribute name="URI" type="xs:anyURI" use="required"/>
<xs:attribute name="Digest" type="xs:base64Binary"/>
<xs:attribute name="DigestAlgorithm"
type="xs:anyURI"
default="http://schemas.xmlsoap.org/ws/2004/09/policy/Sha1Exc"
/>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
</xs:element>
<xs:attribute name="Optional" type="xs:boolean" default="false"/>
<!-- ////////// WS-PolicyAttachment ////////// -->
<xs:attribute name="PolicyURIs">
<xs:simpleType>
<xs:list itemType="xs:anyURI"/>
</xs:simpleType>
</xs:attribute>
<xs:element name="PolicyAttachment">
<xs:complexType>
<xs:sequence>
<xs:element ref="tns:AppliesTo"/>
<xs:choice maxOccurs="unbounded">
<xs:element ref="tns:Policy"/>
<xs:element ref="tns:PolicyReference"/>
</xs:choice>
<!-- omitted only because it causes the content model to be non-determistic
<xs:element ref="wsse:Security" minOccurs="0" />
-->
<xs:any namespace="##other"
processContents="lax"
minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
</xs:element>
<xs:element name="AppliesTo">
<xs:complexType>
<xs:sequence>
<xs:any namespace="##any"
processContents="lax"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
</xs:element>
</xs:schema>

View file

@ -0,0 +1,444 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright © OASIS Open 2002-2006. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-->
<xs:schema xmlns:xs='http://www.w3.org/2001/XMLSchema'
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
xmlns:wsa='http://www.w3.org/2005/08/addressing'
xmlns:wst='http://docs.oasis-open.org/ws-sx/ws-trust/200512'
targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'
elementFormDefault='qualified'>
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
schemaLocation='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'/>
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
schemaLocation='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'/>
<xs:import namespace='http://schemas.xmlsoap.org/ws/2004/09/policy'
schemaLocation='http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd'/>
<xs:import namespace='http://www.w3.org/2005/08/addressing'
schemaLocation='http://www.w3.org/2006/03/addressing/ws-addr.xsd'/>
<!-- WS-Trust Section 3.1 -->
<xs:element name='RequestSecurityToken' type='wst:RequestSecurityTokenType'/>
<xs:complexType name='RequestSecurityTokenType'>
<xs:annotation>
<xs:documentation>
Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
&lt;xs:element ref='wst:TokenType' minOccurs='0' />
&lt;xs:element ref='wst:RequestType' />
&lt;xs:element ref='wsp:AppliesTo' minOccurs='0' />
&lt;xs:element ref='wst:Claims' minOccurs='0' />
&lt;xs:element ref='wst:Entropy' minOccurs='0' />
&lt;xs:element ref='wst:Lifetime' minOccurs='0' />
&lt;xs:element ref='wst:AllowPostdating' minOccurs='0' />
&lt;xs:element ref='wst:Renewing' minOccurs='0' />
&lt;xs:element ref='wst:OnBehalfOf' minOccurs='0' />
&lt;xs:element ref='wst:Issuer' minOccurs='0' />
&lt;xs:element ref='wst:AuthenticationType' minOccurs='0' />
&lt;xs:element ref='wst:KeyType' minOccurs='0' />
&lt;xs:element ref='wst:KeySize' minOccurs='0' />
&lt;xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
&lt;xs:element ref='wst:Encryption' minOccurs='0' />
&lt;xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' />
&lt;xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
&lt;xs:element ref='wst:ProofEncryption' minOccurs='0' />
&lt;xs:element ref='wst:UseKey' minOccurs='0' />
&lt;xs:element ref='wst:SignWith' minOccurs='0' />
&lt;xs:element ref='wst:EncryptWith' minOccurs='0' />
&lt;xs:element ref='wst:DelegateTo' minOccurs='0' />
&lt;xs:element ref='wst:Forwardable' minOccurs='0' />
&lt;xs:element ref='wst:Delegatable' minOccurs='0' />
&lt;xs:element ref='wsp:Policy' minOccurs='0' />
&lt;xs:element ref='wsp:PolicyReference' minOccurs='0' />
&lt;xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
<xs:attribute name='Context' type='xs:anyURI' use='optional'/>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:complexType>
<xs:element name='TokenType' type='xs:anyURI'/>
<xs:element name='RequestType' type='wst:RequestTypeOpenEnum'/>
<xs:simpleType name='RequestTypeOpenEnum'>
<xs:union memberTypes='wst:RequestTypeEnum xs:anyURI'/>
