-<?xml version="1.0" encoding="UTF-8"?>\r
-<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->\r
-<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">\r
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: cs-sstc-schema-assertion-01\r
- Location: http://www.oasis-open.org/committees/security/docs/\r
- </documentation>\r
- </annotation>\r
- <simpleType name="IDType">\r
- <restriction base="string"/>\r
- </simpleType>\r
- <simpleType name="IDReferenceType">\r
- <restriction base="string"/>\r
- </simpleType>\r
- <simpleType name="DecisionType">\r
- <restriction base="string">\r
- <enumeration value="Permit"/>\r
- <enumeration value="Deny"/>\r
- <enumeration value="Indeterminate"/>\r
- </restriction>\r
- </simpleType>\r
- <element name="AssertionIDReference" type="saml:IDReferenceType"/>\r
- <element name="Assertion" type="saml:AssertionType"/>\r
- <complexType name="AssertionType">\r
- <sequence>\r
- <element ref="saml:Conditions" minOccurs="0"/>\r
- <element ref="saml:Advice" minOccurs="0"/>\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:Statement"/>\r
- <element ref="saml:SubjectStatement"/>\r
- <element ref="saml:AuthenticationStatement"/>\r
- <element ref="saml:AuthorizationDecisionStatement"/>\r
- <element ref="saml:AttributeStatement"/>\r
- </choice>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="MajorVersion" type="integer" use="required"/>\r
- <attribute name="MinorVersion" type="integer" use="required"/>\r
- <attribute name="AssertionID" type="saml:IDType" use="required"/>\r
- <attribute name="Issuer" type="string" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- </complexType>\r
- <element name="Conditions" type="saml:ConditionsType"/>\r
- <complexType name="ConditionsType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:AudienceRestrictionCondition"/>\r
- <element ref="saml:Condition"/>\r
- </choice>\r
- <attribute name="NotBefore" type="dateTime" use="optional"/>\r
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
- </complexType>\r
- <element name="Condition" type="saml:ConditionAbstractType"/>\r
- <complexType name="ConditionAbstractType" abstract="true"/>\r
- <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>\r
- <complexType name="AudienceRestrictionConditionType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType">\r
- <sequence>\r
- <element ref="saml:Audience" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Audience" type="anyURI"/>\r
- <element name="Advice" type="saml:AdviceType"/>\r
- <complexType name="AdviceType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:AssertionIDReference"/>\r
- <element ref="saml:Assertion"/>\r
- <any namespace="##other" processContents="lax"/>\r
- </choice>\r
- </complexType>\r
- <element name="Statement" type="saml:StatementAbstractType"/>\r
- <complexType name="StatementAbstractType" abstract="true"/>\r
- <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>\r
- <complexType name="SubjectStatementAbstractType" abstract="true">\r
- <complexContent>\r
- <extension base="saml:StatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Subject"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Subject" type="saml:SubjectType"/>\r
- <complexType name="SubjectType">\r
- <choice>\r
- <sequence>\r
- <element ref="saml:NameIdentifier"/>\r
- <element ref="saml:SubjectConfirmation" minOccurs="0"/>\r
- </sequence>\r
- <element ref="saml:SubjectConfirmation"/>\r
- </choice>\r
- </complexType>\r
- <element name="NameIdentifier" type="saml:NameIdentifierType"/>\r
- <complexType name="NameIdentifierType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute name="NameQualifier" type="string" use="optional"/>\r
- <attribute name="Format" type="anyURI" use="optional"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>\r
- <complexType name="SubjectConfirmationType">\r
- <sequence>\r
- <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>\r
- <element ref="saml:SubjectConfirmationData" minOccurs="0"/>\r
- <element ref="ds:KeyInfo" minOccurs="0"/>\r
- </sequence>\r
- </complexType>\r
- <element name="SubjectConfirmationData" type="anyType"/>\r
- <element name="ConfirmationMethod" type="anyURI"/>\r
- <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>\r
- <complexType name="AuthenticationStatementType">\r
- <complexContent>\r
- <extension base="saml:SubjectStatementAbstractType">\r
- <sequence>\r
- <element ref="saml:SubjectLocality" minOccurs="0"/>\r
- <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="AuthenticationMethod" type="anyURI" use="required"/>\r
- <attribute name="AuthenticationInstant" type="dateTime" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="SubjectLocality" type="saml:SubjectLocalityType"/>\r
- <complexType name="SubjectLocalityType">\r
- <attribute name="IPAddress" type="string" use="optional"/>\r
- <attribute name="DNSAddress" type="string" use="optional"/>\r
- </complexType>\r
- <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>\r
- <complexType name="AuthorityBindingType">\r
- <attribute name="AuthorityKind" type="QName" use="required"/>\r
- <attribute name="Location" type="anyURI" use="required"/>\r
- <attribute name="Binding" type="anyURI" use="required"/>\r
- </complexType>\r
- <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>\r
- <complexType name="AuthorizationDecisionStatementType">\r
- <complexContent>\r
- <extension base="saml:SubjectStatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Action" maxOccurs="unbounded"/>\r
- <element ref="saml:Evidence" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Resource" type="anyURI" use="required"/>\r
- <attribute name="Decision" type="saml:DecisionType" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Action" type="saml:ActionType"/>\r
- <complexType name="ActionType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute name="Namespace" type="anyURI"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <element name="Evidence" type="saml:EvidenceType"/>\r
- <complexType name="EvidenceType">\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:AssertionIDReference"/>\r
- <element ref="saml:Assertion"/>\r
- </choice>\r
- </complexType>\r
- <element name="AttributeStatement" type="saml:AttributeStatementType"/>\r
- <complexType name="AttributeStatementType">\r
- <complexContent>\r
- <extension base="saml:SubjectStatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Attribute" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>\r
- <complexType name="AttributeDesignatorType">\r
- <attribute name="AttributeName" type="string" use="required"/>\r
- <attribute name="AttributeNamespace" type="anyURI" use="required"/>\r
- </complexType>\r
- <element name="Attribute" type="saml:AttributeType"/>\r
- <complexType name="AttributeType">\r
- <complexContent>\r
- <extension base="saml:AttributeDesignatorType">\r
- <sequence>\r
- <element ref="saml:AttributeValue" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AttributeValue" type="anyType"/>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: cs-sstc-schema-assertion-01
+ Location: http://www.oasis-open.org/committees/security/docs/
+ </documentation>
+ </annotation>
+ <simpleType name="IDType">
+ <restriction base="string"/>
+ </simpleType>
+ <simpleType name="IDReferenceType">
+ <restriction base="string"/>
+ </simpleType>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="AssertionIDReference" type="saml:IDReferenceType"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:SubjectStatement"/>
+ <element ref="saml:AuthenticationStatement"/>
+ <element ref="saml:AuthorizationDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="AssertionID" type="saml:IDType" use="required"/>
+ <attribute name="Issuer" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AudienceRestrictionCondition"/>
+ <element ref="saml:Condition"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+ <complexType name="AudienceRestrictionConditionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+ <complexType name="SubjectStatementAbstractType" abstract="true">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <element ref="saml:NameIdentifier"/>
+ <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation"/>
+ </choice>
+ </complexType>
+ <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+ <complexType name="NameIdentifierType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="SubjectConfirmationData" type="anyType"/>
+ <element name="ConfirmationMethod" type="anyURI"/>
+ <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+ <complexType name="AuthenticationStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+ <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="IPAddress" type="string" use="optional"/>
+ <attribute name="DNSAddress" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+ <complexType name="AuthorityBindingType">
+ <attribute name="AuthorityKind" type="QName" use="required"/>
+ <attribute name="Location" type="anyURI" use="required"/>
+ <attribute name="Binding" type="anyURI" use="required"/>
+ </complexType>
+ <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+ <complexType name="AuthorizationDecisionStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+ <complexType name="AttributeDesignatorType">
+ <attribute name="AttributeName" type="string" use="required"/>
+ <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <complexContent>
+ <extension base="saml:AttributeDesignatorType">
+ <sequence>
+ <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeValue" type="anyType"/>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">\r
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: sstc-saml-schema-assertion-1.1-draft-02\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- draft-01 (Eve Maler):\r
- Note that V1.1 of this schema has the same namespace as V1.0.\r
- Minor cosmetic updates.\r
- Changed IDType to restrict from xsd:ID.\r
- Changed IDReferenceType to restrict from xsd:IDREF.\r
- Set version attribute on schema element to 1.1.\r
- draft-02 (Prateek Mishra, Rob Philpott):\r
- Added DoNotCacheCondition element and DoNotCacheConditionType\r
- draft-03 (Scott Cantor)\r
- Rebased ID content directly on XML Schema types\r
- </documentation>\r
- </annotation>\r
- <simpleType name="DecisionType">\r
- <restriction base="string">\r
- <enumeration value="Permit"/>\r
- <enumeration value="Deny"/>\r
- <enumeration value="Indeterminate"/>\r
- </restriction>\r
- </simpleType>\r
- <element name="AssertionIDReference" type="NCName"/>\r
- <element name="Assertion" type="saml:AssertionType"/>\r
- <complexType name="AssertionType">\r
- <sequence>\r
- <element ref="saml:Conditions" minOccurs="0"/>\r
- <element ref="saml:Advice" minOccurs="0"/>\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:Statement"/>\r
- <element ref="saml:SubjectStatement"/>\r
- <element ref="saml:AuthenticationStatement"/>\r
- <element ref="saml:AuthorizationDecisionStatement"/>\r
- <element ref="saml:AttributeStatement"/>\r
- </choice>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="MajorVersion" type="integer" use="required"/>\r
- <attribute name="MinorVersion" type="integer" use="required"/>\r
- <attribute name="AssertionID" type="ID" use="required"/>\r
- <attribute name="Issuer" type="string" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- </complexType>\r
- <element name="Conditions" type="saml:ConditionsType"/>\r
- <complexType name="ConditionsType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:AudienceRestrictionCondition"/>\r
- <element ref="saml:DoNotCacheCondition"/>\r
- <element ref="saml:Condition"/>\r
- </choice>\r
- <attribute name="NotBefore" type="dateTime" use="optional"/>\r
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
- </complexType>\r
- <element name="Condition" type="saml:ConditionAbstractType"/>\r
- <complexType name="ConditionAbstractType" abstract="true"/>\r
- <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>\r
- <complexType name="AudienceRestrictionConditionType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType">\r
- <sequence>\r
- <element ref="saml:Audience" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Audience" type="anyURI"/>\r
- <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType" />\r
- <complexType name="DoNotCacheConditionType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType"/>\r
- </complexContent>\r
- </complexType>\r
- <element name="Advice" type="saml:AdviceType"/>\r
- <complexType name="AdviceType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:AssertionIDReference"/>\r
- <element ref="saml:Assertion"/>\r
- <any namespace="##other" processContents="lax"/>\r
- </choice>\r
- </complexType>\r
- <element name="Statement" type="saml:StatementAbstractType"/>\r
- <complexType name="StatementAbstractType" abstract="true"/>\r
- <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>\r
- <complexType name="SubjectStatementAbstractType" abstract="true">\r
- <complexContent>\r
- <extension base="saml:StatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Subject"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Subject" type="saml:SubjectType"/>\r
- <complexType name="SubjectType">\r
- <choice>\r
- <sequence>\r
- <element ref="saml:NameIdentifier"/>\r
- <element ref="saml:SubjectConfirmation" minOccurs="0"/>\r
- </sequence>\r
- <element ref="saml:SubjectConfirmation"/>\r
- </choice>\r
- </complexType>\r
- <element name="NameIdentifier" type="saml:NameIdentifierType"/>\r
- <complexType name="NameIdentifierType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute name="NameQualifier" type="string" use="optional"/>\r
- <attribute name="Format" type="anyURI" use="optional"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>\r
- <complexType name="SubjectConfirmationType">\r
- <sequence>\r
- <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>\r
- <element ref="saml:SubjectConfirmationData" minOccurs="0"/>\r
- <element ref="ds:KeyInfo" minOccurs="0"/>\r
- </sequence>\r
- </complexType>\r
- <element name="SubjectConfirmationData" type="anyType"/>\r
- <element name="ConfirmationMethod" type="anyURI"/>\r
- <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>\r
- <complexType name="AuthenticationStatementType">\r
- <complexContent>\r
- <extension base="saml:SubjectStatementAbstractType">\r
- <sequence>\r
- <element ref="saml:SubjectLocality" minOccurs="0"/>\r
- <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="AuthenticationMethod" type="anyURI" use="required"/>\r
- <attribute name="AuthenticationInstant" type="dateTime" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="SubjectLocality" type="saml:SubjectLocalityType"/>\r
- <complexType name="SubjectLocalityType">\r
- <attribute name="IPAddress" type="string" use="optional"/>\r
- <attribute name="DNSAddress" type="string" use="optional"/>\r
- </complexType>\r
- <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>\r
- <complexType name="AuthorityBindingType">\r
- <attribute name="AuthorityKind" type="QName" use="required"/>\r
- <attribute name="Location" type="anyURI" use="required"/>\r
- <attribute name="Binding" type="anyURI" use="required"/>\r
- </complexType>\r
- <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>\r
- <complexType name="AuthorizationDecisionStatementType">\r
- <complexContent>\r
- <extension base="saml:SubjectStatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Action" maxOccurs="unbounded"/>\r
- <element ref="saml:Evidence" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Resource" type="anyURI" use="required"/>\r
- <attribute name="Decision" type="saml:DecisionType" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Action" type="saml:ActionType"/>\r
- <complexType name="ActionType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute name="Namespace" type="anyURI"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <element name="Evidence" type="saml:EvidenceType"/>\r
- <complexType name="EvidenceType">\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:AssertionIDReference"/>\r
- <element ref="saml:Assertion"/>\r
- </choice>\r
- </complexType>\r
- <element name="AttributeStatement" type="saml:AttributeStatementType"/>\r
- <complexType name="AttributeStatementType">\r
- <complexContent>\r
- <extension base="saml:SubjectStatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Attribute" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>\r
- <complexType name="AttributeDesignatorType">\r
- <attribute name="AttributeName" type="string" use="required"/>\r
- <attribute name="AttributeNamespace" type="anyURI" use="required"/>\r
- </complexType>\r
- <element name="Attribute" type="saml:AttributeType"/>\r
- <complexType name="AttributeType">\r
- <complexContent>\r
- <extension base="saml:AttributeDesignatorType">\r
- <sequence>\r
- <element ref="saml:AttributeValue" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AttributeValue" type="anyType"/>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: sstc-saml-schema-assertion-1.1-draft-02
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ draft-01 (Eve Maler):
+ Note that V1.1 of this schema has the same namespace as V1.0.
+ Minor cosmetic updates.
+ Changed IDType to restrict from xsd:ID.
+ Changed IDReferenceType to restrict from xsd:IDREF.
+ Set version attribute on schema element to 1.1.
