1 <?xml version="1.0" encoding="UTF-8"?>
\r
3 <xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
\r
4 xmlns:xs="http://www.w3.org/2001/XMLSchema"
\r
5 xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
\r
6 finalDefault="extension"
\r
7 blockDefault="substitution"
\r
10 <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
\r
14 Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
\r
15 Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0
\r
16 Location: http://docs.oasis-open.org/security/saml/v2.0/
\r
19 New authentication context class schema for SAML V2.0.
\r
23 <xs:complexType name="AuthnContextDeclarationBaseType">
\r
25 <xs:restriction base="AuthnContextDeclarationBaseType">
\r
27 <xs:element ref="Identification" minOccurs="0"/>
\r
28 <xs:element ref="TechnicalProtection" minOccurs="0"/>
\r
29 <xs:element ref="OperationalProtection" minOccurs="0"/>
\r
30 <xs:element ref="AuthnMethod"/>
\r
31 <xs:element ref="GoverningAgreements" minOccurs="0"/>
\r
32 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
34 <xs:attribute name="ID" type="xs:ID" use="optional"/>
\r
36 </xs:complexContent>
\r
39 <xs:complexType name="AuthnMethodBaseType">
\r
41 <xs:restriction base="AuthnMethodBaseType">
\r
43 <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
\r
44 <xs:element ref="Authenticator"/>
\r
45 <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
\r
46 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
49 </xs:complexContent>
\r
52 <xs:complexType name="AuthenticatorBaseType">
\r
54 <xs:restriction base="AuthenticatorBaseType">
\r
57 <xs:element ref="DigSig"/>
\r
58 <xs:element ref="ZeroKnowledge"/>
\r
59 <xs:element ref="SharedSecretChallengeResponse"/>
\r
60 <xs:element ref="SharedSecretDynamicPlaintext"/>
\r
61 <xs:element ref="AsymmetricDecryption"/>
\r
62 <xs:element ref="AsymmetricKeyAgreement"/>
\r
63 <xs:element ref="ComplexAuthenticator"/>
\r
65 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
68 </xs:complexContent>
\r
71 <xs:complexType name="ComplexAuthenticatorType">
\r
73 <xs:restriction base="ComplexAuthenticatorType">
\r
76 <xs:element ref="SharedSecretChallengeResponse"/>
\r
77 <xs:element ref="SharedSecretDynamicPlaintext"/>
\r
79 <xs:element ref="Password"/>
\r
82 </xs:complexContent>
\r
85 <xs:complexType name="AuthenticatorTransportProtocolType">
\r
87 <xs:restriction base="AuthenticatorTransportProtocolType">
\r
90 <xs:element ref="SSL"/>
\r
91 <xs:element ref="MobileNetworkNoEncryption"/>
\r
92 <xs:element ref="MobileNetworkRadioEncryption"/>
\r
93 <xs:element ref="MobileNetworkEndToEndEncryption"/>
\r
94 <xs:element ref="WTLS"/>
\r
96 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
99 </xs:complexContent>
\r
102 <xs:complexType name="OperationalProtectionType">
\r
103 <xs:complexContent>
\r
104 <xs:restriction base="OperationalProtectionType">
\r
106 <xs:element ref="SecurityAudit"/>
\r
107 <xs:element ref="DeactivationCallCenter"/>
\r
108 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
111 </xs:complexContent>
\r
114 <xs:complexType name="TechnicalProtectionBaseType">
\r
115 <xs:complexContent>
\r
116 <xs:restriction base="TechnicalProtectionBaseType">
\r
119 <xs:element ref="PrivateKeyProtection"/>
\r
120 <xs:element ref="SecretKeyProtection"/>
\r
122 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
125 </xs:complexContent>
\r
128 <xs:complexType name="PrivateKeyProtectionType">
\r
129 <xs:complexContent>
\r
130 <xs:restriction base="PrivateKeyProtectionType">
\r
132 <xs:element ref="KeyActivation"/>
\r
133 <xs:element ref="KeyStorage"/>
\r
134 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
137 </xs:complexContent>
\r
140 <xs:complexType name="SecretKeyProtectionType">
\r
141 <xs:complexContent>
\r
142 <xs:restriction base="SecretKeyProtectionType">
\r
144 <xs:element ref="KeyActivation"/>
\r
145 <xs:element ref="KeyStorage"/>
\r
146 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
149 </xs:complexContent>
\r
152 <xs:complexType name="KeyStorageType">
\r
153 <xs:complexContent>
\r
154 <xs:restriction base="KeyStorageType">
\r
155 <xs:attribute name="medium" use="required">
\r
157 <xs:restriction base="mediumType">
\r
158 <xs:enumeration value="MobileDevice"/>
\r
159 <xs:enumeration value="MobileAuthCard"/>
\r
160 <xs:enumeration value="smartcard"/>
\r
165 </xs:complexContent>
\r
168 <xs:complexType name="SecurityAuditType">
\r
169 <xs:complexContent>
\r
170 <xs:restriction base="SecurityAuditType">
\r
172 <xs:element ref="SwitchAudit"/>
\r
173 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
176 </xs:complexContent>
\r
179 <xs:complexType name="IdentificationType">
\r
180 <xs:complexContent>
\r
181 <xs:restriction base="IdentificationType">
\r
183 <xs:element ref="PhysicalVerification"/>
\r
184 <xs:element ref="WrittenConsent"/>
\r
185 <xs:element ref="GoverningAgreements"/>
\r
186 <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
\r
188 <xs:attribute name="nym">
\r
190 <xs:restriction base="nymType">
\r
191 <xs:enumeration value="anonymity"/>
\r
192 <xs:enumeration value="verinymity"/>
\r
193 <xs:enumeration value="pseudonymity"/>
\r
198 </xs:complexContent>
\r