</xs:simpleType>
<xs:simpleType name='RequestTypeEnum'>
<xs:restriction base='xs:anyURI'>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/STSCancel'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate'/>
</xs:restriction>
</xs:simpleType>
<!-- WS-Trust Section 3.2 -->
<xs:element name='RequestSecurityTokenResponse' type='wst:RequestSecurityTokenResponseType'/>
<xs:complexType name='RequestSecurityTokenResponseType'>
<xs:annotation>
<xs:documentation>
Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
&lt;xs:element ref='wst:TokenType' minOccurs='0' />
&lt;xs:element ref='wst:RequestType' />
&lt;xs:element ref='wst:RequestedSecurityToken' minOccurs='0' />
&lt;xs:element ref='wsp:AppliesTo' minOccurs='0' />
&lt;xs:element ref='wst:RequestedAttachedReference' minOccurs='0' />
&lt;xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' />
&lt;xs:element ref='wst:RequestedProofToken' minOccurs='0' />
&lt;xs:element ref='wst:Entropy' minOccurs='0' />
&lt;xs:element ref='wst:Lifetime' minOccurs='0' />
&lt;xs:element ref='wst:Status' minOccurs='0' />
&lt;xs:element ref='wst:AllowPostdating' minOccurs='0' />
&lt;xs:element ref='wst:Renewing' minOccurs='0' />
&lt;xs:element ref='wst:OnBehalfOf' minOccurs='0' />
&lt;xs:element ref='wst:Issuer' minOccurs='0' />
&lt;xs:element ref='wst:AuthenticationType' minOccurs='0' />
&lt;xs:element ref='wst:Authenticator' minOccurs='0' />
&lt;xs:element ref='wst:KeyType' minOccurs='0' />
&lt;xs:element ref='wst:KeySize' minOccurs='0' />
&lt;xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
&lt;xs:element ref='wst:Encryption' minOccurs='0' />
&lt;xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' />
&lt;xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
&lt;xs:element ref='wst:ProofEncryption' minOccurs='0' />
&lt;xs:element ref='wst:UseKey' minOccurs='0' />
&lt;xs:element ref='wst:SignWith' minOccurs='0' />
&lt;xs:element ref='wst:EncryptWith' minOccurs='0' />
&lt;xs:element ref='wst:DelegateTo' minOccurs='0' />
&lt;xs:element ref='wst:Forwardable' minOccurs='0' />
&lt;xs:element ref='wst:Delegatable' minOccurs='0' />
&lt;xs:element ref='wsp:Policy' minOccurs='0' />
&lt;xs:element ref='wsp:PolicyReference' minOccurs='0' />
&lt;xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
<xs:attribute name='Context' type='xs:anyURI' use='optional'/>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:complexType>
<xs:element name='RequestedSecurityToken' type='wst:RequestedSecurityTokenType'/>
<xs:complexType name='RequestedSecurityTokenType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 3.3 -->
<xs:element name='BinarySecret' type='wst:BinarySecretType'/>
<xs:complexType name='BinarySecretType'>
<xs:simpleContent>
<xs:extension base='xs:base64Binary'>
<xs:attribute name='Type' type='wst:BinarySecretTypeOpenEnum' use='optional'/>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name='BinarySecretTypeEnum'>
<xs:restriction base='xs:anyURI'>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/AsymmetricKey'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce'/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='BinarySecretTypeOpenEnum'>
<xs:union memberTypes='wst:BinarySecretTypeEnum xs:anyURI'/>
</xs:simpleType>
<!-- WS-Trust Section 4.1 -->
<xs:element name='Claims' type='wst:ClaimsType'/>
<xs:complexType name='ClaimsType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
<xs:attribute name='Dialect' type='xs:anyURI' use='optional'/>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:complexType>
<xs:element name='Entropy' type='wst:EntropyType'/>
<xs:complexType name='EntropyType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:complexType>
<xs:element name='Lifetime' type='wst:LifetimeType'/>
<xs:complexType name='LifetimeType'>
<xs:sequence>
<xs:element ref='wsu:Created' minOccurs='0'/>
<xs:element ref='wsu:Expires' minOccurs='0'/>
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 4.2 -->
<xs:element name='RequestSecurityTokenCollection' type='wst:RequestSecurityTokenCollectionType'/>
<xs:complexType name='RequestSecurityTokenCollectionType'>
<xs:annotation>
<xs:documentation>
The RequestSecurityTokenCollection (RSTC) element is used to provide multiple RST requests.