+ draft-02 (Prateek Mishra, Rob Philpott):
+ Added DoNotCacheCondition element and DoNotCacheConditionType
+ draft-03 (Scott Cantor)
+ Rebased ID content directly on XML Schema types
+ </documentation>
+ </annotation>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="AssertionIDReference" type="NCName"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:SubjectStatement"/>
+ <element ref="saml:AuthenticationStatement"/>
+ <element ref="saml:AuthorizationDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="AssertionID" type="ID" use="required"/>
+ <attribute name="Issuer" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AudienceRestrictionCondition"/>
+ <element ref="saml:DoNotCacheCondition"/>
+ <element ref="saml:Condition"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+ <complexType name="AudienceRestrictionConditionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType" />
+ <complexType name="DoNotCacheConditionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType"/>
+ </complexContent>
+ </complexType>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+ <complexType name="SubjectStatementAbstractType" abstract="true">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <element ref="saml:NameIdentifier"/>
+ <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation"/>
+ </choice>
+ </complexType>
+ <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+ <complexType name="NameIdentifierType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="SubjectConfirmationData" type="anyType"/>
+ <element name="ConfirmationMethod" type="anyURI"/>
+ <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+ <complexType name="AuthenticationStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+ <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="IPAddress" type="string" use="optional"/>
+ <attribute name="DNSAddress" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+ <complexType name="AuthorityBindingType">
+ <attribute name="AuthorityKind" type="QName" use="required"/>
+ <attribute name="Location" type="anyURI" use="required"/>
+ <attribute name="Binding" type="anyURI" use="required"/>
+ </complexType>
+ <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+ <complexType name="AuthorizationDecisionStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+ <complexType name="AttributeDesignatorType">
+ <attribute name="AttributeName" type="string" use="required"/>
+ <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <complexContent>
+ <extension base="saml:AttributeDesignatorType">
+ <sequence>
+ <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeValue" type="anyType"/>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->\r
-<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">\r
- <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>\r
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: cs-sstc-schema-protocol-01\r
- Location: http://www.oasis-open.org/committees/security/docs/\r
- </documentation>\r
- </annotation>\r
- <complexType name="RequestAbstractType" abstract="true">\r
- <sequence>\r
- <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="RequestID" type="saml:IDType" use="required"/>\r
- <attribute name="MajorVersion" type="integer" use="required"/>\r
- <attribute name="MinorVersion" type="integer" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- </complexType>\r
- <element name="RespondWith" type="QName"/>\r
- <element name="Request" type="samlp:RequestType"/>\r
- <complexType name="RequestType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <choice>\r
- <element ref="samlp:Query"/>\r
- <element ref="samlp:SubjectQuery"/>\r
- <element ref="samlp:AuthenticationQuery"/>\r
- <element ref="samlp:AttributeQuery"/>\r
- <element ref="samlp:AuthorizationDecisionQuery"/>\r
- <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>\r
- <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>\r
- </choice>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AssertionArtifact" type="string"/>\r
- <element name="Query" type="samlp:QueryAbstractType"/>\r
- <complexType name="QueryAbstractType" abstract="true"/>\r
- <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>\r
- <complexType name="SubjectQueryAbstractType" abstract="true">\r
- <complexContent>\r
- <extension base="samlp:QueryAbstractType">\r
- <sequence>\r
- <element ref="saml:Subject"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>\r
- <complexType name="AuthenticationQueryType">\r
- <complexContent>\r
- <extension base="samlp:SubjectQueryAbstractType">\r
- <attribute name="AuthenticationMethod" type="anyURI"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AttributeQuery" type="samlp:AttributeQueryType"/>\r
- <complexType name="AttributeQueryType">\r
- <complexContent>\r
- <extension base="samlp:SubjectQueryAbstractType">\r
- <sequence>\r
- <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="Resource" type="anyURI" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>\r
- <complexType name="AuthorizationDecisionQueryType">\r
- <complexContent>\r
- <extension base="samlp:SubjectQueryAbstractType">\r
- <sequence>\r
- <element ref="saml:Action" maxOccurs="unbounded"/>\r
- <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>\r
- </sequence>\r
- <attribute name="Resource" type="anyURI" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <complexType name="ResponseAbstractType" abstract="true">\r
- <sequence>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="ResponseID" type="saml:IDType" use="required"/>\r
- <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>\r
- <attribute name="MajorVersion" type="integer" use="required"/>\r
- <attribute name="MinorVersion" type="integer" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- <attribute name="Recipient" type="anyURI" use="optional"/>\r
- </complexType>\r
- <element name="Response" type="samlp:ResponseType"/>\r
- <complexType name="ResponseType">\r
- <complexContent>\r
- <extension base="samlp:ResponseAbstractType">\r
- <sequence>\r
- <element ref="samlp:Status"/>\r
- <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Status" type="samlp:StatusType"/>\r
- <complexType name="StatusType">\r
- <sequence>\r
- <element ref="samlp:StatusCode"/>\r
- <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>\r
- <element ref="samlp:StatusDetail" minOccurs="0"/>\r
- </sequence>\r
- </complexType>\r
- <element name="StatusCode" type="samlp:StatusCodeType"/>\r
- <complexType name="StatusCodeType">\r
- <sequence>\r
- <element ref="samlp:StatusCode" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Value" type="QName" use="required"/>\r
- </complexType>\r
- <element name="StatusMessage" type="string"/>\r
- <element name="StatusDetail" type="samlp:StatusDetailType"/>\r
- <complexType name="StatusDetailType">\r
- <sequence>\r
- <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </complexType>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: cs-sstc-schema-protocol-01
+ Location: http://www.oasis-open.org/committees/security/docs/
+ </documentation>
+ </annotation>
+ <complexType name="RequestAbstractType" abstract="true">
+ <sequence>
+ <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="RequestID" type="saml:IDType" use="required"/>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="RespondWith" type="QName"/>
+ <element name="Request" type="samlp:RequestType"/>
+ <complexType name="RequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <choice>
+ <element ref="samlp:Query"/>
+ <element ref="samlp:SubjectQuery"/>
+ <element ref="samlp:AuthenticationQuery"/>
+ <element ref="samlp:AttributeQuery"/>
+ <element ref="samlp:AuthorizationDecisionQuery"/>
+ <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
+ <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AssertionArtifact" type="string"/>
+ <element name="Query" type="samlp:QueryAbstractType"/>
+ <complexType name="QueryAbstractType" abstract="true"/>
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+ <complexType name="SubjectQueryAbstractType" abstract="true">
+ <complexContent>
+ <extension base="samlp:QueryAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
+ <complexType name="AuthenticationQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <attribute name="AuthenticationMethod" type="anyURI"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+ <complexType name="AttributeQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
+ <complexType name="AuthorizationDecisionQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <complexType name="ResponseAbstractType" abstract="true">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="ResponseID" type="saml:IDType" use="required"/>
+ <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Recipient" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Response" type="samlp:ResponseType"/>
+ <complexType name="ResponseType">
+ <complexContent>
+ <extension base="samlp:ResponseAbstractType">
+ <sequence>
+ <element ref="samlp:Status"/>
+ <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Status" type="samlp:StatusType"/>
+ <complexType name="StatusType">
+ <sequence>
+ <element ref="samlp:StatusCode"/>
+ <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
+ <complexType name="StatusCodeType">
+ <sequence>
+ <element ref="samlp:StatusCode" minOccurs="0"/>
+ </sequence>
+ <attribute name="Value" type="QName" use="required"/>
+ </complexType>
+ <element name="StatusMessage" type="string"/>
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
+ <complexType name="StatusDetailType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+</schema>
-<?xml version="1.0" encoding="US-ASCII"?>\r
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"\r
- xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <import namespace="http://www.w3.org/2000/09/xmldsig#"\r
- schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>\r
- <import namespace="http://www.w3.org/2001/04/xmlenc#"\r
- schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-assertion-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V1.0 (November, 2002):\r
- Initial Standard Schema.\r
- V1.1 (September, 2003):\r
- Updates within the same V1.0 namespace.\r
- V2.0 (March, 2005):\r
- New assertion schema for SAML V2.0 namespace.\r
- </documentation>\r
- </annotation>\r
- <attributeGroup name="IDNameQualifiers">\r
- <attribute name="NameQualifier" type="string" use="optional"/>\r
- <attribute name="SPNameQualifier" type="string" use="optional"/>\r
- </attributeGroup>\r
- <element name="BaseID" type="saml:BaseIDAbstractType"/>\r
- <complexType name="BaseIDAbstractType" abstract="true">\r
- <attributeGroup ref="saml:IDNameQualifiers"/>\r
- </complexType>\r
- <element name="NameID" type="saml:NameIDType"/>\r
- <complexType name="NameIDType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attributeGroup ref="saml:IDNameQualifiers"/>\r
- <attribute name="Format" type="anyURI" use="optional"/>\r
- <attribute name="SPProvidedID" type="string" use="optional"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <complexType name="EncryptedElementType">\r
- <sequence>\r
- <element ref="xenc:EncryptedData"/>\r
- <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </complexType>\r
- <element name="EncryptedID" type="saml:EncryptedElementType"/>\r
- <element name="Issuer" type="saml:NameIDType"/>\r
- <element name="AssertionIDRef" type="NCName"/>\r
- <element name="AssertionURIRef" type="anyURI"/>\r
- <element name="Assertion" type="saml:AssertionType"/>\r
- <complexType name="AssertionType">\r
- <sequence>\r
- <element ref="saml:Issuer"/>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="saml:Subject" minOccurs="0"/>\r
- <element ref="saml:Conditions" minOccurs="0"/>\r
- <element ref="saml:Advice" minOccurs="0"/>\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:Statement"/>\r
- <element ref="saml:AuthnStatement"/>\r
- <element ref="saml:AuthzDecisionStatement"/>\r
- <element ref="saml:AttributeStatement"/>\r
- </choice>\r
- </sequence>\r
- <attribute name="Version" type="string" use="required"/>\r
- <attribute name="ID" type="ID" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- </complexType>\r
- <element name="Subject" type="saml:SubjectType"/>\r
- <complexType name="SubjectType">\r
- <choice>\r
- <sequence>\r
- <choice>\r
- <element ref="saml:BaseID"/>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>\r
- </choice>\r
- </complexType>\r
- <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>\r
- <complexType name="SubjectConfirmationType">\r
- <sequence>\r
- <choice minOccurs="0">\r
- <element ref="saml:BaseID"/>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- <element ref="saml:SubjectConfirmationData" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Method" type="anyURI" use="required"/>\r
- </complexType>\r
- <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>\r
- <complexType name="SubjectConfirmationDataType" mixed="true">\r
- <complexContent>\r
- <restriction base="anyType">\r
- <sequence>\r
- <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="NotBefore" type="dateTime" use="optional"/>\r
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
- <attribute name="Recipient" type="anyURI" use="optional"/>\r
- <attribute name="InResponseTo" type="NCName" use="optional"/>\r
- <attribute name="Address" type="string" use="optional"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </restriction>\r
- </complexContent>\r
- </complexType>\r
- <complexType name="KeyInfoConfirmationDataType" mixed="false">\r
- <complexContent>\r
- <restriction base="saml:SubjectConfirmationDataType">\r
- <sequence>\r
- <element ref="ds:KeyInfo" maxOccurs="unbounded"/>\r
- </sequence>\r
- </restriction>\r
- </complexContent>\r
- </complexType>\r
- <element name="Conditions" type="saml:ConditionsType"/>\r
- <complexType name="ConditionsType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:Condition"/>\r
- <element ref="saml:AudienceRestriction"/>\r
- <element ref="saml:OneTimeUse"/>\r
- <element ref="saml:ProxyRestriction"/>\r
- </choice>\r
- <attribute name="NotBefore" type="dateTime" use="optional"/>\r
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
- </complexType>\r
- <element name="Condition" type="saml:ConditionAbstractType"/>\r
- <complexType name="ConditionAbstractType" abstract="true"/>\r
- <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>\r
- <complexType name="AudienceRestrictionType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType">\r
- <sequence>\r
- <element ref="saml:Audience" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Audience" type="anyURI"/>\r
- <element name="OneTimeUse" type="saml:OneTimeUseType" />\r
- <complexType name="OneTimeUseType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType"/>\r
- </complexContent>\r
- </complexType>\r
- <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>\r
- <complexType name="ProxyRestrictionType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType">\r
- <sequence>\r
- <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="Count" type="nonNegativeInteger" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Advice" type="saml:AdviceType"/>\r
- <complexType name="AdviceType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:AssertionIDRef"/>\r
- <element ref="saml:AssertionURIRef"/>\r
- <element ref="saml:Assertion"/>\r
- <element ref="saml:EncryptedAssertion"/>\r
- <any namespace="##other" processContents="lax"/>\r
- </choice>\r
- </complexType>\r
- <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>\r
- <element name="Statement" type="saml:StatementAbstractType"/>\r
- <complexType name="StatementAbstractType" abstract="true"/>\r
- <element name="AuthnStatement" type="saml:AuthnStatementType"/>\r
- <complexType name="AuthnStatementType">\r
- <complexContent>\r
- <extension base="saml:StatementAbstractType">\r
- <sequence>\r
- <element ref="saml:SubjectLocality" minOccurs="0"/>\r
- <element ref="saml:AuthnContext"/>\r
- </sequence>\r
- <attribute name="AuthnInstant" type="dateTime" use="required"/>\r
- <attribute name="SessionIndex" type="string" use="optional"/>\r
- <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="SubjectLocality" type="saml:SubjectLocalityType"/>\r
- <complexType name="SubjectLocalityType">\r
- <attribute name="Address" type="string" use="optional"/>\r
- <attribute name="DNSName" type="string" use="optional"/>\r
- </complexType>\r
- <element name="AuthnContext" type="saml:AuthnContextType"/>\r
- <complexType name="AuthnContextType">\r
- <sequence>\r
- <choice>\r
- <sequence>\r
- <element ref="saml:AuthnContextClassRef"/>\r
- <choice minOccurs="0">\r
- <element ref="saml:AuthnContextDecl"/>\r
- <element ref="saml:AuthnContextDeclRef"/>\r
- </choice>\r
- </sequence>\r
- <choice>\r
- <element ref="saml:AuthnContextDecl"/>\r
- <element ref="saml:AuthnContextDeclRef"/>\r
- </choice>\r
- </choice>\r
- <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </complexType>\r
- <element name="AuthnContextClassRef" type="anyURI"/>\r
- <element name="AuthnContextDeclRef" type="anyURI"/>\r
- <element name="AuthnContextDecl" type="anyType"/>\r
- <element name="AuthenticatingAuthority" type="anyURI"/>\r
- <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>\r
- <complexType name="AuthzDecisionStatementType">\r
- <complexContent>\r
- <extension base="saml:StatementAbstractType">\r
- <sequence>\r
- <element ref="saml:Action" maxOccurs="unbounded"/>\r
- <element ref="saml:Evidence" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Resource" type="anyURI" use="required"/>\r
- <attribute name="Decision" type="saml:DecisionType" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <simpleType name="DecisionType">\r
- <restriction base="string">\r
- <enumeration value="Permit"/>\r
- <enumeration value="Deny"/>\r
- <enumeration value="Indeterminate"/>\r
- </restriction>\r
- </simpleType>\r
- <element name="Action" type="saml:ActionType"/>\r
- <complexType name="ActionType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute name="Namespace" type="anyURI" use="required"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <element name="Evidence" type="saml:EvidenceType"/>\r
- <complexType name="EvidenceType">\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:AssertionIDRef"/>\r
- <element ref="saml:AssertionURIRef"/>\r
- <element ref="saml:Assertion"/>\r
- <element ref="saml:EncryptedAssertion"/>\r
- </choice>\r
- </complexType>\r
- <element name="AttributeStatement" type="saml:AttributeStatementType"/>\r
- <complexType name="AttributeStatementType">\r
- <complexContent>\r
- <extension base="saml:StatementAbstractType">\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:Attribute"/>\r
- <element ref="saml:EncryptedAttribute"/>\r
- </choice>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Attribute" type="saml:AttributeType"/>\r
- <complexType name="AttributeType">\r
- <sequence>\r
- <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="Name" type="string" use="required"/>\r
- <attribute name="NameFormat" type="anyURI" use="optional"/>\r
- <attribute name="FriendlyName" type="string" use="optional"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- <element name="AttributeValue" type="anyType" nillable="true"/>\r
- <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>\r
-</schema>\r
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-assertion-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V1.0 (November, 2002):
+ Initial Standard Schema.
+ V1.1 (September, 2003):
+ Updates within the same V1.0 namespace.
+ V2.0 (March, 2005):
+ New assertion schema for SAML V2.0 namespace.