One or more RSTR elements in an RSTRC element are returned in the response to the
RequestSecurityTokenCollection.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element name='RequestSecurityToken' type='wst:RequestSecurityTokenType' minOccurs='2' maxOccurs='unbounded'/>
</xs:sequence>
</xs:complexType>
<xs:element name='RequestSecurityTokenResponseCollection' type='wst:RequestSecurityTokenResponseCollectionType'/>
<xs:complexType name='RequestSecurityTokenResponseCollectionType'>
<xs:annotation>
<xs:documentation>
The &lt;wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST be used to return a security token or
response to a security token request on the final response.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:element ref='wst:RequestSecurityTokenResponse' minOccurs='1' maxOccurs='unbounded'/>
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:complexType>
<!-- WS-Trust Section 4.3 -->
<xs:element name='ComputedKey' type='wst:ComputedKeyOpenEnum'/>
<xs:simpleType name='ComputedKeyEnum'>
<xs:restriction base='xs:anyURI'>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/HASH'/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='ComputedKeyOpenEnum'>
<xs:union memberTypes='wst:ComputedKeyEnum xs:anyURI'/>
</xs:simpleType>
<xs:element name='RequestedAttachedReference' type='wst:RequestedReferenceType'/>
<xs:element name='RequestedUnattachedReference' type='wst:RequestedReferenceType'/>
<xs:complexType name='RequestedReferenceType'>
<xs:sequence>
<xs:element ref='wsse:SecurityTokenReference'/>
</xs:sequence>
</xs:complexType>
<xs:element name='RequestedProofToken' type='wst:RequestedProofTokenType'/>
<xs:complexType name='RequestedProofTokenType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 6.4 -->
<xs:element name='IssuedTokens' type='wst:RequestSecurityTokenResponseCollectionType'/>
<!-- WS-Trust Section 5 -->
<xs:element name='RenewTarget' type='wst:RenewTargetType'/>
<xs:complexType name='RenewTargetType'>
<xs:sequence>
<xs:any namespace='##other' minOccurs='1' maxOccurs='1'/>
</xs:sequence>
</xs:complexType>
<xs:element name='AllowPostdating' type='wst:AllowPostdatingType'/>
<xs:complexType name='AllowPostdatingType'/>
<xs:element name='Renewing' type='wst:RenewingType'/>
<xs:complexType name='RenewingType'>
<xs:attribute name='Allow' type='xs:boolean' use='optional'/>
<xs:attribute name='OK' type='xs:boolean' use='optional'/>
</xs:complexType>
<!-- WS-Trust Section 6 -->
<xs:element name='CancelTarget' type='wst:CancelTargetType'/>
<xs:complexType name='CancelTargetType'>
<xs:sequence>
<xs:any namespace='##other' minOccurs='1' maxOccurs='1'/>
</xs:sequence>
</xs:complexType>
<xs:element name='RequestedTokenCancelled' type='wst:RequestedTokenCancelledType'/>
<xs:complexType name='RequestedTokenCancelledType'/>
<!-- WS-Trust Section 7 -->
<xs:element name='ValidateTarget' type='wst:ValidateTargetType'/>
<xs:complexType name='ValidateTargetType'>
<xs:sequence>
<xs:any namespace='##other' minOccurs='1' maxOccurs='1'/>
</xs:sequence>
</xs:complexType>
<xs:element name='Status' type='wst:StatusType'/>
<xs:complexType name='StatusType'>
<xs:sequence>
<xs:element name='Code' type='wst:StatusCodeOpenEnum'/>
<xs:element name='Reason' type='xs:string' minOccurs='0'/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name='StatusCodeEnum'>
<xs:restriction base='xs:anyURI'>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/invalid'/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='StatusCodeOpenEnum'>
<xs:union memberTypes='wst:StatusCodeEnum xs:anyURI'/>
</xs:simpleType>
<!-- WS-Trust Section 8.2 -->
<xs:element name='SignChallenge' type='wst:SignChallengeType'/>
<xs:element name='SignChallengeResponse' type='wst:SignChallengeType'/>
<xs:complexType name='SignChallengeType'>
<xs:sequence>
<xs:element ref='wst:Challenge'/>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
<xs:anyAttribute namespace='##any' processContents='lax'/>
</xs:complexType>
<xs:element name='Challenge' type='xs:string'/>
<!-- WS-Trust Section 8.3 -->
<xs:element name='BinaryExchange' type='wst:BinaryExchangeType'/>
<xs:complexType name='BinaryExchangeType'>
<xs:simpleContent>
<xs:extension base='xs:string'>
<xs:attribute name='ValueType' type='xs:anyURI' use='required'/>
<xs:attribute name='EncodingType' type='xs:anyURI' use='required'/>
<xs:anyAttribute namespace='##other' processContents='lax'/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- WS-Trust Section 8.4 -->
<xs:element name='RequestKET' type='wst:RequestKETType'/>
<xs:complexType name='RequestKETType'/>
<xs:element name='KeyExchangeToken' type='wst:KeyExchangeTokenType'/>
<xs:complexType name='KeyExchangeTokenType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 8.9 -->
<xs:element name='Authenticator' type='wst:AuthenticatorType'/>
<xs:complexType name='AuthenticatorType'>
<xs:sequence>