+ </documentation>
+ </annotation>
+ <attributeGroup name="IDNameQualifiers">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ </attributeGroup>
+ <element name="BaseID" type="saml:BaseIDAbstractType"/>
+ <complexType name="BaseIDAbstractType" abstract="true">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
+ </complexType>
+ <element name="NameID" type="saml:NameIDType"/>
+ <complexType name="NameIDType">
+ <simpleContent>
+ <extension base="string">
+ <attributeGroup ref="saml:IDNameQualifiers"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ <attribute name="SPProvidedID" type="string" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <complexType name="EncryptedElementType">
+ <sequence>
+ <element ref="xenc:EncryptedData"/>
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>
+ <element name="Issuer" type="saml:NameIDType"/>
+ <element name="AssertionIDRef" type="NCName"/>
+ <element name="AssertionURIRef" type="anyURI"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Issuer"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="saml:Subject" minOccurs="0"/>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:AuthnStatement"/>
+ <element ref="saml:AuthzDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ </sequence>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
+ </choice>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <choice minOccurs="0">
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ </sequence>
+ <attribute name="Method" type="anyURI" use="required"/>
+ </complexType>
+ <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
+ <complexType name="SubjectConfirmationDataType" mixed="true">
+ <complexContent>
+ <restriction base="anyType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ <attribute name="Recipient" type="anyURI" use="optional"/>
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
+ <attribute name="Address" type="string" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </restriction>
+ </complexContent>
+ </complexType>
+ <complexType name="KeyInfoConfirmationDataType" mixed="false">
+ <complexContent>
+ <restriction base="saml:SubjectConfirmationDataType">
+ <sequence>
+ <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
+ </sequence>
+ </restriction>
+ </complexContent>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Condition"/>
+ <element ref="saml:AudienceRestriction"/>
+ <element ref="saml:OneTimeUse"/>
+ <element ref="saml:ProxyRestriction"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
+ <complexType name="AudienceRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="OneTimeUse" type="saml:OneTimeUseType" />
+ <complexType name="OneTimeUseType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType"/>
+ </complexContent>
+ </complexType>
+ <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
+ <complexType name="ProxyRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Count" type="nonNegativeInteger" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDRef"/>
+ <element ref="saml:AssertionURIRef"/>
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="AuthnStatement" type="saml:AuthnStatementType"/>
+ <complexType name="AuthnStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthnContext"/>
+ </sequence>
+ <attribute name="AuthnInstant" type="dateTime" use="required"/>
+ <attribute name="SessionIndex" type="string" use="optional"/>
+ <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="Address" type="string" use="optional"/>
+ <attribute name="DNSName" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthnContext" type="saml:AuthnContextType"/>
+ <complexType name="AuthnContextType">
+ <sequence>
+ <choice>
+ <sequence>
+ <element ref="saml:AuthnContextClassRef"/>
+ <choice minOccurs="0">
+ <element ref="saml:AuthnContextDecl"/>
+ <element ref="saml:AuthnContextDeclRef"/>
+ </choice>
+ </sequence>
+ <choice>
+ <element ref="saml:AuthnContextDecl"/>
+ <element ref="saml:AuthnContextDeclRef"/>
+ </choice>
+ </choice>
+ <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="AuthnContextClassRef" type="anyURI"/>
+ <element name="AuthnContextDeclRef" type="anyURI"/>
+ <element name="AuthnContextDecl" type="anyType"/>
+ <element name="AuthenticatingAuthority" type="anyURI"/>
+ <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
+ <complexType name="AuthzDecisionStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDRef"/>
+ <element ref="saml:AssertionURIRef"/>
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Attribute"/>
+ <element ref="saml:EncryptedAttribute"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <sequence>
+ <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Name" type="string" use="required"/>
+ <attribute name="NameFormat" type="anyURI" use="optional"/>
+ <attribute name="FriendlyName" type="string" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <element name="AttributeValue" type="anyType" nillable="true"/>
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<xs:schema \r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema"\r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:annotation>\r
- <xs:documentation>\r
- Document identifier: saml-schema-authn-context-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New core authentication context schema for SAML V2.0. \r
- This is just an include of all types from the schema\r
- referred to in the include statement below.\r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: saml-schema-authn-context-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New core authentication context schema for SAML V2.0.
+ This is just an include of all types from the schema
+ referred to in the include statement below.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony\r
- Document identifier: saml-schema-authn-context-auth-telephony-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Password"/>\r
- <xs:element ref="SubscriberLineNumber"/>\r
- <xs:element ref="UserSuffix"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PSTN"/>\r
- <xs:element ref="ISDN"/>\r
- <xs:element ref="ADSL"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
+ Document identifier: saml-schema-authn-context-auth-telephony-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="Password"/>
+ <xs:element ref="SubscriberLineNumber"/>
+ <xs:element ref="UserSuffix"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PSTN"/>
+ <xs:element ref="ISDN"/>
+ <xs:element ref="ADSL"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol\r
- Document identifier: saml-schema-authn-context-ip-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="IPAddress"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
+ Document identifier: saml-schema-authn-context-ip-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="IPAddress"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"\r
- xmlns:ac="urn:oasis:names:tc:SAML:2.0:ac" \r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword\r
- Document identifier: saml-schema-authn-context-ippword-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Password"/>\r
- <xs:element ref="IPAddress"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
+ xmlns:ac="urn:oasis:names:tc:SAML:2.0:ac"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
+ Document identifier: saml-schema-authn-context-ippword-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="Password"/>
+ <xs:element ref="IPAddress"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos\r
- Document identifier: saml-schema-authn-context-kerberos-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SharedSecretChallengeResponseType">\r
- <xs:complexContent>\r
- <xs:restriction base="SharedSecretChallengeResponseType">\r
- <xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
+ Document identifier: saml-schema-authn-context-kerberos-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SharedSecretChallengeResponseType">
+ <xs:complexContent>
+ <xs:restriction base="SharedSecretChallengeResponseType">
+ <xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract\r
- Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="ZeroKnowledge"/>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SSL"/>\r
- <xs:element ref="MobileNetworkNoEncryption"/>\r
- <xs:element ref="MobileNetworkRadioEncryption"/>\r
- <xs:element ref="MobileNetworkEndToEndEncryption"/>\r
- <xs:element ref="WTLS"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="OperationalProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="OperationalProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="SecurityAudit"/>\r
- <xs:element ref="DeactivationCallCenter"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PrivateKeyProtection"/>\r
- <xs:element ref="SecretKeyProtection"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SecretKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecretKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyStorageType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyStorageType">\r
- <xs:attribute name="medium" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="mediumType">\r
- <xs:enumeration value="smartcard"/>\r
- <xs:enumeration value="MobileDevice"/>\r
- <xs:enumeration value="MobileAuthCard"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="SecurityAuditType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecurityAuditType">\r
- <xs:sequence>\r
- <xs:element ref="SwitchAudit"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="IdentificationType">\r
- <xs:complexContent>\r
- <xs:restriction base="IdentificationType">\r
- <xs:sequence>\r
- <xs:element ref="PhysicalVerification"/>\r
- <xs:element ref="WrittenConsent"/>\r
- <xs:element ref="GoverningAgreements"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="nym">\r
- <xs:simpleType>\r
- <xs:restriction base="nymType">\r
- <xs:enumeration value="anonymity"/>\r
- <xs:enumeration value="verinymity"/>\r
- <xs:enumeration value="pseudonymity"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
+ Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="ZeroKnowledge"/>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SSL"/>
+ <xs:element ref="MobileNetworkNoEncryption"/>
+ <xs:element ref="MobileNetworkRadioEncryption"/>
+ <xs:element ref="MobileNetworkEndToEndEncryption"/>
+ <xs:element ref="WTLS"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="OperationalProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="OperationalProtectionType">
+ <xs:sequence>
+ <xs:element ref="SecurityAudit"/>
+ <xs:element ref="DeactivationCallCenter"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:complexContent>
+ <xs:restriction base="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PrivateKeyProtection"/>
+ <xs:element ref="SecretKeyProtection"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecretKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="SecretKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:complexContent>
+ <xs:restriction base="KeyStorageType">
+ <xs:attribute name="medium" use="required">
+ <xs:simpleType>
+ <xs:restriction base="mediumType">
+ <xs:enumeration value="smartcard"/>
+ <xs:enumeration value="MobileDevice"/>
+ <xs:enumeration value="MobileAuthCard"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecurityAuditType">
+ <xs:complexContent>
+ <xs:restriction base="SecurityAuditType">
+ <xs:sequence>
+ <xs:element ref="SwitchAudit"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="IdentificationType">
+ <xs:complexContent>
+ <xs:restriction base="IdentificationType">
+ <xs:sequence>
+ <xs:element ref="PhysicalVerification"/>
+ <xs:element ref="WrittenConsent"/>
+ <xs:element ref="GoverningAgreements"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="nym">
+ <xs:simpleType>
+ <xs:restriction base="nymType">
+ <xs:enumeration value="anonymity"/>
+ <xs:enumeration value="verinymity"/>
+ <xs:enumeration value="pseudonymity"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered\r
- Document identifier: saml-schema-authn-context-mobileonefactor-unreg-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="ZeroKnowledge"/>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SSL"/>\r
- <xs:element ref="MobileNetworkNoEncryption"/>\r
- <xs:element ref="MobileNetworkRadioEncryption"/>\r
- <xs:element ref="MobileNetworkEndToEndEncryption"/>\r
- <xs:element ref="WTLS"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="OperationalProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="OperationalProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="SecurityAudit"/>\r
- <xs:element ref="DeactivationCallCenter"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PrivateKeyProtection"/>\r
- <xs:element ref="SecretKeyProtection"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SecretKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecretKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyStorageType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyStorageType">\r
- <xs:attribute name="medium" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="mediumType">\r
- <xs:enumeration value="MobileDevice"/>\r
- <xs:enumeration value="MobileAuthCard"/>\r
- <xs:enumeration value="smartcard"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="SecurityAuditType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecurityAuditType">\r
- <xs:sequence>\r
- <xs:element ref="SwitchAudit"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="IdentificationType">\r
- <xs:complexContent>\r
- <xs:restriction base="IdentificationType">\r
- <xs:sequence>\r
- <xs:element ref="GoverningAgreements"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="nym">\r
- <xs:simpleType>\r
- <xs:restriction base="nymType">\r
- <xs:enumeration value="anonymity"/>\r
- <xs:enumeration value="pseudonymity"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered
+ Document identifier: saml-schema-authn-context-mobileonefactor-unreg-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="ZeroKnowledge"/>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SSL"/>
+ <xs:element ref="MobileNetworkNoEncryption"/>
+ <xs:element ref="MobileNetworkRadioEncryption"/>
+ <xs:element ref="MobileNetworkEndToEndEncryption"/>
+ <xs:element ref="WTLS"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="OperationalProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="OperationalProtectionType">
+ <xs:sequence>
+ <xs:element ref="SecurityAudit"/>
+ <xs:element ref="DeactivationCallCenter"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:complexContent>
+ <xs:restriction base="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PrivateKeyProtection"/>
+ <xs:element ref="SecretKeyProtection"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecretKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="SecretKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:complexContent>
+ <xs:restriction base="KeyStorageType">
+ <xs:attribute name="medium" use="required">
+ <xs:simpleType>
+ <xs:restriction base="mediumType">
+ <xs:enumeration value="MobileDevice"/>
+ <xs:enumeration value="MobileAuthCard"/>
+ <xs:enumeration value="smartcard"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecurityAuditType">
+ <xs:complexContent>
+ <xs:restriction base="SecurityAuditType">
+ <xs:sequence>
+ <xs:element ref="SwitchAudit"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="IdentificationType">
+ <xs:complexContent>
+ <xs:restriction base="IdentificationType">
+ <xs:sequence>
+ <xs:element ref="GoverningAgreements"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="nym">
+ <xs:simpleType>
+ <xs:restriction base="nymType">
+ <xs:enumeration value="anonymity"/>
+ <xs:enumeration value="pseudonymity"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract\r
- Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="ZeroKnowledge"/>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- <xs:element ref="ComplexAuthenticator"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="ComplexAuthenticatorType">\r
- <xs:complexContent>\r
- <xs:restriction base="ComplexAuthenticatorType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- </xs:choice>\r
- <xs:element ref="Password"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SSL"/>\r
- <xs:element ref="MobileNetworkNoEncryption"/>\r
- <xs:element ref="MobileNetworkRadioEncryption"/>\r
- <xs:element ref="MobileNetworkEndToEndEncryption"/>\r
- <xs:element ref="WTLS"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="OperationalProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="OperationalProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="SecurityAudit"/>\r
- <xs:element ref="DeactivationCallCenter"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PrivateKeyProtection"/>\r
- <xs:element ref="SecretKeyProtection"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation"/>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SecretKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecretKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation"/>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyStorageType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyStorageType">\r
- <xs:attribute name="medium" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="mediumType">\r
- <xs:enumeration value="MobileDevice"/>\r
- <xs:enumeration value="MobileAuthCard"/>\r
- <xs:enumeration value="smartcard"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="SecurityAuditType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecurityAuditType">\r
- <xs:sequence>\r
- <xs:element ref="SwitchAudit"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="IdentificationType">\r
- <xs:complexContent>\r
- <xs:restriction base="IdentificationType">\r
- <xs:sequence>\r
- <xs:element ref="PhysicalVerification"/>\r
- <xs:element ref="WrittenConsent"/>\r
- <xs:element ref="GoverningAgreements"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="nym">\r
- <xs:simpleType>\r
- <xs:restriction base="nymType">\r
- <xs:enumeration value="anonymity"/>\r
- <xs:enumeration value="verinymity"/>\r
- <xs:enumeration value="pseudonymity"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
+ Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="ZeroKnowledge"/>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ <xs:element ref="ComplexAuthenticator"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="ComplexAuthenticatorType">
+ <xs:complexContent>
+ <xs:restriction base="ComplexAuthenticatorType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ </xs:choice>
+ <xs:element ref="Password"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SSL"/>
+ <xs:element ref="MobileNetworkNoEncryption"/>
+ <xs:element ref="MobileNetworkRadioEncryption"/>
+ <xs:element ref="MobileNetworkEndToEndEncryption"/>
+ <xs:element ref="WTLS"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="OperationalProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="OperationalProtectionType">
+ <xs:sequence>
+ <xs:element ref="SecurityAudit"/>
+ <xs:element ref="DeactivationCallCenter"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:complexContent>
+ <xs:restriction base="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PrivateKeyProtection"/>
+ <xs:element ref="SecretKeyProtection"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation"/>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecretKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="SecretKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation"/>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:complexContent>
+ <xs:restriction base="KeyStorageType">
+ <xs:attribute name="medium" use="required">
+ <xs:simpleType>
+ <xs:restriction base="mediumType">
+ <xs:enumeration value="MobileDevice"/>
+ <xs:enumeration value="MobileAuthCard"/>
+ <xs:enumeration value="smartcard"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecurityAuditType">
+ <xs:complexContent>
+ <xs:restriction base="SecurityAuditType">
+ <xs:sequence>
+ <xs:element ref="SwitchAudit"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="IdentificationType">
+ <xs:complexContent>
+ <xs:restriction base="IdentificationType">
+ <xs:sequence>
+ <xs:element ref="PhysicalVerification"/>
+ <xs:element ref="WrittenConsent"/>
+ <xs:element ref="GoverningAgreements"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="nym">
+ <xs:simpleType>
+ <xs:restriction base="nymType">
+ <xs:enumeration value="anonymity"/>
+ <xs:enumeration value="verinymity"/>
+ <xs:enumeration value="pseudonymity"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered\r
- Document identifier: saml-schema-authn-context-mobiletwofactor-unreg-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="ZeroKnowledge"/>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- <xs:element ref="ComplexAuthenticator"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="ComplexAuthenticatorType">\r
- <xs:complexContent>\r
- <xs:restriction base="ComplexAuthenticatorType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- </xs:choice>\r
- <xs:element ref="Password"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SSL"/>\r
- <xs:element ref="MobileNetworkNoEncryption"/>\r
- <xs:element ref="MobileNetworkRadioEncryption"/>\r
- <xs:element ref="MobileNetworkEndToEndEncryption"/>\r
- <xs:element ref="WTLS"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="OperationalProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="OperationalProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="SecurityAudit"/>\r
- <xs:element ref="DeactivationCallCenter"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PrivateKeyProtection"/>\r
- <xs:element ref="SecretKeyProtection"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation"/>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SecretKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecretKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation"/>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyStorageType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyStorageType">\r
- <xs:attribute name="medium" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="mediumType">\r
- <xs:enumeration value="MobileDevice"/>\r
- <xs:enumeration value="MobileAuthCard"/>\r
- <xs:enumeration value="smartcard"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="SecurityAuditType">\r
- <xs:complexContent>\r
- <xs:restriction base="SecurityAuditType">\r
- <xs:sequence>\r
- <xs:element ref="SwitchAudit"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="IdentificationType">\r
- <xs:complexContent>\r
- <xs:restriction base="IdentificationType">\r
- <xs:sequence>\r
- <xs:element ref="GoverningAgreements"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="nym">\r
- <xs:simpleType>\r
- <xs:restriction base="nymType">\r
- <xs:enumeration value="anonymity"/>\r
- <xs:enumeration value="pseudonymity"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered
+ Document identifier: saml-schema-authn-context-mobiletwofactor-unreg-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="ZeroKnowledge"/>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ <xs:element ref="ComplexAuthenticator"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="ComplexAuthenticatorType">
+ <xs:complexContent>
+ <xs:restriction base="ComplexAuthenticatorType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ </xs:choice>
+ <xs:element ref="Password"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SSL"/>
+ <xs:element ref="MobileNetworkNoEncryption"/>
+ <xs:element ref="MobileNetworkRadioEncryption"/>
+ <xs:element ref="MobileNetworkEndToEndEncryption"/>
+ <xs:element ref="WTLS"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="OperationalProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="OperationalProtectionType">
+ <xs:sequence>
+ <xs:element ref="SecurityAudit"/>
+ <xs:element ref="DeactivationCallCenter"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:complexContent>
+ <xs:restriction base="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PrivateKeyProtection"/>
+ <xs:element ref="SecretKeyProtection"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation"/>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecretKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="SecretKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation"/>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:complexContent>
+ <xs:restriction base="KeyStorageType">
+ <xs:attribute name="medium" use="required">
+ <xs:simpleType>
+ <xs:restriction base="mediumType">
+ <xs:enumeration value="MobileDevice"/>
+ <xs:enumeration value="MobileAuthCard"/>
+ <xs:enumeration value="smartcard"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SecurityAuditType">
+ <xs:complexContent>
+ <xs:restriction base="SecurityAuditType">
+ <xs:sequence>
+ <xs:element ref="SwitchAudit"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="IdentificationType">
+ <xs:complexContent>
+ <xs:restriction base="IdentificationType">
+ <xs:sequence>
+ <xs:element ref="GoverningAgreements"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="nym">
+ <xs:simpleType>
+ <xs:restriction base="nymType">
+ <xs:enumeration value="anonymity"/>
+ <xs:enumeration value="pseudonymity"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony\r
- Document identifier: saml-schema-authn-context-nomad-telephony-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Password"/>\r
- <xs:element ref="SubscriberLineNumber"/>\r
- <xs:element ref="UserSuffix"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PSTN"/>\r
- <xs:element ref="ISDN"/>\r
- <xs:element ref="ADSL"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony
+ Document identifier: saml-schema-authn-context-nomad-telephony-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="Password"/>
+ <xs:element ref="SubscriberLineNumber"/>
+ <xs:element ref="UserSuffix"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PSTN"/>
+ <xs:element ref="ISDN"/>
+ <xs:element ref="ADSL"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony\r
- Document identifier: saml-schema-authn-context-personal-telephony-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="SubscriberLineNumber"/>\r
- <xs:element ref="UserSuffix"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PSTN"/>\r
- <xs:element ref="ISDN"/>\r
- <xs:element ref="ADSL"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony
+ Document identifier: saml-schema-authn-context-personal-telephony-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="SubscriberLineNumber"/>
+ <xs:element ref="UserSuffix"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PSTN"/>
+ <xs:element ref="ISDN"/>
+ <xs:element ref="ADSL"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PGP\r
- Document identifier: saml-schema-authn-context-pgp-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="DigSig"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PublicKeyType">\r
- <xs:complexContent>\r
- <xs:restriction base="PublicKeyType">\r
- <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PGP
+ Document identifier: saml-schema-authn-context-pgp-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="DigSig"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PublicKeyType">
+ <xs:complexContent>
+ <xs:restriction base="PublicKeyType">
+ <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport\r
- Document identifier: saml-schema-authn-context-ppt-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SSL"/>\r
- <xs:element ref="MobileNetworkRadioEncryption"/>\r
- <xs:element ref="MobileNetworkEndToEndEncryption"/>\r
- <xs:element ref="WTLS"/>\r
- <xs:element ref="IPSec"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ Document identifier: saml-schema-authn-context-ppt-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SSL"/>
+ <xs:element ref="MobileNetworkRadioEncryption"/>
+ <xs:element ref="MobileNetworkEndToEndEncryption"/>
+ <xs:element ref="WTLS"/>
+ <xs:element ref="IPSec"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Password\r
- Document identifier: saml-schema-authn-context-pword-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
+ Document identifier: saml-schema-authn-context-pword-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession\r
- Document identifier: saml-schema-authn-context-session-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PreviousSession"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
+ Document identifier: saml-schema-authn-context-session-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="PreviousSession"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard\r
- Document identifier: saml-schema-authn-context-smartcard-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="Smartcard"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
- \r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
+ Document identifier: saml-schema-authn-context-smartcard-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="Smartcard"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI\r
- Document identifier: saml-schema-authn-context-smartcardpki-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PrivateKeyProtection"/>\r
- </xs:choice>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="Smartcard"/>\r
- <xs:element ref="ActivationPin"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation"/>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyActivationType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyActivationType">\r
- <xs:sequence>\r
- <xs:element ref="ActivationPin"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="KeyStorageType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyStorageType">\r
- <xs:attribute name="medium" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="mediumType">\r
- <xs:enumeration value="smartcard"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
+ Document identifier: saml-schema-authn-context-smartcardpki-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:complexContent>
+ <xs:restriction base="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PrivateKeyProtection"/>
+ </xs:choice>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="Smartcard"/>
+ <xs:element ref="ActivationPin"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation"/>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyActivationType">
+ <xs:complexContent>
+ <xs:restriction base="KeyActivationType">
+ <xs:sequence>
+ <xs:element ref="ActivationPin"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:complexContent>
+ <xs:restriction base="KeyStorageType">
+ <xs:attribute name="medium" use="required">
+ <xs:simpleType>
+ <xs:restriction base="mediumType">
+ <xs:enumeration value="smartcard"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI\r
- Document identifier: saml-schema-authn-context-softwarepki-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PrivateKeyProtection"/>\r
- </xs:choice>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="ActivationPin"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation"/>\r
- <xs:element ref="KeyStorage"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyActivationType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyActivationType">\r
- <xs:sequence>\r
- <xs:element ref="ActivationPin"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="KeyStorageType">\r
- <xs:complexContent>\r
- <xs:restriction base="KeyStorageType">\r
- <xs:attribute name="medium" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="mediumType">\r
- <xs:enumeration value="memory"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI
+ Document identifier: saml-schema-authn-context-softwarepki-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:complexContent>
+ <xs:restriction base="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PrivateKeyProtection"/>
+ </xs:choice>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="ActivationPin"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:complexContent>
+ <xs:restriction base="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation"/>
+ <xs:element ref="KeyStorage"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyActivationType">
+ <xs:complexContent>
+ <xs:restriction base="KeyActivationType">
+ <xs:sequence>
+ <xs:element ref="ActivationPin"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:complexContent>
+ <xs:restriction base="KeyStorageType">
+ <xs:attribute name="medium" use="required">
+ <xs:simpleType>
+ <xs:restriction base="mediumType">
+ <xs:enumeration value="memory"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI\r
- Document identifier: saml-schema-authn-context-spki-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="DigSig"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PublicKeyType">\r
- <xs:complexContent>\r
- <xs:restriction base="PublicKeyType">\r
- <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI
+ Document identifier: saml-schema-authn-context-spki-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="DigSig"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PublicKeyType">
+ <xs:complexContent>
+ <xs:restriction base="PublicKeyType">
+ <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword\r
- Document identifier: saml-schema-authn-context-srp-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="SharedSecretChallengeResponseType">\r
- <xs:complexContent>\r
- <xs:restriction base="SharedSecretChallengeResponseType">\r
- <xs:attribute name="method" type="xs:anyURI" fixed="urn:ietf:rfc:2945"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword
+ Document identifier: saml-schema-authn-context-srp-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="SharedSecretChallengeResponseType">
+ <xs:complexContent>
+ <xs:restriction base="SharedSecretChallengeResponseType">
+ <xs:attribute name="method" type="xs:anyURI" fixed="urn:ietf:rfc:2945"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient\r
- Document identifier: saml-schema-authn-context-sslcert-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="DigSig"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="PublicKeyType">\r
- <xs:complexContent>\r
- <xs:restriction base="PublicKeyType">\r
- <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="SSL"/> \r
- <xs:element ref="WTLS"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
+ Document identifier: saml-schema-authn-context-sslcert-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="DigSig"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PublicKeyType">
+ <xs:complexContent>
+ <xs:restriction base="PublicKeyType">
+ <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="SSL"/>
+ <xs:element ref="WTLS"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony\r
- Document identifier: saml-schema-authn-context-telephony-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="SubscriberLineNumber"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice>\r
- <xs:element ref="PSTN"/>\r
- <xs:element ref="ISDN"/>\r
- <xs:element ref="ADSL"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony
+ Document identifier: saml-schema-authn-context-telephony-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="SubscriberLineNumber"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice>
+ <xs:element ref="PSTN"/>
+ <xs:element ref="ISDN"/>
+ <xs:element ref="ADSL"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
</xs:schema>
\ No newline at end of file
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken\r
- Document identifier: saml-schema-authn-context-timesync-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="Token"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TokenType">\r
- <xs:complexContent>\r
- <xs:restriction base="TokenType">\r
- <xs:sequence>\r
- <xs:element ref="TimeSyncToken"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TimeSyncTokenType">\r
- <xs:complexContent>\r
- <xs:restriction base="TimeSyncTokenType">\r
- <xs:attribute name="DeviceType" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="DeviceTypeType">\r
- <xs:enumeration value="hardware"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
-\r
- <xs:attribute name="SeedLength" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="xs:integer">\r
- <xs:minInclusive value="64"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
-\r
- <xs:attribute name="DeviceInHand" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="booleanType">\r
- <xs:enumeration value="true"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+ Document identifier: saml-schema-authn-context-timesync-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="Token"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TokenType">
+ <xs:complexContent>
+ <xs:restriction base="TokenType">
+ <xs:sequence>
+ <xs:element ref="TimeSyncToken"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="TimeSyncTokenType">
+ <xs:complexContent>
+ <xs:restriction base="TimeSyncTokenType">
+ <xs:attribute name="DeviceType" use="required">
+ <xs:simpleType>
+ <xs:restriction base="DeviceTypeType">
+ <xs:enumeration value="hardware"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="SeedLength" use="required">
+ <xs:simpleType>
+ <xs:restriction base="xs:integer">
+ <xs:minInclusive value="64"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="DeviceInHand" use="required">
+ <xs:simpleType>
+ <xs:restriction base="booleanType">
+ <xs:enumeration value="true"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<xs:schema \r
- xmlns:xs="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="qualified"\r
- version="2.0">\r
-\r
- <xs:annotation>\r
- <xs:documentation>\r
- Document identifier: saml-schema-authn-context-types-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New core authentication context schema types for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- A particular assertion on an identity\r
- provider's part with respect to the authentication\r
- context associated with an authentication assertion.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="Identification" type="IdentificationType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Refers to those characteristics that describe the\r
- processes and mechanisms\r
- the Authentication Authority uses to initially create\r
- an association between a Principal\r
- and the identity (or name) by which the Principal will\r
- be known\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="PhysicalVerification">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that identification has been\r
- performed in a physical\r
- face-to-face meeting with the principal and not in an\r
- online manner.\r
- </xs:documentation>\r
- </xs:annotation>\r
- <xs:complexType>\r
- <xs:attribute name="credentialLevel">\r
- <xs:simpleType>\r
- <xs:restriction base="xs:NMTOKEN">\r
- <xs:enumeration value="primary"/>\r
- <xs:enumeration value="secondary"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:complexType>\r
- </xs:element>\r
-\r
- <xs:element name="WrittenConsent" type="ExtensionOnlyType"/>\r
-\r
- <xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Refers to those characterstics that describe how the\r
- 'secret' (the knowledge or possession\r
- of which allows the Principal to authenticate to the\r
- Authentication Authority) is kept secure\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates the types and strengths of\r
- facilities\r
- of a UA used to protect a shared secret key from\r
- unauthorized access and/or use.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates the types and strengths of\r
- facilities\r
- of a UA used to protect a private key from\r
- unauthorized access and/or use.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="KeyActivation" type="KeyActivationType">\r
- <xs:annotation>\r
- <xs:documentation>The actions that must be performed\r
- before the private key can be used. </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="KeySharing" type="KeySharingType">\r
- <xs:annotation>\r
- <xs:documentation>Whether or not the private key is shared\r
- with the certificate authority.</xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="KeyStorage" type="KeyStorageType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- In which medium is the key stored.\r
- memory - the key is stored in memory.\r
- smartcard - the key is stored in a smartcard.\r
- token - the key is stored in a hardware token.\r
- MobileDevice - the key is stored in a mobile device.\r
- MobileAuthCard - the key is stored in a mobile\r
- authentication card.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/>\r
- <xs:element name="UserSuffix" type="ExtensionOnlyType"/>\r
-\r
- <xs:element name="Password" type="PasswordType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that a password (or passphrase)\r
- has been used to\r
- authenticate the Principal to a remote system.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="ActivationPin" type="ActivationPinType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that a Pin (Personal\r
- Identification Number) has been used to authenticate the Principal to\r
- some local system in order to activate a key.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="Token" type="TokenType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that a hardware or software\r
- token is used\r
- as a method of identifying the Principal.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="TimeSyncToken" type="TimeSyncTokenType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that a time synchronization\r
- token is used to identify the Principal. hardware -\r
- the time synchonization\r
- token has been implemented in hardware. software - the\r
- time synchronization\r
- token has been implemented in software. SeedLength -\r
- the length, in bits, of the\r
- random seed used in the time synchronization token.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="Smartcard" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that a smartcard is used to\r
- identity the Principal.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="Length" type="LengthType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates the minimum and/or maximum\r
- ASCII length of the password which is enforced (by the UA or the\r
- IdP). In other words, this is the minimum and/or maximum number of\r
- ASCII characters required to represent a valid password.\r
- min - the minimum number of ASCII characters required\r
- in a valid password, as enforced by the UA or the IdP.\r
- max - the maximum number of ASCII characters required\r
- in a valid password, as enforced by the UA or the IdP.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="ActivationLimit" type="ActivationLimitType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates the length of time for which an\r
- PIN-based authentication is valid.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="Generation">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Indicates whether the password was chosen by the\r
- Principal or auto-supplied by the Authentication Authority.\r
- principalchosen - the Principal is allowed to choose\r
- the value of the password. This is true even if\r
- the initial password is chosen at random by the UA or\r
- the IdP and the Principal is then free to change\r
- the password.\r
- automatic - the password is chosen by the UA or the\r
- IdP to be cryptographically strong in some sense,\r
- or to satisfy certain password rules, and that the\r