<xs:element ref='wst:CombinedHash' minOccurs='0'/>
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
</xs:complexType>
<xs:element name='CombinedHash' type='xs:base64Binary'/>
<!-- WS-Trust Section 9.1 -->
<xs:element name='OnBehalfOf' type='wst:OnBehalfOfType'/>
<xs:complexType name='OnBehalfOfType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
<xs:element name='Issuer' type='wsa:EndpointReferenceType'/>
<!-- WS-Trust Section 9.2 -->
<xs:element name='AuthenticationType' type='xs:anyURI'/>
<xs:element name='KeyType' type='wst:KeyTypeOpenEnum'/>
<xs:simpleType name='KeyTypeEnum'>
<xs:restriction base='xs:anyURI'>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey'/>
<xs:enumeration value='http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey'/>
<xs:enumeration value='http://docs.oasis-open.org/wssx/wstrust/200512/Bearer'/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='KeyTypeOpenEnum'>
<xs:union memberTypes='wst:KeyTypeEnum xs:anyURI'/>
</xs:simpleType>
<xs:element name='KeySize' type='xs:unsignedInt'/>
<xs:element name='SignatureAlgorithm' type='xs:anyURI'/>
<xs:element name='EncryptionAlgorithm' type='xs:anyURI'/>
<xs:element name='CanonicalizationAlgorithm' type='xs:anyURI'/>
<xs:element name='ComputedKeyAlgorithm' type='xs:anyURI'/>
<xs:element name='Encryption' type='wst:EncryptionType'/>
<xs:complexType name='EncryptionType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
<xs:element name='ProofEncryption' type='wst:ProofEncryptionType'/>
<xs:complexType name='ProofEncryptionType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
<xs:element name='UseKey' type='wst:UseKeyType'/>
<xs:complexType name='UseKeyType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0'/>
</xs:sequence>
<xs:attribute name='Sig' type='xs:anyURI' use='optional'/>
</xs:complexType>
<xs:element name='KeyWrapAlgorithm' type='xs:anyURI'/>
<xs:element name='SignWith' type='xs:anyURI'/>
<xs:element name='EncryptWith' type='xs:anyURI'/>
<!-- WS-Trust Section 9.3 -->
<xs:element name='DelegateTo' type='wst:DelegateToType'/>
<xs:complexType name='DelegateToType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
<xs:element name='Forwardable' type='xs:boolean'/>
<xs:element name='Delegatable' type='xs:boolean'/>
<!-- WS-Trust Section 9.5 -->
<xs:element name='Participants' type='wst:ParticipantsType'/>
<xs:complexType name='ParticipantsType'>
<xs:sequence>
<xs:element name='Primary' type='wst:ParticipantType' minOccurs='0'/>
<xs:element name='Participant' type='wst:ParticipantType' minOccurs='0' maxOccurs='unbounded'/>
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
</xs:complexType>
<xs:complexType name='ParticipantType'>
<xs:sequence>
<xs:any namespace='##any' processContents='lax'/>
</xs:sequence>
</xs:complexType>
</xs:schema>

View file

@ -0,0 +1,135 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:oasis:names:tc:xacml:2.0:context:schema:os" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" schemaLocation="access_control-xacml-2.0-policy-schema-os.xsd"/>
<!-- -->
<xs:element name="Request" type="xacml-context:RequestType"/>
<xs:complexType name="RequestType">
<xs:sequence>
<xs:element ref="xacml-context:Subject" maxOccurs="unbounded"/>
<xs:element ref="xacml-context:Resource" maxOccurs="unbounded"/>
<xs:element ref="xacml-context:Action"/>
<xs:element ref="xacml-context:Environment"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Response" type="xacml-context:ResponseType"/>
<xs:complexType name="ResponseType">
<xs:sequence>
<xs:element ref="xacml-context:Result" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Subject" type="xacml-context:SubjectType"/>
<xs:complexType name="SubjectType">
<xs:sequence>
<xs:element ref="xacml-context:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="SubjectCategory" type="xs:anyURI" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
</xs:complexType>
<!-- -->
<xs:element name="Resource" type="xacml-context:ResourceType"/>
<xs:complexType name="ResourceType">
<xs:sequence>
<xs:element ref="xacml-context:ResourceContent" minOccurs="0"/>
<xs:element ref="xacml-context:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="ResourceContent" type="xacml-context:ResourceContentType"/>
<xs:complexType name="ResourceContentType" mixed="true">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
<!-- -->
<xs:element name="Action" type="xacml-context:ActionType"/>
<xs:complexType name="ActionType">
<xs:sequence>
<xs:element ref="xacml-context:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Environment" type="xacml-context:EnvironmentType"/>
<xs:complexType name="EnvironmentType">
<xs:sequence>
<xs:element ref="xacml-context:Attribute" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Attribute" type="xacml-context:AttributeType"/>
<xs:complexType name="AttributeType">
<xs:sequence>