- Principal is not free to change it or to choose a new password.\r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType>\r
- <xs:attribute name="mechanism" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="xs:NMTOKEN">\r
- <xs:enumeration value="principalchosen"/>\r
- <xs:enumeration value="automatic"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- </xs:complexType>\r
- </xs:element>\r
-\r
- <xs:element name="AuthnMethod" type="AuthnMethodBaseType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Refers to those characteristics that define the\r
- mechanisms by which the Principal authenticates to the Authentication\r
- Authority.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- The method that a Principal employs to perform\r
- authentication to local system components.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="Authenticator" type="AuthenticatorBaseType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- The method applied to validate a principal's\r
- authentication across a network\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Supports Authenticators with nested combinations of\r
- additional complexity.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="PreviousSession" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Indicates that the Principal has been strongly\r
- authenticated in a previous session during which the IdP has set a\r
- cookie in the UA. During the present session the Principal has only\r
- been authenticated by the UA returning the cookie to the IdP.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="ResumeSession" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Rather like PreviousSession but using stronger\r
- security. A secret that was established in a previous session with\r
- the Authentication Authority has been cached by the local system and\r
- is now re-used (e.g. a Master Secret is used to derive new session\r
- keys in TLS, SSL, WTLS).\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="ZeroKnowledge" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Principal has been\r
- authenticated by a zero knowledge technique as specified in ISO/IEC\r
- 9798-5.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/>\r
-\r
- <xs:complexType name="SharedSecretChallengeResponseType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Principal has been\r
- authenticated by a challenge-response protocol utilizing shared secret\r
- keys and symmetric cryptography.\r
- </xs:documentation>\r
- </xs:annotation>\r
- <xs:sequence>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="method" type="xs:anyURI" use="optional"/>\r
- </xs:complexType>\r
-\r
- <xs:element name="DigSig" type="PublicKeyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Principal has been\r
- authenticated by a mechanism which involves the Principal computing a\r
- digital signature over at least challenge data provided by the IdP.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="AsymmetricDecryption" type="PublicKeyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- The local system has a private key but it is used\r
- in decryption mode, rather than signature mode. For example, the\r
- Authentication Authority generates a secret and encrypts it using the\r
- local system's public key: the local system then proves it has\r
- decrypted the secret.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="AsymmetricKeyAgreement" type="PublicKeyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- The local system has a private key and uses it for\r
- shared secret key agreement with the Authentication Authority (e.g.\r
- via Diffie Helman).\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:complexType name="PublicKeyType">\r
- <xs:sequence>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="keyValidation" use="optional"/>\r
- </xs:complexType>\r
-\r
- <xs:element name="IPAddress" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Principal has been\r
- authenticated through connection from a particular IP address.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- The local system and Authentication Authority\r
- share a secret key. The local system uses this to encrypt a\r
- randomised string to pass to the Authentication Authority.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- The protocol across which Authenticator information is\r
- transferred to an Authentication Authority verifier.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="HTTP" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Authenticator has been\r
- transmitted using bare HTTP utilizing no additional security\r
- protocols.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="IPSec" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Authenticator has been\r
- transmitted using a transport mechanism protected by an IPSEC session.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
- \r
- <xs:element name="WTLS" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Authenticator has been\r
- transmitted using a transport mechanism protected by a WTLS session.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Authenticator has been\r
- transmitted solely across a mobile network using no additional\r
- security mechanism.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/>\r
- <xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/>\r
-\r
- <xs:element name="SSL" type="ExtensionOnlyType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Authenticator has been\r
- transmitted using a transport mechnanism protected by an SSL or TLS\r
- session.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
- \r
- <xs:element name="PSTN" type="ExtensionOnlyType"/>\r
- <xs:element name="ISDN" type="ExtensionOnlyType"/>\r
- <xs:element name="ADSL" type="ExtensionOnlyType"/>\r
-\r
- <xs:element name="OperationalProtection" type="OperationalProtectionType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Refers to those characteristics that describe\r
- procedural security controls employed by the Authentication Authority.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="SecurityAudit" type="SecurityAuditType"/>\r
- <xs:element name="SwitchAudit" type="ExtensionOnlyType"/>\r
- <xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/>\r
-\r
- <xs:element name="GoverningAgreements" type="GoverningAgreementsType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- Provides a mechanism for linking to external (likely\r
- human readable) documents in which additional business agreements,\r
- (e.g. liability constraints, obligations, etc) can be placed.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
-\r
- <xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>\r
-\r
- <xs:simpleType name="nymType">\r
- <xs:restriction base="xs:NMTOKEN">\r
- <xs:enumeration value="anonymity"/>\r
- <xs:enumeration value="verinymity"/>\r
- <xs:enumeration value="pseudonymity"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod" minOccurs="0"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="IdentificationType">\r
- <xs:sequence>\r
- <xs:element ref="PhysicalVerification" minOccurs="0"/>\r
- <xs:element ref="WrittenConsent" minOccurs="0"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="nym" type="nymType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This attribute indicates whether or not the\r
- Identification mechanisms allow the actions of the Principal to be\r
- linked to an actual end user.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:attribute>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="TechnicalProtectionBaseType">\r
- <xs:sequence>\r
- <xs:choice minOccurs="0">\r
- <xs:element ref="PrivateKeyProtection"/>\r
- <xs:element ref="SecretKeyProtection"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="OperationalProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="SecurityAudit" minOccurs="0"/>\r
- <xs:element ref="DeactivationCallCenter" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>\r
- <xs:element ref="Authenticator" minOccurs="0"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="GoverningAgreementsType">\r
- <xs:sequence>\r
- <xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="GoverningAgreementRefType">\r
- <xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="Password" minOccurs="0"/>\r
- <xs:element ref="RestrictedPassword" minOccurs="0"/>\r
- <xs:element ref="Token" minOccurs="0"/>\r
- <xs:element ref="Smartcard" minOccurs="0"/>\r
- <xs:element ref="ActivationPin" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:complexType>\r
- \r
- <xs:group name="AuthenticatorChoiceGroup">\r
- <xs:choice>\r
- <xs:element ref="PreviousSession"/>\r
- <xs:element ref="ResumeSession"/>\r
- <xs:element ref="DigSig"/>\r
- <xs:element ref="Password"/>\r
- <xs:element ref="RestrictedPassword"/>\r
- <xs:element ref="ZeroKnowledge"/>\r
- <xs:element ref="SharedSecretChallengeResponse"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext"/>\r
- <xs:element ref="IPAddress"/>\r
- <xs:element ref="AsymmetricDecryption"/>\r
- <xs:element ref="AsymmetricKeyAgreement"/>\r
- <xs:element ref="SubscriberLineNumber"/>\r
- <xs:element ref="UserSuffix"/>\r
- <xs:element ref="ComplexAuthenticator"/>\r
- </xs:choice>\r
- </xs:group>\r
- \r
- <xs:group name="AuthenticatorSequenceGroup">\r
- <xs:sequence>\r
- <xs:element ref="PreviousSession" minOccurs="0"/>\r
- <xs:element ref="ResumeSession" minOccurs="0"/>\r
- <xs:element ref="DigSig" minOccurs="0"/>\r
- <xs:element ref="Password" minOccurs="0"/>\r
- <xs:element ref="RestrictedPassword" minOccurs="0"/>\r
- <xs:element ref="ZeroKnowledge" minOccurs="0"/>\r
- <xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/>\r
- <xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/>\r
- <xs:element ref="IPAddress" minOccurs="0"/>\r
- <xs:element ref="AsymmetricDecryption" minOccurs="0"/>\r
- <xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/>\r
- <xs:element ref="SubscriberLineNumber" minOccurs="0"/>\r
- <xs:element ref="UserSuffix" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:group>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:group ref="AuthenticatorChoiceGroup"/>\r
- <xs:group ref="AuthenticatorSequenceGroup"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="ComplexAuthenticatorType">\r
- <xs:sequence>\r
- <xs:group ref="AuthenticatorChoiceGroup"/>\r
- <xs:group ref="AuthenticatorSequenceGroup"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorTransportProtocolType">\r
- <xs:sequence>\r
- <xs:choice minOccurs="0">\r
- <xs:element ref="HTTP"/>\r
- <xs:element ref="SSL"/>\r
- <xs:element ref="MobileNetworkNoEncryption"/>\r
- <xs:element ref="MobileNetworkRadioEncryption"/>\r
- <xs:element ref="MobileNetworkEndToEndEncryption"/>\r
- <xs:element ref="WTLS"/>\r
- <xs:element ref="IPSec"/>\r
- <xs:element ref="PSTN"/>\r
- <xs:element ref="ISDN"/>\r
- <xs:element ref="ADSL"/>\r
- </xs:choice>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeyActivationType">\r
- <xs:sequence>\r
- <xs:element ref="ActivationPin" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="KeySharingType">\r
- <xs:attribute name="sharing" type="xs:boolean" use="required"/>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PrivateKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation" minOccurs="0"/>\r
- <xs:element ref="KeyStorage" minOccurs="0"/>\r
- <xs:element ref="KeySharing" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PasswordType">\r
- <xs:sequence>\r
- <xs:element ref="Length" minOccurs="0"/>\r
- <xs:element ref="Alphabet" minOccurs="0"/>\r
- <xs:element ref="Generation" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>\r
- </xs:complexType>\r
-\r
- <xs:element name="RestrictedPassword" type="RestrictedPasswordType"/>\r
-\r
- <xs:complexType name="RestrictedPasswordType">\r
- <xs:complexContent>\r
- <xs:restriction base="PasswordType">\r
- <xs:sequence>\r
- <xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>\r
- <xs:element ref="Generation" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="RestrictedLengthType">\r
- <xs:complexContent>\r
- <xs:restriction base="LengthType">\r
- <xs:attribute name="min" use="required">\r
- <xs:simpleType>\r
- <xs:restriction base="xs:integer">\r
- <xs:minInclusive value="3"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- </xs:attribute>\r
- <xs:attribute name="max" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="ActivationPinType">\r
- <xs:sequence>\r
- <xs:element ref="Length" minOccurs="0"/>\r
- <xs:element ref="Alphabet" minOccurs="0"/>\r
- <xs:element ref="Generation" minOccurs="0"/>\r
- <xs:element ref="ActivationLimit" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
- \r
- <xs:element name="Alphabet" type="AlphabetType"/>\r
- <xs:complexType name="AlphabetType">\r
- <xs:attribute name="requiredChars" type="xs:string" use="required"/>\r
- <xs:attribute name="excludedChars" type="xs:string" use="optional"/>\r
- <xs:attribute name="case" type="xs:string" use="optional"/>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="TokenType">\r
- <xs:sequence>\r
- <xs:element ref="TimeSyncToken"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
- \r
- <xs:simpleType name="DeviceTypeType">\r
- <xs:restriction base="xs:NMTOKEN">\r
- <xs:enumeration value="hardware"/>\r
- <xs:enumeration value="software"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- \r
- <xs:simpleType name="booleanType">\r
- <xs:restriction base="xs:NMTOKEN">\r
- <xs:enumeration value="true"/>\r
- <xs:enumeration value="false"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
- \r
- <xs:complexType name="TimeSyncTokenType">\r
- <xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/>\r
- <xs:attribute name="SeedLength" type="xs:integer" use="required"/>\r
- <xs:attribute name="DeviceInHand" type="booleanType" use="required"/>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="ActivationLimitType">\r
- <xs:choice>\r
- <xs:element ref="ActivationLimitDuration"/>\r
- <xs:element ref="ActivationLimitUsages"/>\r
- <xs:element ref="ActivationLimitSession"/>\r
- </xs:choice>\r
- </xs:complexType>\r
- \r
- <xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Key Activation Limit is\r
- defined as a specific duration of time.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
- \r
- <xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Key Activation Limit is\r
- defined as a number of usages.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
- \r
- <xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">\r
- <xs:annotation>\r
- <xs:documentation>\r
- This element indicates that the Key Activation Limit is\r
- the session.\r
- </xs:documentation>\r
- </xs:annotation>\r
- </xs:element>\r
- \r
- <xs:complexType name="ActivationLimitDurationType">\r
- <xs:attribute name="duration" type="xs:duration" use="required"/>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="ActivationLimitUsagesType">\r
- <xs:attribute name="number" type="xs:integer" use="required"/>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="ActivationLimitSessionType"/>\r
- \r
- <xs:complexType name="LengthType">\r
- <xs:attribute name="min" type="xs:integer" use="required"/>\r
- <xs:attribute name="max" type="xs:integer" use="optional"/>\r
- </xs:complexType>\r
-\r
- <xs:simpleType name="mediumType">\r
- <xs:restriction base="xs:NMTOKEN">\r
- <xs:enumeration value="memory"/>\r
- <xs:enumeration value="smartcard"/>\r
- <xs:enumeration value="token"/>\r
- <xs:enumeration value="MobileDevice"/>\r
- <xs:enumeration value="MobileAuthCard"/>\r
- </xs:restriction>\r
- </xs:simpleType>\r
-\r
- <xs:complexType name="KeyStorageType">\r
- <xs:attribute name="medium" type="mediumType" use="required"/>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SecretKeyProtectionType">\r
- <xs:sequence>\r
- <xs:element ref="KeyActivation" minOccurs="0"/>\r
- <xs:element ref="KeyStorage" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="SecurityAuditType">\r
- <xs:sequence>\r
- <xs:element ref="SwitchAudit" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="ExtensionOnlyType">\r
- <xs:sequence>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
- \r
- <xs:element name="Extension" type="ExtensionType"/>\r
-\r
- <xs:complexType name="ExtensionType">\r
- <xs:sequence>\r
- <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:complexType>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ version="2.0">
+
+ <xs:annotation>
+ <xs:documentation>
+ Document identifier: saml-schema-authn-context-types-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New core authentication context schema types for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType">
+ <xs:annotation>
+ <xs:documentation>
+ A particular assertion on an identity
+ provider's part with respect to the authentication
+ context associated with an authentication assertion.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="Identification" type="IdentificationType">
+ <xs:annotation>
+ <xs:documentation>
+ Refers to those characteristics that describe the
+ processes and mechanisms
+ the Authentication Authority uses to initially create
+ an association between a Principal
+ and the identity (or name) by which the Principal will
+ be known
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="PhysicalVerification">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that identification has been
+ performed in a physical
+ face-to-face meeting with the principal and not in an
+ online manner.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:attribute name="credentialLevel">
+ <xs:simpleType>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="primary"/>
+ <xs:enumeration value="secondary"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="WrittenConsent" type="ExtensionOnlyType"/>
+
+ <xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType">
+ <xs:annotation>
+ <xs:documentation>
+ Refers to those characterstics that describe how the
+ 'secret' (the knowledge or possession
+ of which allows the Principal to authenticate to the
+ Authentication Authority) is kept secure
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates the types and strengths of
+ facilities
+ of a UA used to protect a shared secret key from
+ unauthorized access and/or use.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates the types and strengths of
+ facilities
+ of a UA used to protect a private key from
+ unauthorized access and/or use.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="KeyActivation" type="KeyActivationType">
+ <xs:annotation>
+ <xs:documentation>The actions that must be performed
+ before the private key can be used. </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="KeySharing" type="KeySharingType">
+ <xs:annotation>
+ <xs:documentation>Whether or not the private key is shared
+ with the certificate authority.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="KeyStorage" type="KeyStorageType">
+ <xs:annotation>
+ <xs:documentation>
+ In which medium is the key stored.
+ memory - the key is stored in memory.
+ smartcard - the key is stored in a smartcard.
+ token - the key is stored in a hardware token.
+ MobileDevice - the key is stored in a mobile device.
+ MobileAuthCard - the key is stored in a mobile
+ authentication card.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/>
+ <xs:element name="UserSuffix" type="ExtensionOnlyType"/>
+
+ <xs:element name="Password" type="PasswordType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that a password (or passphrase)
+ has been used to
+ authenticate the Principal to a remote system.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ActivationPin" type="ActivationPinType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that a Pin (Personal
+ Identification Number) has been used to authenticate the Principal to
+ some local system in order to activate a key.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="Token" type="TokenType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that a hardware or software
+ token is used
+ as a method of identifying the Principal.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="TimeSyncToken" type="TimeSyncTokenType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that a time synchronization
+ token is used to identify the Principal. hardware -
+ the time synchonization
+ token has been implemented in hardware. software - the
+ time synchronization
+ token has been implemented in software. SeedLength -
+ the length, in bits, of the
+ random seed used in the time synchronization token.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="Smartcard" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that a smartcard is used to
+ identity the Principal.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="Length" type="LengthType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates the minimum and/or maximum
+ ASCII length of the password which is enforced (by the UA or the
+ IdP). In other words, this is the minimum and/or maximum number of
+ ASCII characters required to represent a valid password.
+ min - the minimum number of ASCII characters required
+ in a valid password, as enforced by the UA or the IdP.
+ max - the maximum number of ASCII characters required
+ in a valid password, as enforced by the UA or the IdP.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ActivationLimit" type="ActivationLimitType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates the length of time for which an
+ PIN-based authentication is valid.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="Generation">
+ <xs:annotation>
+ <xs:documentation>
+ Indicates whether the password was chosen by the
+ Principal or auto-supplied by the Authentication Authority.
+ principalchosen - the Principal is allowed to choose
+ the value of the password. This is true even if
+ the initial password is chosen at random by the UA or
+ the IdP and the Principal is then free to change
+ the password.
+ automatic - the password is chosen by the UA or the
+ IdP to be cryptographically strong in some sense,
+ or to satisfy certain password rules, and that the
+ Principal is not free to change it or to choose a new password.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType>
+ <xs:attribute name="mechanism" use="required">
+ <xs:simpleType>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="principalchosen"/>
+ <xs:enumeration value="automatic"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="AuthnMethod" type="AuthnMethodBaseType">
+ <xs:annotation>
+ <xs:documentation>
+ Refers to those characteristics that define the
+ mechanisms by which the Principal authenticates to the Authentication
+ Authority.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
+ <xs:annotation>
+ <xs:documentation>
+ The method that a Principal employs to perform
+ authentication to local system components.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="Authenticator" type="AuthenticatorBaseType">
+ <xs:annotation>
+ <xs:documentation>
+ The method applied to validate a principal's
+ authentication across a network
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType">
+ <xs:annotation>
+ <xs:documentation>
+ Supports Authenticators with nested combinations of
+ additional complexity.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="PreviousSession" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ Indicates that the Principal has been strongly
+ authenticated in a previous session during which the IdP has set a
+ cookie in the UA. During the present session the Principal has only
+ been authenticated by the UA returning the cookie to the IdP.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ResumeSession" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ Rather like PreviousSession but using stronger
+ security. A secret that was established in a previous session with
+ the Authentication Authority has been cached by the local system and
+ is now re-used (e.g. a Master Secret is used to derive new session
+ keys in TLS, SSL, WTLS).
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ZeroKnowledge" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Principal has been
+ authenticated by a zero knowledge technique as specified in ISO/IEC
+ 9798-5.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/>
+
+ <xs:complexType name="SharedSecretChallengeResponseType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Principal has been
+ authenticated by a challenge-response protocol utilizing shared secret
+ keys and symmetric cryptography.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="method" type="xs:anyURI" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="DigSig" type="PublicKeyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Principal has been
+ authenticated by a mechanism which involves the Principal computing a
+ digital signature over at least challenge data provided by the IdP.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="AsymmetricDecryption" type="PublicKeyType">
+ <xs:annotation>
+ <xs:documentation>
+ The local system has a private key but it is used
+ in decryption mode, rather than signature mode. For example, the
+ Authentication Authority generates a secret and encrypts it using the
+ local system's public key: the local system then proves it has
+ decrypted the secret.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="AsymmetricKeyAgreement" type="PublicKeyType">
+ <xs:annotation>
+ <xs:documentation>
+ The local system has a private key and uses it for
+ shared secret key agreement with the Authentication Authority (e.g.
+ via Diffie Helman).
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:complexType name="PublicKeyType">
+ <xs:sequence>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="keyValidation" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="IPAddress" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Principal has been
+ authenticated through connection from a particular IP address.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ The local system and Authentication Authority
+ share a secret key. The local system uses this to encrypt a
+ randomised string to pass to the Authentication Authority.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">
+ <xs:annotation>
+ <xs:documentation>
+ The protocol across which Authenticator information is
+ transferred to an Authentication Authority verifier.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="HTTP" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Authenticator has been
+ transmitted using bare HTTP utilizing no additional security
+ protocols.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="IPSec" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Authenticator has been
+ transmitted using a transport mechanism protected by an IPSEC session.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="WTLS" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Authenticator has been
+ transmitted using a transport mechanism protected by a WTLS session.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Authenticator has been
+ transmitted solely across a mobile network using no additional
+ security mechanism.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/>
+ <xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/>
+
+ <xs:element name="SSL" type="ExtensionOnlyType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Authenticator has been
+ transmitted using a transport mechnanism protected by an SSL or TLS
+ session.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="PSTN" type="ExtensionOnlyType"/>
+ <xs:element name="ISDN" type="ExtensionOnlyType"/>
+ <xs:element name="ADSL" type="ExtensionOnlyType"/>
+
+ <xs:element name="OperationalProtection" type="OperationalProtectionType">
+ <xs:annotation>
+ <xs:documentation>
+ Refers to those characteristics that describe
+ procedural security controls employed by the Authentication Authority.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="SecurityAudit" type="SecurityAuditType"/>
+ <xs:element name="SwitchAudit" type="ExtensionOnlyType"/>
+ <xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/>
+
+ <xs:element name="GoverningAgreements" type="GoverningAgreementsType">
+ <xs:annotation>
+ <xs:documentation>
+ Provides a mechanism for linking to external (likely
+ human readable) documents in which additional business agreements,
+ (e.g. liability constraints, obligations, etc) can be placed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>
+
+ <xs:simpleType name="nymType">
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="anonymity"/>
+ <xs:enumeration value="verinymity"/>
+ <xs:enumeration value="pseudonymity"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod" minOccurs="0"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:complexType>
+
+ <xs:complexType name="IdentificationType">
+ <xs:sequence>
+ <xs:element ref="PhysicalVerification" minOccurs="0"/>
+ <xs:element ref="WrittenConsent" minOccurs="0"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="nym" type="nymType">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute indicates whether or not the
+ Identification mechanisms allow the actions of the Principal to be
+ linked to an actual end user.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
+ <xs:complexType name="TechnicalProtectionBaseType">
+ <xs:sequence>
+ <xs:choice minOccurs="0">
+ <xs:element ref="PrivateKeyProtection"/>
+ <xs:element ref="SecretKeyProtection"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="OperationalProtectionType">
+ <xs:sequence>
+ <xs:element ref="SecurityAudit" minOccurs="0"/>
+ <xs:element ref="DeactivationCallCenter" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
+ <xs:element ref="Authenticator" minOccurs="0"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GoverningAgreementsType">
+ <xs:sequence>
+ <xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GoverningAgreementRefType">
+ <xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="Password" minOccurs="0"/>
+ <xs:element ref="RestrictedPassword" minOccurs="0"/>
+ <xs:element ref="Token" minOccurs="0"/>
+ <xs:element ref="Smartcard" minOccurs="0"/>
+ <xs:element ref="ActivationPin" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:complexType>
+
+ <xs:group name="AuthenticatorChoiceGroup">
+ <xs:choice>
+ <xs:element ref="PreviousSession"/>
+ <xs:element ref="ResumeSession"/>
+ <xs:element ref="DigSig"/>
+ <xs:element ref="Password"/>
+ <xs:element ref="RestrictedPassword"/>
+ <xs:element ref="ZeroKnowledge"/>
+ <xs:element ref="SharedSecretChallengeResponse"/>
+ <xs:element ref="SharedSecretDynamicPlaintext"/>
+ <xs:element ref="IPAddress"/>
+ <xs:element ref="AsymmetricDecryption"/>
+ <xs:element ref="AsymmetricKeyAgreement"/>
+ <xs:element ref="SubscriberLineNumber"/>
+ <xs:element ref="UserSuffix"/>
+ <xs:element ref="ComplexAuthenticator"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:group name="AuthenticatorSequenceGroup">
+ <xs:sequence>
+ <xs:element ref="PreviousSession" minOccurs="0"/>
+ <xs:element ref="ResumeSession" minOccurs="0"/>
+ <xs:element ref="DigSig" minOccurs="0"/>
+ <xs:element ref="Password" minOccurs="0"/>
+ <xs:element ref="RestrictedPassword" minOccurs="0"/>
+ <xs:element ref="ZeroKnowledge" minOccurs="0"/>
+ <xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/>
+ <xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/>
+ <xs:element ref="IPAddress" minOccurs="0"/>
+ <xs:element ref="AsymmetricDecryption" minOccurs="0"/>
+ <xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/>
+ <xs:element ref="SubscriberLineNumber" minOccurs="0"/>
+ <xs:element ref="UserSuffix" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:group>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:group ref="AuthenticatorChoiceGroup"/>
+ <xs:group ref="AuthenticatorSequenceGroup"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="ComplexAuthenticatorType">
+ <xs:sequence>
+ <xs:group ref="AuthenticatorChoiceGroup"/>
+ <xs:group ref="AuthenticatorSequenceGroup"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorTransportProtocolType">
+ <xs:sequence>
+ <xs:choice minOccurs="0">
+ <xs:element ref="HTTP"/>
+ <xs:element ref="SSL"/>
+ <xs:element ref="MobileNetworkNoEncryption"/>
+ <xs:element ref="MobileNetworkRadioEncryption"/>
+ <xs:element ref="MobileNetworkEndToEndEncryption"/>
+ <xs:element ref="WTLS"/>
+ <xs:element ref="IPSec"/>
+ <xs:element ref="PSTN"/>
+ <xs:element ref="ISDN"/>
+ <xs:element ref="ADSL"/>
+ </xs:choice>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="KeyActivationType">
+ <xs:sequence>
+ <xs:element ref="ActivationPin" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="KeySharingType">
+ <xs:attribute name="sharing" type="xs:boolean" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="PrivateKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation" minOccurs="0"/>
+ <xs:element ref="KeyStorage" minOccurs="0"/>
+ <xs:element ref="KeySharing" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="PasswordType">
+ <xs:sequence>
+ <xs:element ref="Length" minOccurs="0"/>
+ <xs:element ref="Alphabet" minOccurs="0"/>
+ <xs:element ref="Generation" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="RestrictedPassword" type="RestrictedPasswordType"/>
+
+ <xs:complexType name="RestrictedPasswordType">
+ <xs:complexContent>
+ <xs:restriction base="PasswordType">
+ <xs:sequence>
+ <xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>
+ <xs:element ref="Generation" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="RestrictedLengthType">
+ <xs:complexContent>
+ <xs:restriction base="LengthType">
+ <xs:attribute name="min" use="required">
+ <xs:simpleType>
+ <xs:restriction base="xs:integer">
+ <xs:minInclusive value="3"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="max" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="ActivationPinType">
+ <xs:sequence>
+ <xs:element ref="Length" minOccurs="0"/>
+ <xs:element ref="Alphabet" minOccurs="0"/>
+ <xs:element ref="Generation" minOccurs="0"/>
+ <xs:element ref="ActivationLimit" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="Alphabet" type="AlphabetType"/>
+ <xs:complexType name="AlphabetType">
+ <xs:attribute name="requiredChars" type="xs:string" use="required"/>
+ <xs:attribute name="excludedChars" type="xs:string" use="optional"/>
+ <xs:attribute name="case" type="xs:string" use="optional"/>
+ </xs:complexType>
+
+ <xs:complexType name="TokenType">
+ <xs:sequence>
+ <xs:element ref="TimeSyncToken"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:simpleType name="DeviceTypeType">
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="hardware"/>
+ <xs:enumeration value="software"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="booleanType">
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="true"/>
+ <xs:enumeration value="false"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:complexType name="TimeSyncTokenType">
+ <xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/>
+ <xs:attribute name="SeedLength" type="xs:integer" use="required"/>
+ <xs:attribute name="DeviceInHand" type="booleanType" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="ActivationLimitType">
+ <xs:choice>
+ <xs:element ref="ActivationLimitDuration"/>
+ <xs:element ref="ActivationLimitUsages"/>
+ <xs:element ref="ActivationLimitSession"/>
+ </xs:choice>
+ </xs:complexType>
+
+ <xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Key Activation Limit is
+ defined as a specific duration of time.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Key Activation Limit is
+ defined as a number of usages.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">
+ <xs:annotation>
+ <xs:documentation>
+ This element indicates that the Key Activation Limit is
+ the session.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:complexType name="ActivationLimitDurationType">
+ <xs:attribute name="duration" type="xs:duration" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="ActivationLimitUsagesType">
+ <xs:attribute name="number" type="xs:integer" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="ActivationLimitSessionType"/>
+
+ <xs:complexType name="LengthType">
+ <xs:attribute name="min" type="xs:integer" use="required"/>
+ <xs:attribute name="max" type="xs:integer" use="optional"/>
+ </xs:complexType>
+
+ <xs:simpleType name="mediumType">
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="memory"/>
+ <xs:enumeration value="smartcard"/>
+ <xs:enumeration value="token"/>
+ <xs:enumeration value="MobileDevice"/>
+ <xs:enumeration value="MobileAuthCard"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:complexType name="KeyStorageType">
+ <xs:attribute name="medium" type="mediumType" use="required"/>
+ </xs:complexType>
+
+ <xs:complexType name="SecretKeyProtectionType">
+ <xs:sequence>
+ <xs:element ref="KeyActivation" minOccurs="0"/>
+ <xs:element ref="KeyStorage" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="SecurityAuditType">
+ <xs:sequence>
+ <xs:element ref="SwitchAudit" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="ExtensionOnlyType">
+ <xs:sequence>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="Extension" type="ExtensionType"/>
+
+ <xs:complexType name="ExtensionType">
+ <xs:sequence>
+ <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:X509\r
- Document identifier: saml-schema-authn-context-x509-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
- \r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="DigSig"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PublicKeyType">\r
- <xs:complexContent>\r
- <xs:restriction base="PublicKeyType">\r
- <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:X509
+ Document identifier: saml-schema-authn-context-x509-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="DigSig"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PublicKeyType">
+ <xs:complexContent>
+ <xs:restriction base="PublicKeyType">
+ <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"\r
- xmlns:xs="http://www.w3.org/2001/XMLSchema" \r
- xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"\r
- finalDefault="extension"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">\r
-\r
- <xs:annotation>\r
- <xs:documentation> \r
- Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig\r
- Document identifier: saml-schema-authn-context-xmldsig-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- New authentication context class schema for SAML V2.0. \r
- </xs:documentation>\r
- </xs:annotation>\r
-\r
- <xs:complexType name="AuthnContextDeclarationBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnContextDeclarationBaseType">\r
- <xs:sequence>\r
- <xs:element ref="Identification" minOccurs="0"/>\r
- <xs:element ref="TechnicalProtection" minOccurs="0"/>\r
- <xs:element ref="OperationalProtection" minOccurs="0"/>\r
- <xs:element ref="AuthnMethod"/>\r
- <xs:element ref="GoverningAgreements" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- <xs:attribute name="ID" type="xs:ID" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthnMethodBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthnMethodBaseType">\r
- <xs:sequence>\r
- <xs:element ref="PrincipalAuthenticationMechanism"/>\r
- <xs:element ref="Authenticator"/>\r
- <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>\r
- <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType> \r
- \r
- <xs:complexType name="PrincipalAuthenticationMechanismType">\r
- <xs:complexContent>\r
- <xs:restriction base="PrincipalAuthenticationMechanismType">\r
- <xs:sequence>\r
- <xs:element ref="RestrictedPassword"/>\r
- </xs:sequence>\r
- <xs:attribute name="preauth" type="xs:integer" use="optional"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="AuthenticatorBaseType">\r
- <xs:complexContent>\r
- <xs:restriction base="AuthenticatorBaseType">\r
- <xs:sequence>\r
- <xs:element ref="DigSig"/>\r
- </xs:sequence>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- <xs:complexType name="PublicKeyType">\r
- <xs:complexContent>\r
- <xs:restriction base="PublicKeyType">\r
- <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:ietf:rfc:3075"/>\r
- </xs:restriction>\r
- </xs:complexContent>\r
- </xs:complexType>\r
-\r
- </xs:redefine>\r
-\r
-</xs:schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
+ finalDefault="extension"
+ blockDefault="substitution"
+ version="2.0">
+
+ <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
+
+ <xs:annotation>
+ <xs:documentation>
+ Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig
+ Document identifier: saml-schema-authn-context-xmldsig-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ New authentication context class schema for SAML V2.0.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType name="AuthnContextDeclarationBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnContextDeclarationBaseType">
+ <xs:sequence>
+ <xs:element ref="Identification" minOccurs="0"/>
+ <xs:element ref="TechnicalProtection" minOccurs="0"/>
+ <xs:element ref="OperationalProtection" minOccurs="0"/>
+ <xs:element ref="AuthnMethod"/>
+ <xs:element ref="GoverningAgreements" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ID" type="xs:ID" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthnMethodBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthnMethodBaseType">
+ <xs:sequence>
+ <xs:element ref="PrincipalAuthenticationMechanism"/>
+ <xs:element ref="Authenticator"/>
+ <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
+ <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PrincipalAuthenticationMechanismType">
+ <xs:complexContent>
+ <xs:restriction base="PrincipalAuthenticationMechanismType">
+ <xs:sequence>
+ <xs:element ref="RestrictedPassword"/>
+ </xs:sequence>
+ <xs:attribute name="preauth" type="xs:integer" use="optional"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="AuthenticatorBaseType">
+ <xs:complexContent>
+ <xs:restriction base="AuthenticatorBaseType">
+ <xs:sequence>
+ <xs:element ref="DigSig"/>
+ </xs:sequence>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="PublicKeyType">
+ <xs:complexContent>
+ <xs:restriction base="PublicKeyType">
+ <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:ietf:rfc:3075"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ </xs:redefine>
+
+</xs:schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"\r
- xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-dce-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- Custom schema for DCE attribute profile, first published in SAML 2.0.\r
- </documentation>\r
- </annotation>\r
- <complexType name="DCEValueType">\r
- <simpleContent>\r
- <extension base="anyURI">\r
- <attribute ref="dce:Realm" use="optional"/>\r
- <attribute ref="dce:FriendlyName" use="optional"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <attribute name="Realm" type="anyURI"/>\r
- <attribute name="FriendlyName" type="string"/>\r
-</schema>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
+ xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-dce-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ Custom schema for DCE attribute profile, first published in SAML 2.0.