<xs:element ref="xacml-context:AttributeValue" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="Issuer" type="xs:string" use="optional"/>
</xs:complexType>
<!-- -->
<xs:element name="AttributeValue" type="xacml-context:AttributeValueType"/>
<xs:complexType name="AttributeValueType" mixed="true">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
<!-- -->
<xs:element name="Result" type="xacml-context:ResultType"/>
<xs:complexType name="ResultType">
<xs:sequence>
<xs:element ref="xacml-context:Decision"/>
<xs:element ref="xacml-context:Status" minOccurs="0"/>
<xs:element ref="xacml:Obligations" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="ResourceId" type="xs:string" use="optional"/>
</xs:complexType>
<!-- -->
<xs:element name="Decision" type="xacml-context:DecisionType"/>
<xs:simpleType name="DecisionType">
<xs:restriction base="xs:string">
<xs:enumeration value="Permit"/>
<xs:enumeration value="Deny"/>
<xs:enumeration value="Indeterminate"/>
<xs:enumeration value="NotApplicable"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:element name="Status" type="xacml-context:StatusType"/>
<xs:complexType name="StatusType">
<xs:sequence>
<xs:element ref="xacml-context:StatusCode"/>
<xs:element ref="xacml-context:StatusMessage" minOccurs="0"/>
<xs:element ref="xacml-context:StatusDetail" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="StatusCode" type="xacml-context:StatusCodeType"/>
<xs:complexType name="StatusCodeType">
<xs:sequence>
<xs:element ref="xacml-context:StatusCode" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="Value" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="StatusMessage" type="xs:string"/>
<!-- -->
<xs:element name="StatusDetail" type="xacml-context:StatusDetailType"/>
<xs:complexType name="StatusDetailType">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="MissingAttributeDetail" type="xacml-context:MissingAttributeDetailType"/>
<xs:complexType name="MissingAttributeDetailType">
<xs:sequence>
<xs:element ref="xacml-context:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="Issuer" type="xs:string" use="optional"/>
</xs:complexType>
<!-- -->
</xs:schema>

View file

@ -0,0 +1,380 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" elementFormDefault="qualified" attributeFormDefault="unqualified">
<!-- -->
<xs:element name="PolicySet" type="xacml:PolicySetType"/>
<xs:complexType name="PolicySetType">
<xs:sequence>
<xs:element ref="xacml:Description" minOccurs="0"/>
<xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/>
<xs:element ref="xacml:Target"/>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml:PolicySet"/>
<xs:element ref="xacml:Policy"/>
<xs:element ref="xacml:PolicySetIdReference"/>
<xs:element ref="xacml:PolicyIdReference"/>
<xs:element ref="xacml:CombinerParameters"/>
<xs:element ref="xacml:PolicyCombinerParameters"/>
<xs:element ref="xacml:PolicySetCombinerParameters"/>
</xs:choice>
<xs:element ref="xacml:Obligations" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/>
<xs:attribute name="Version" type="xacml:VersionType" default="1.0"/>
<xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="CombinerParameters" type="xacml:CombinerParametersType"/>
<xs:complexType name="CombinerParametersType">
<xs:sequence>
<xs:element ref="xacml:CombinerParameter" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
<xs:complexType name="CombinerParameterType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
</xs:sequence>
<xs:attribute name="ParameterName" type="xs:string" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="RuleCombinerParameters" type="xacml:RuleCombinerParametersType"/>
<xs:complexType name="RuleCombinerParametersType">
<xs:complexContent>
<xs:extension base="xacml:CombinerParametersType">
<xs:attribute name="RuleIdRef" type="xs:string" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="PolicyCombinerParameters" type="xacml:PolicyCombinerParametersType"/>
<xs:complexType name="PolicyCombinerParametersType">
<xs:complexContent>
<xs:extension base="xacml:CombinerParametersType">
<xs:attribute name="PolicyIdRef" type="xs:anyURI" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="PolicySetCombinerParameters" type="xacml:PolicySetCombinerParametersType"/>
<xs:complexType name="PolicySetCombinerParametersType">
<xs:complexContent>
<xs:extension base="xacml:CombinerParametersType">
<xs:attribute name="PolicySetIdRef" type="xs:anyURI" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="PolicySetIdReference" type="xacml:IdReferenceType"/>
<xs:element name="PolicyIdReference" type="xacml:IdReferenceType"/>
<!-- -->
<xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/>
<xs:element name="PolicyDefaults" type="xacml:DefaultsType"/>
<xs:complexType name="DefaultsType">
<xs:sequence>
<xs:choice>
<xs:element ref="xacml:XPathVersion"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="XPathVersion" type="xs:anyURI"/>
<!-- -->