+ </documentation>
+ </annotation>
+ <complexType name="DCEValueType">
+ <simpleContent>
+ <extension base="anyURI">
+ <attribute ref="dce:Realm" use="optional"/>
+ <attribute ref="dce:FriendlyName" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <attribute name="Realm" type="anyURI"/>
+ <attribute name="FriendlyName" type="string"/>
+</schema>
+
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"\r
- xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:protocol"\r
- schemaLocation="saml-schema-protocol-2.0.xsd"/>\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
- <import namespace="http://schemas.xmlsoap.org/soap/envelope/"\r
- schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-ecp-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- Custom schema for ECP profile, first published in SAML 2.0.\r
- </documentation>\r
- </annotation>\r
-\r
- <element name="Request" type="ecp:RequestType"/>\r
- <complexType name="RequestType">\r
- <sequence>\r
- <element ref="saml:Issuer"/>\r
- <element ref="samlp:IDPList" minOccurs="0"/>\r
- </sequence>\r
- <attribute ref="S:mustUnderstand" use="required"/>\r
- <attribute ref="S:actor" use="required"/>\r
- <attribute name="ProviderName" type="string" use="optional"/>\r
- <attribute name="IsPassive" type="boolean" use="optional"/>\r
- </complexType>\r
- \r
- <element name="Response" type="ecp:ResponseType"/>\r
- <complexType name="ResponseType">\r
- <attribute ref="S:mustUnderstand" use="required"/>\r
- <attribute ref="S:actor" use="required"/>\r
- <attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/>\r
- </complexType>\r
- \r
- <element name="RelayState" type="ecp:RelayStateType"/>\r
- <complexType name="RelayStateType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute ref="S:mustUnderstand" use="required"/>\r
- <attribute ref="S:actor" use="required"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="saml-schema-protocol-2.0.xsd"/>
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+ <import namespace="http://schemas.xmlsoap.org/soap/envelope/"
+ schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-ecp-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ Custom schema for ECP profile, first published in SAML 2.0.
+ </documentation>
+ </annotation>
+
+ <element name="Request" type="ecp:RequestType"/>
+ <complexType name="RequestType">
+ <sequence>
+ <element ref="saml:Issuer"/>
+ <element ref="samlp:IDPList" minOccurs="0"/>
+ </sequence>
+ <attribute ref="S:mustUnderstand" use="required"/>
+ <attribute ref="S:actor" use="required"/>
+ <attribute name="ProviderName" type="string" use="optional"/>
+ <attribute name="IsPassive" type="boolean" use="optional"/>
+ </complexType>
+
+ <element name="Response" type="ecp:ResponseType"/>
+ <complexType name="ResponseType">
+ <attribute ref="S:mustUnderstand" use="required"/>
+ <attribute ref="S:actor" use="required"/>
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="RelayState" type="ecp:RelayStateType"/>
+ <complexType name="RelayStateType">
+ <simpleContent>
+ <extension base="string">
+ <attribute ref="S:mustUnderstand" use="required"/>
+ <attribute ref="S:actor" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"\r
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"\r
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"\r
- xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <import namespace="http://www.w3.org/2000/09/xmldsig#"\r
- schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>\r
- <import namespace="http://www.w3.org/2001/04/xmlenc#"\r
- schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
- <import namespace="http://www.w3.org/XML/1998/namespace"\r
- schemaLocation="http://www.w3.org/2001/xml.xsd"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-metadata-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- Schema for SAML metadata, first published in SAML 2.0.\r
- </documentation>\r
- </annotation>\r
-\r
- <simpleType name="entityIDType">\r
- <restriction base="anyURI">\r
- <maxLength value="1024"/>\r
- </restriction>\r
- </simpleType>\r
- <complexType name="localizedNameType">\r
- <simpleContent>\r
- <extension base="string">\r
- <attribute ref="xml:lang" use="required"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- <complexType name="localizedURIType">\r
- <simpleContent>\r
- <extension base="anyURI">\r
- <attribute ref="xml:lang" use="required"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
- \r
- <element name="Extensions" type="md:ExtensionsType"/>\r
- <complexType final="#all" name="ExtensionsType">\r
- <sequence>\r
- <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>\r
- </sequence>\r
- </complexType>\r
- \r
- <complexType name="EndpointType">\r
- <sequence>\r
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="Binding" type="anyURI" use="required"/>\r
- <attribute name="Location" type="anyURI" use="required"/>\r
- <attribute name="ResponseLocation" type="anyURI" use="optional"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- \r
- <complexType name="IndexedEndpointType">\r
- <complexContent>\r
- <extension base="md:EndpointType">\r
- <attribute name="index" type="unsignedShort" use="required"/>\r
- <attribute name="isDefault" type="boolean" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- \r
- <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>\r
- <complexType name="EntitiesDescriptorType">\r
- <sequence>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="md:Extensions" minOccurs="0"/>\r
- <choice minOccurs="1" maxOccurs="unbounded">\r
- <element ref="md:EntityDescriptor"/>\r
- <element ref="md:EntitiesDescriptor"/>\r
- </choice>\r
- </sequence>\r
- <attribute name="validUntil" type="dateTime" use="optional"/>\r
- <attribute name="cacheDuration" type="duration" use="optional"/>\r
- <attribute name="ID" type="ID" use="optional"/>\r
- <attribute name="Name" type="string" use="optional"/>\r
- </complexType>\r
-\r
- <element name="EntityDescriptor" type="md:EntityDescriptorType"/>\r
- <complexType name="EntityDescriptorType">\r
- <sequence>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="md:Extensions" minOccurs="0"/>\r
- <choice>\r
- <choice maxOccurs="unbounded">\r
- <element ref="md:RoleDescriptor"/>\r
- <element ref="md:IDPSSODescriptor"/>\r
- <element ref="md:SPSSODescriptor"/>\r
- <element ref="md:AuthnAuthorityDescriptor"/>\r
- <element ref="md:AttributeAuthorityDescriptor"/>\r
- <element ref="md:PDPDescriptor"/>\r
- </choice>\r
- <element ref="md:AffiliationDescriptor"/>\r
- </choice>\r
- <element ref="md:Organization" minOccurs="0"/>\r
- <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="entityID" type="md:entityIDType" use="required"/>\r
- <attribute name="validUntil" type="dateTime" use="optional"/>\r
- <attribute name="cacheDuration" type="duration" use="optional"/>\r
- <attribute name="ID" type="ID" use="optional"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- \r
- <element name="Organization" type="md:OrganizationType"/>\r
- <complexType name="OrganizationType">\r
- <sequence>\r
- <element ref="md:Extensions" minOccurs="0"/>\r
- <element ref="md:OrganizationName" maxOccurs="unbounded"/>\r
- <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>\r
- <element ref="md:OrganizationURL" maxOccurs="unbounded"/>\r
- </sequence>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- <element name="OrganizationName" type="md:localizedNameType"/>\r
- <element name="OrganizationDisplayName" type="md:localizedNameType"/>\r
- <element name="OrganizationURL" type="md:localizedURIType"/>\r
- <element name="ContactPerson" type="md:ContactType"/>\r
- <complexType name="ContactType">\r
- <sequence>\r
- <element ref="md:Extensions" minOccurs="0"/>\r
- <element ref="md:Company" minOccurs="0"/>\r
- <element ref="md:GivenName" minOccurs="0"/>\r
- <element ref="md:SurName" minOccurs="0"/>\r
- <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="contactType" type="md:ContactTypeType" use="required"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- <element name="Company" type="string"/>\r
- <element name="GivenName" type="string"/>\r
- <element name="SurName" type="string"/>\r
- <element name="EmailAddress" type="anyURI"/>\r
- <element name="TelephoneNumber" type="string"/>\r
- <simpleType name="ContactTypeType">\r
- <restriction base="string">\r
- <enumeration value="technical"/>\r
- <enumeration value="support"/>\r
- <enumeration value="administrative"/>\r
- <enumeration value="billing"/>\r
- <enumeration value="other"/>\r
- </restriction>\r
- </simpleType>\r
-\r
- <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>\r
- <complexType name="AdditionalMetadataLocationType">\r
- <simpleContent>\r
- <extension base="anyURI">\r
- <attribute name="namespace" type="anyURI" use="required"/>\r
- </extension>\r
- </simpleContent>\r
- </complexType>\r
-\r
- <element name="RoleDescriptor" type="md:RoleDescriptorType"/>\r
- <complexType name="RoleDescriptorType" abstract="true">\r
- <sequence>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="md:Extensions" minOccurs="0"/>\r
- <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:Organization" minOccurs="0"/>\r
- <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="ID" type="ID" use="optional"/>\r
- <attribute name="validUntil" type="dateTime" use="optional"/>\r
- <attribute name="cacheDuration" type="duration" use="optional"/>\r
- <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>\r
- <attribute name="errorURL" type="anyURI" use="optional"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- <simpleType name="anyURIListType">\r
- <list itemType="anyURI"/>\r
- </simpleType>\r
-\r
- <element name="KeyDescriptor" type="md:KeyDescriptorType"/>\r
- <complexType name="KeyDescriptorType">\r
- <sequence>\r
- <element ref="ds:KeyInfo"/>\r
- <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="use" type="md:KeyTypes" use="optional"/>\r
- </complexType>\r
- <simpleType name="KeyTypes">\r
- <restriction base="string">\r
- <enumeration value="encryption"/>\r
- <enumeration value="signing"/>\r
- </restriction>\r
- </simpleType>\r
- <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>\r
- \r
- <complexType name="SSODescriptorType" abstract="true">\r
- <complexContent>\r
- <extension base="md:RoleDescriptorType">\r
- <sequence>\r
- <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>\r
- <element name="SingleLogoutService" type="md:EndpointType"/>\r
- <element name="ManageNameIDService" type="md:EndpointType"/>\r
- <element name="NameIDFormat" type="anyURI"/>\r
-\r
- <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>\r
- <complexType name="IDPSSODescriptorType">\r
- <complexContent>\r
- <extension base="md:SSODescriptorType">\r
- <sequence>\r
- <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>\r
- <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="SingleSignOnService" type="md:EndpointType"/>\r
- <element name="NameIDMappingService" type="md:EndpointType"/>\r
- <element name="AssertionIDRequestService" type="md:EndpointType"/>\r
- <element name="AttributeProfile" type="anyURI"/>\r
- \r
- <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>\r
- <complexType name="SPSSODescriptorType">\r
- <complexContent>\r
- <extension base="md:SSODescriptorType">\r
- <sequence>\r
- <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>\r
- <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>\r
- <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>\r
- <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>\r
- <complexType name="AttributeConsumingServiceType">\r
- <sequence>\r
- <element ref="md:ServiceName" maxOccurs="unbounded"/>\r
- <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="index" type="unsignedShort" use="required"/>\r
- <attribute name="isDefault" type="boolean" use="optional"/>\r
- </complexType>\r
- <element name="ServiceName" type="md:localizedNameType"/>\r
- <element name="ServiceDescription" type="md:localizedNameType"/>\r
- <element name="RequestedAttribute" type="md:RequestedAttributeType"/>\r
- <complexType name="RequestedAttributeType">\r
- <complexContent>\r
- <extension base="saml:AttributeType">\r
- <attribute name="isRequired" type="boolean" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- \r
- <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>\r
- <complexType name="AuthnAuthorityDescriptorType">\r
- <complexContent>\r
- <extension base="md:RoleDescriptorType">\r
- <sequence>\r
- <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>\r
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthnQueryService" type="md:EndpointType"/>\r
-\r
- <element name="PDPDescriptor" type="md:PDPDescriptorType"/>\r
- <complexType name="PDPDescriptorType">\r
- <complexContent>\r
- <extension base="md:RoleDescriptorType">\r
- <sequence>\r
- <element ref="md:AuthzService" maxOccurs="unbounded"/>\r
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthzService" type="md:EndpointType"/>\r
-\r
- <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>\r
- <complexType name="AttributeAuthorityDescriptorType">\r
- <complexContent>\r
- <extension base="md:RoleDescriptorType">\r
- <sequence>\r
- <element ref="md:AttributeService" maxOccurs="unbounded"/>\r
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>\r
- <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AttributeService" type="md:EndpointType"/>\r
- \r
- <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>\r
- <complexType name="AffiliationDescriptorType">\r
- <sequence>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="md:Extensions" minOccurs="0"/>\r
- <element ref="md:AffiliateMember" maxOccurs="unbounded"/>\r
- <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>\r
- <attribute name="validUntil" type="dateTime" use="optional"/>\r
- <attribute name="cacheDuration" type="duration" use="optional"/>\r
- <attribute name="ID" type="ID" use="optional"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
- </complexType>\r
- <element name="AffiliateMember" type="md:entityIDType"/>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+ <import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-metadata-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ Schema for SAML metadata, first published in SAML 2.0.