<xs:complexType name="IdReferenceType">
<xs:simpleContent>
<xs:extension base="xs:anyURI">
<xs:attribute name="Version" type="xacml:VersionMatchType" use="optional"/>
<xs:attribute name="EarliestVersion" type="xacml:VersionMatchType" use="optional"/>
<xs:attribute name="LatestVersion" type="xacml:VersionMatchType" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- -->
<xs:simpleType name="VersionType">
<xs:restriction base="xs:string">
<xs:pattern value="(\d+\.)*\d+"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:simpleType name="VersionMatchType">
<xs:restriction base="xs:string">
<xs:pattern value="((\d+|\*)\.)*(\d+|\*|\+)"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:element name="Policy" type="xacml:PolicyType"/>
<xs:complexType name="PolicyType">
<xs:sequence>
<xs:element ref="xacml:Description" minOccurs="0"/>
<xs:element ref="xacml:PolicyDefaults" minOccurs="0"/>
<xs:element ref="xacml:Target"/>
<xs:choice maxOccurs="unbounded">
<xs:element ref="xacml:CombinerParameters" minOccurs="0"/>
<xs:element ref="xacml:RuleCombinerParameters" minOccurs="0"/>
<xs:element ref="xacml:VariableDefinition"/>
<xs:element ref="xacml:Rule"/>
</xs:choice>
<xs:element ref="xacml:Obligations" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="PolicyId" type="xs:anyURI" use="required"/>
<xs:attribute name="Version" type="xacml:VersionType" default="1.0"/>
<xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="Description" type="xs:string"/>
<!-- -->
<xs:element name="Rule" type="xacml:RuleType"/>
<xs:complexType name="RuleType">
<xs:sequence>
<xs:element ref="xacml:Description" minOccurs="0"/>
<xs:element ref="xacml:Target" minOccurs="0"/>
<xs:element ref="xacml:Condition" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RuleId" type="xs:string" use="required"/>
<xs:attribute name="Effect" type="xacml:EffectType" use="required"/>
</xs:complexType>
<!-- -->
<xs:simpleType name="EffectType">
<xs:restriction base="xs:string">
<xs:enumeration value="Permit"/>
<xs:enumeration value="Deny"/>
</xs:restriction>
</xs:simpleType>
<!-- -->
<xs:element name="Target" type="xacml:TargetType"/>
<xs:complexType name="TargetType">
<xs:sequence>
<xs:element ref="xacml:Subjects" minOccurs="0"/>
<xs:element ref="xacml:Resources" minOccurs="0"/>
<xs:element ref="xacml:Actions" minOccurs="0"/>
<xs:element ref="xacml:Environments" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Subjects" type="xacml:SubjectsType"/>
<xs:complexType name="SubjectsType">
<xs:sequence>
<xs:element ref="xacml:Subject" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Subject" type="xacml:SubjectType"/>
<xs:complexType name="SubjectType">
<xs:sequence>
<xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Resources" type="xacml:ResourcesType"/>
<xs:complexType name="ResourcesType">
<xs:sequence>
<xs:element ref="xacml:Resource" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Resource" type="xacml:ResourceType"/>
<xs:complexType name="ResourceType">
<xs:sequence>
<xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Actions" type="xacml:ActionsType"/>
<xs:complexType name="ActionsType">
<xs:sequence>
<xs:element ref="xacml:Action" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Action" type="xacml:ActionType"/>
<xs:complexType name="ActionType">
<xs:sequence>
<xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Environments" type="xacml:EnvironmentsType"/>
<xs:complexType name="EnvironmentsType">
<xs:sequence>
<xs:element ref="xacml:Environment" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Environment" type="xacml:EnvironmentType"/>
<xs:complexType name="EnvironmentType">
<xs:sequence>
<xs:element ref="xacml:EnvironmentMatch" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/>
<xs:complexType name="SubjectMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:SubjectAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/>
<xs:complexType name="ResourceMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:ResourceAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="ActionMatch" type="xacml:ActionMatchType"/>
<xs:complexType name="ActionMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:ActionAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType"/>
<xs:complexType name="EnvironmentMatchType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue"/>
<xs:choice>
<xs:element ref="xacml:EnvironmentAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="VariableDefinition" type="xacml:VariableDefinitionType"/>
<xs:complexType name="VariableDefinitionType">
<xs:sequence>
<xs:element ref="xacml:Expression"/>
</xs:sequence>
<xs:attribute name="VariableId" type="xs:string" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="Expression" type="xacml:ExpressionType" abstract="true"/>
<xs:complexType name="ExpressionType" abstract="true"/>
<!-- -->
<xs:element name="VariableReference" type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="VariableReferenceType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="VariableId" type="xs:string" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="AttributeSelector" type="xacml:AttributeSelectorType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="AttributeSelectorType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<!-- -->
<xs:complexType name="AttributeDesignatorType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="Issuer" type="xs:string" use="optional"/>
<xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="SubjectAttributeDesignatorType">
<xs:complexContent>
<xs:extension base="xacml:AttributeDesignatorType">
<xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="AttributeValue" type="xacml:AttributeValueType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="AttributeValueType" mixed="true">
<xs:complexContent mixed="true">
<xs:extension base="xacml:ExpressionType">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="Function" type="xacml:FunctionType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="FunctionType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="Condition" type="xacml:ConditionType"/>
<xs:complexType name="ConditionType">
<xs:sequence>
<xs:element ref="xacml:Expression"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Apply" type="xacml:ApplyType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="ApplyType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:sequence>
<xs:element ref="xacml:Expression" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
<xs:element name="Obligations" type="xacml:ObligationsType"/>
<xs:complexType name="ObligationsType">
<xs:sequence>
<xs:element ref="xacml:Obligation" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="Obligation" type="xacml:ObligationType"/>
<xs:complexType name="ObligationType">
<xs:sequence>
<xs:element ref="xacml:AttributeAssignment" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ObligationId" type="xs:anyURI" use="required"/>
<xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/>
</xs:complexType>
<!-- -->
<xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/>
<xs:complexType name="AttributeAssignmentType" mixed="true">
<xs:complexContent mixed="true">
<xs:extension base="xacml:AttributeValueType">
<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- -->
</xs:schema>

View file

@ -0,0 +1,77 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.saml.processing.core.util;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import javax.xml.XMLConstants;
import javax.xml.validation.SchemaFactory;
import org.junit.Test;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
public class IDFedLSInputResolverTest {
@Test
public void testSchemaConstruction() throws Exception {
// make sure there is no outgoing call to get schema online;
// all resources must have a result for our resolver
SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
final IDFedLSInputResolver idFedLSInputResolver = new IDFedLSInputResolver();
schemaFactory.setResourceResolver(new LSResourceResolver() {
@Override
public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) {
LSInput input = idFedLSInputResolver.resolveResource(type, namespaceURI, publicId, systemId, baseURI);
if(input == null) {
throw new IllegalArgumentException("Unable to resolve " + systemId);
}
InputStream is = input.getByteStream();
if(is == null) {
throw new IllegalArgumentException("Unable to resolve stream for " + systemId);
}
try {
is.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
return input;
}
});
// check that all schema can be resolved
for(String schema : SchemaManagerUtil.getSchemas()) {
if(schema.contains("saml")) {
URL schemaFile = SecurityActions.loadResource(getClass(), schema);
schemaFactory.newSchema(schemaFile);
}
}
JAXPValidationUtil.validator();
}
}

View file

@ -16,15 +16,11 @@
*/
package org.keycloak.testsuite.saml;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.protocol.saml.SamlService;
import org.keycloak.saml.SPMetadataDescriptor;
import org.xml.sax.SAXException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import javax.xml.XMLConstants;
import javax.xml.transform.Source;
@ -32,10 +28,19 @@ import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.protocol.saml.SamlService;
import org.keycloak.saml.SPMetadataDescriptor;
import org.keycloak.saml.processing.core.util.IDFedLSInputResolver;
import org.keycloak.saml.processing.core.util.JAXPValidationUtil;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
import org.xml.sax.SAXException;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -43,6 +48,13 @@ import java.net.URL;
*/
public class ValidationTest {
private static final String PRIVATE_KEY = "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==";
/**
* The public certificate that corresponds to {@link #PRIVATE_KEY}.
*/
private static final String PUBLIC_CERT = "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin";
public static String getIDPMetadataDescriptor() throws IOException {
InputStream is = SamlService.class.getResourceAsStream("/idp-metadata-template.xml");
String template = StreamUtil.readString(is);
@ -50,47 +62,34 @@ public class ValidationTest {
template = template.replace("${idp.sso.HTTP-POST}", "http://keycloak.org/auth/realms/test/saml");
template = template.replace("${idp.sso.HTTP-Redirect}", "http://keycloak.org/auth/realms/test/saml");
template = template.replace("${idp.sls.HTTP-POST}", "http://keycloak.org/auth/realms/test/saml");
template = template.replace("${idp.signing.certificate}", KeycloakModelUtils.generateKeyPairCertificate("test").getCertificate());
template = template.replace("${idp.signing.certificates}", "");
return template;
}
private Validator validator;
@Before
public void init() throws Exception {
validator = JAXPValidationUtil.validator();
}
private void validate(String xml) throws SAXException, IOException {
validator.validate(new StreamSource(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8))));
}
@Test
@Ignore // ignore because it goes out to web
public void testIDPDescriptor() throws Exception {
URL schemaFile = getClass().getResource("/schema/saml/v2/saml-schema-metadata-2.0.xsd");
Source xmlFile = new StreamSource(new ByteArrayInputStream(getIDPMetadataDescriptor().getBytes()), "IDPSSODescriptor");
SchemaFactory schemaFactory = SchemaFactory
.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFactory.newSchema(schemaFile);
Validator validator = schema.newValidator();
try {
validator.validate(xmlFile);
System.out.println(xmlFile.getSystemId() + " is valid");
} catch (SAXException e) {
System.out.println(xmlFile.getSystemId() + " is NOT valid");
System.out.println("Reason: " + e.getLocalizedMessage());
Assert.fail();
}
validate(getIDPMetadataDescriptor());
}
@Test
@Ignore // ignore because it goes out to web
public void testBrokerExportDescriptor() throws Exception {
URL schemaFile = getClass().getResource("/schema/saml/v2/saml-schema-metadata-2.0.xsd");
Source xmlFile = new StreamSource(new ByteArrayInputStream(SPMetadataDescriptor.getSPDescriptor(
"POST", "http://realm/assertion", "http://realm/logout", true, false, false, "test", SamlProtocol.SAML_DEFAULT_NAMEID_FORMAT, KeycloakModelUtils.generateKeyPairCertificate("test").getCertificate(), ""
).getBytes()), "SP Descriptor");
SchemaFactory schemaFactory = SchemaFactory
.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFactory.newSchema(schemaFile);
Validator validator = schema.newValidator();
try {
validator.validate(xmlFile);
System.out.println(xmlFile.getSystemId() + " is valid");
} catch (SAXException e) {
System.out.println(xmlFile.getSystemId() + " is NOT valid");
System.out.println("Reason: " + e.getLocalizedMessage());
Assert.fail();
}
String spCertificate = SPMetadataDescriptor.xmlKeyInfo(" ", null, PUBLIC_CERT, KeyTypes.SIGNING.value(), true);
String str = SPMetadataDescriptor.getSPDescriptor(
"POST", "http://realm/assertion", "http://realm/logout", true, true, false, "test", SamlProtocol.SAML_DEFAULT_NAMEID_FORMAT, spCertificate, null
);
validate(str);
}
}