+ </documentation>
+ </annotation>
+
+ <simpleType name="entityIDType">
+ <restriction base="anyURI">
+ <maxLength value="1024"/>
+ </restriction>
+ </simpleType>
+ <complexType name="localizedNameType">
+ <simpleContent>
+ <extension base="string">
+ <attribute ref="xml:lang" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <complexType name="localizedURIType">
+ <simpleContent>
+ <extension base="anyURI">
+ <attribute ref="xml:lang" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+ <element name="Extensions" type="md:ExtensionsType"/>
+ <complexType final="#all" name="ExtensionsType">
+ <sequence>
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="EndpointType">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Binding" type="anyURI" use="required"/>
+ <attribute name="Location" type="anyURI" use="required"/>
+ <attribute name="ResponseLocation" type="anyURI" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+
+ <complexType name="IndexedEndpointType">
+ <complexContent>
+ <extension base="md:EndpointType">
+ <attribute name="index" type="unsignedShort" use="required"/>
+ <attribute name="isDefault" type="boolean" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
+ <complexType name="EntitiesDescriptorType">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="md:Extensions" minOccurs="0"/>
+ <choice minOccurs="1" maxOccurs="unbounded">
+ <element ref="md:EntityDescriptor"/>
+ <element ref="md:EntitiesDescriptor"/>
+ </choice>
+ </sequence>
+ <attribute name="validUntil" type="dateTime" use="optional"/>
+ <attribute name="cacheDuration" type="duration" use="optional"/>
+ <attribute name="ID" type="ID" use="optional"/>
+ <attribute name="Name" type="string" use="optional"/>
+ </complexType>
+
+ <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
+ <complexType name="EntityDescriptorType">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="md:Extensions" minOccurs="0"/>
+ <choice>
+ <choice maxOccurs="unbounded">
+ <element ref="md:RoleDescriptor"/>
+ <element ref="md:IDPSSODescriptor"/>
+ <element ref="md:SPSSODescriptor"/>
+ <element ref="md:AuthnAuthorityDescriptor"/>
+ <element ref="md:AttributeAuthorityDescriptor"/>
+ <element ref="md:PDPDescriptor"/>
+ </choice>
+ <element ref="md:AffiliationDescriptor"/>
+ </choice>
+ <element ref="md:Organization" minOccurs="0"/>
+ <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="entityID" type="md:entityIDType" use="required"/>
+ <attribute name="validUntil" type="dateTime" use="optional"/>
+ <attribute name="cacheDuration" type="duration" use="optional"/>
+ <attribute name="ID" type="ID" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+
+ <element name="Organization" type="md:OrganizationType"/>
+ <complexType name="OrganizationType">
+ <sequence>
+ <element ref="md:Extensions" minOccurs="0"/>
+ <element ref="md:OrganizationName" maxOccurs="unbounded"/>
+ <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
+ <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
+ </sequence>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <element name="OrganizationName" type="md:localizedNameType"/>
+ <element name="OrganizationDisplayName" type="md:localizedNameType"/>
+ <element name="OrganizationURL" type="md:localizedURIType"/>
+ <element name="ContactPerson" type="md:ContactType"/>
+ <complexType name="ContactType">
+ <sequence>
+ <element ref="md:Extensions" minOccurs="0"/>
+ <element ref="md:Company" minOccurs="0"/>
+ <element ref="md:GivenName" minOccurs="0"/>
+ <element ref="md:SurName" minOccurs="0"/>
+ <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="contactType" type="md:ContactTypeType" use="required"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <element name="Company" type="string"/>
+ <element name="GivenName" type="string"/>
+ <element name="SurName" type="string"/>
+ <element name="EmailAddress" type="anyURI"/>
+ <element name="TelephoneNumber" type="string"/>
+ <simpleType name="ContactTypeType">
+ <restriction base="string">
+ <enumeration value="technical"/>
+ <enumeration value="support"/>
+ <enumeration value="administrative"/>
+ <enumeration value="billing"/>
+ <enumeration value="other"/>
+ </restriction>
+ </simpleType>
+
+ <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
+ <complexType name="AdditionalMetadataLocationType">
+ <simpleContent>
+ <extension base="anyURI">
+ <attribute name="namespace" type="anyURI" use="required"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+ <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
+ <complexType name="RoleDescriptorType" abstract="true">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="md:Extensions" minOccurs="0"/>
+ <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:Organization" minOccurs="0"/>
+ <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="optional"/>
+ <attribute name="validUntil" type="dateTime" use="optional"/>
+ <attribute name="cacheDuration" type="duration" use="optional"/>
+ <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
+ <attribute name="errorURL" type="anyURI" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <simpleType name="anyURIListType">
+ <list itemType="anyURI"/>
+ </simpleType>
+
+ <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
+ <complexType name="KeyDescriptorType">
+ <sequence>
+ <element ref="ds:KeyInfo"/>
+ <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="use" type="md:KeyTypes" use="optional"/>
+ </complexType>
+ <simpleType name="KeyTypes">
+ <restriction base="string">
+ <enumeration value="encryption"/>
+ <enumeration value="signing"/>
+ </restriction>
+ </simpleType>
+ <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
+
+ <complexType name="SSODescriptorType" abstract="true">
+ <complexContent>
+ <extension base="md:RoleDescriptorType">
+ <sequence>
+ <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
+ <element name="SingleLogoutService" type="md:EndpointType"/>
+ <element name="ManageNameIDService" type="md:EndpointType"/>
+ <element name="NameIDFormat" type="anyURI"/>
+
+ <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
+ <complexType name="IDPSSODescriptorType">
+ <complexContent>
+ <extension base="md:SSODescriptorType">
+ <sequence>
+ <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
+ <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SingleSignOnService" type="md:EndpointType"/>
+ <element name="NameIDMappingService" type="md:EndpointType"/>
+ <element name="AssertionIDRequestService" type="md:EndpointType"/>
+ <element name="AttributeProfile" type="anyURI"/>
+
+ <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
+ <complexType name="SPSSODescriptorType">
+ <complexContent>
+ <extension base="md:SSODescriptorType">
+ <sequence>
+ <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
+ <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
+ <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
+ <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
+ <complexType name="AttributeConsumingServiceType">
+ <sequence>
+ <element ref="md:ServiceName" maxOccurs="unbounded"/>
+ <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="index" type="unsignedShort" use="required"/>
+ <attribute name="isDefault" type="boolean" use="optional"/>
+ </complexType>
+ <element name="ServiceName" type="md:localizedNameType"/>
+ <element name="ServiceDescription" type="md:localizedNameType"/>
+ <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
+ <complexType name="RequestedAttributeType">
+ <complexContent>
+ <extension base="saml:AttributeType">
+ <attribute name="isRequired" type="boolean" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
+ <complexType name="AuthnAuthorityDescriptorType">
+ <complexContent>
+ <extension base="md:RoleDescriptorType">
+ <sequence>
+ <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnQueryService" type="md:EndpointType"/>
+
+ <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
+ <complexType name="PDPDescriptorType">
+ <complexContent>
+ <extension base="md:RoleDescriptorType">
+ <sequence>
+ <element ref="md:AuthzService" maxOccurs="unbounded"/>
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthzService" type="md:EndpointType"/>
+
+ <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
+ <complexType name="AttributeAuthorityDescriptorType">
+ <complexContent>
+ <extension base="md:RoleDescriptorType">
+ <sequence>
+ <element ref="md:AttributeService" maxOccurs="unbounded"/>
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeService" type="md:EndpointType"/>
+
+ <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
+ <complexType name="AffiliationDescriptorType">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="md:Extensions" minOccurs="0"/>
+ <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
+ <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
+ <attribute name="validUntil" type="dateTime" use="optional"/>
+ <attribute name="cacheDuration" type="duration" use="optional"/>
+ <attribute name="ID" type="ID" use="optional"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ <element name="AffiliateMember" type="md:entityIDType"/>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
- <import namespace="http://www.w3.org/2000/09/xmldsig#"\r
- schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-protocol-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V1.0 (November, 2002):\r
- Initial Standard Schema.\r
- V1.1 (September, 2003):\r
- Updates within the same V1.0 namespace.\r
- V2.0 (March, 2005):\r
- New protocol schema based in a SAML V2.0 namespace.\r
- </documentation>\r
- </annotation>\r
- <complexType name="RequestAbstractType" abstract="true">\r
- <sequence>\r
- <element ref="saml:Issuer" minOccurs="0"/>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="samlp:Extensions" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="ID" type="ID" use="required"/>\r
- <attribute name="Version" type="string" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- <attribute name="Destination" type="anyURI" use="optional"/>\r
- <attribute name="Consent" type="anyURI" use="optional"/>\r
- </complexType>\r
- <element name="Extensions" type="samlp:ExtensionsType"/>\r
- <complexType name="ExtensionsType">\r
- <sequence>\r
- <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>\r
- </sequence>\r
- </complexType>\r
- <complexType name="StatusResponseType">\r
- <sequence>\r
- <element ref="saml:Issuer" minOccurs="0"/>\r
- <element ref="ds:Signature" minOccurs="0"/>\r
- <element ref="samlp:Extensions" minOccurs="0"/>\r
- <element ref="samlp:Status"/>\r
- </sequence>\r
- <attribute name="ID" type="ID" use="required"/>\r
- <attribute name="InResponseTo" type="NCName" use="optional"/>\r
- <attribute name="Version" type="string" use="required"/>\r
- <attribute name="IssueInstant" type="dateTime" use="required"/>\r
- <attribute name="Destination" type="anyURI" use="optional"/>\r
- <attribute name="Consent" type="anyURI" use="optional"/>\r
- </complexType>\r
- <element name="Status" type="samlp:StatusType"/>\r
- <complexType name="StatusType">\r
- <sequence>\r
- <element ref="samlp:StatusCode"/>\r
- <element ref="samlp:StatusMessage" minOccurs="0"/>\r
- <element ref="samlp:StatusDetail" minOccurs="0"/>\r
- </sequence>\r
- </complexType>\r
- <element name="StatusCode" type="samlp:StatusCodeType"/>\r
- <complexType name="StatusCodeType">\r
- <sequence>\r
- <element ref="samlp:StatusCode" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Value" type="anyURI" use="required"/>\r
- </complexType>\r
- <element name="StatusMessage" type="string"/>\r
- <element name="StatusDetail" type="samlp:StatusDetailType"/>\r
- <complexType name="StatusDetailType">\r
- <sequence>\r
- <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </complexType>\r
- <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>\r
- <complexType name="AssertionIDRequestType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>\r
- <complexType name="SubjectQueryAbstractType" abstract="true">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <element ref="saml:Subject"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthnQuery" type="samlp:AuthnQueryType"/>\r
- <complexType name="AuthnQueryType">\r
- <complexContent>\r
- <extension base="samlp:SubjectQueryAbstractType">\r
- <sequence>\r
- <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="SessionIndex" type="string" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>\r
- <complexType name="RequestedAuthnContextType">\r
- <choice>\r
- <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>\r
- <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>\r
- </choice>\r
- <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>\r
- </complexType>\r
- <simpleType name="AuthnContextComparisonType">\r
- <restriction base="string">\r
- <enumeration value="exact"/>\r
- <enumeration value="minimum"/>\r
- <enumeration value="maximum"/>\r
- <enumeration value="better"/>\r
- </restriction>\r
- </simpleType>\r
- <element name="AttributeQuery" type="samlp:AttributeQueryType"/>\r
- <complexType name="AttributeQueryType">\r
- <complexContent>\r
- <extension base="samlp:SubjectQueryAbstractType">\r
- <sequence>\r
- <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>\r
- <complexType name="AuthzDecisionQueryType">\r
- <complexContent>\r
- <extension base="samlp:SubjectQueryAbstractType">\r
- <sequence>\r
- <element ref="saml:Action" maxOccurs="unbounded"/>\r
- <element ref="saml:Evidence" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="Resource" type="anyURI" use="required"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="AuthnRequest" type="samlp:AuthnRequestType"/>\r
- <complexType name="AuthnRequestType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <element ref="saml:Subject" minOccurs="0"/>\r
- <element ref="samlp:NameIDPolicy" minOccurs="0"/>\r
- <element ref="saml:Conditions" minOccurs="0"/>\r
- <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>\r
- <element ref="samlp:Scoping" minOccurs="0"/>\r
- </sequence>\r
- <attribute name="ForceAuthn" type="boolean" use="optional"/>\r
- <attribute name="IsPassive" type="boolean" use="optional"/>\r
- <attribute name="ProtocolBinding" type="anyURI" use="optional"/>\r
- <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>\r
- <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>\r
- <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>\r
- <attribute name="ProviderName" type="string" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>\r
- <complexType name="NameIDPolicyType">\r
- <attribute name="Format" type="anyURI" use="optional"/>\r
- <attribute name="SPNameQualifier" type="string" use="optional"/>\r
- <attribute name="AllowCreate" type="boolean" use="optional"/>\r
- </complexType>\r
- <element name="Scoping" type="samlp:ScopingType"/>\r
- <complexType name="ScopingType">\r
- <sequence>\r
- <element ref="samlp:IDPList" minOccurs="0"/>\r
- <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>\r
- </complexType>\r
- <element name="RequesterID" type="anyURI"/>\r
- <element name="IDPList" type="samlp:IDPListType"/>\r
- <complexType name="IDPListType">\r
- <sequence>\r
- <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>\r
- <element ref="samlp:GetComplete" minOccurs="0"/>\r
- </sequence>\r
- </complexType>\r
- <element name="IDPEntry" type="samlp:IDPEntryType"/>\r
- <complexType name="IDPEntryType">\r
- <attribute name="ProviderID" type="anyURI" use="required"/>\r
- <attribute name="Name" type="string" use="optional"/>\r
- <attribute name="Loc" type="anyURI" use="optional"/>\r
- </complexType>\r
- <element name="GetComplete" type="anyURI"/>\r
- <element name="Response" type="samlp:ResponseType"/>\r
- <complexType name="ResponseType">\r
- <complexContent>\r
- <extension base="samlp:StatusResponseType">\r
- <choice minOccurs="0" maxOccurs="unbounded">\r
- <element ref="saml:Assertion"/>\r
- <element ref="saml:EncryptedAssertion"/>\r
- </choice>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>\r
- <complexType name="ArtifactResolveType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <element ref="samlp:Artifact"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Artifact" type="string"/>\r
- <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>\r
- <complexType name="ArtifactResponseType">\r
- <complexContent>\r
- <extension base="samlp:StatusResponseType">\r
- <sequence>\r
- <any namespace="##any" processContents="lax" minOccurs="0"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>\r
- <complexType name="ManageNameIDRequestType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <choice>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- <choice>\r
- <element ref="samlp:NewID"/>\r
- <element ref="samlp:NewEncryptedID"/>\r
- <element ref="samlp:Terminate"/>\r
- </choice>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="NewID" type="string"/>\r
- <element name="NewEncryptedID" type="saml:EncryptedElementType"/>\r
- <element name="Terminate" type="samlp:TerminateType"/>\r
- <complexType name="TerminateType"/>\r
- <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>\r
- <element name="LogoutRequest" type="samlp:LogoutRequestType"/>\r
- <complexType name="LogoutRequestType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <choice>\r
- <element ref="saml:BaseID"/>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="Reason" type="string" use="optional"/>\r
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="SessionIndex" type="string"/>\r
- <element name="LogoutResponse" type="samlp:StatusResponseType"/>\r
- <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>\r
- <complexType name="NameIDMappingRequestType">\r
- <complexContent>\r
- <extension base="samlp:RequestAbstractType">\r
- <sequence>\r
- <choice>\r
- <element ref="saml:BaseID"/>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- <element ref="samlp:NameIDPolicy"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>\r
- <complexType name="NameIDMappingResponseType">\r
- <complexContent>\r
- <extension base="samlp:StatusResponseType">\r
- <choice>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-protocol-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V1.0 (November, 2002):
+ Initial Standard Schema.
+ V1.1 (September, 2003):
+ Updates within the same V1.0 namespace.
+ V2.0 (March, 2005):
+ New protocol schema based in a SAML V2.0 namespace.
+ </documentation>
+ </annotation>
+ <complexType name="RequestAbstractType" abstract="true">
+ <sequence>
+ <element ref="saml:Issuer" minOccurs="0"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="samlp:Extensions" minOccurs="0"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Destination" type="anyURI" use="optional"/>
+ <attribute name="Consent" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Extensions" type="samlp:ExtensionsType"/>
+ <complexType name="ExtensionsType">
+ <sequence>
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <complexType name="StatusResponseType">
+ <sequence>
+ <element ref="saml:Issuer" minOccurs="0"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ <element ref="samlp:Extensions" minOccurs="0"/>
+ <element ref="samlp:Status"/>
+ </sequence>
+ <attribute name="ID" type="ID" use="required"/>
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
+ <attribute name="Version" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Destination" type="anyURI" use="optional"/>
+ <attribute name="Consent" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Status" type="samlp:StatusType"/>
+ <complexType name="StatusType">
+ <sequence>
+ <element ref="samlp:StatusCode"/>
+ <element ref="samlp:StatusMessage" minOccurs="0"/>
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
+ <complexType name="StatusCodeType">
+ <sequence>
+ <element ref="samlp:StatusCode" minOccurs="0"/>
+ </sequence>
+ <attribute name="Value" type="anyURI" use="required"/>
+ </complexType>
+ <element name="StatusMessage" type="string"/>
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
+ <complexType name="StatusDetailType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+ <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
+ <complexType name="AssertionIDRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+ <complexType name="SubjectQueryAbstractType" abstract="true">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
+ <complexType name="AuthnQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+ </sequence>
+ <attribute name="SessionIndex" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
+ <complexType name="RequestedAuthnContextType">
+ <choice>
+ <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
+ <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
+ </choice>
+ <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
+ </complexType>
+ <simpleType name="AuthnContextComparisonType">
+ <restriction base="string">
+ <enumeration value="exact"/>
+ <enumeration value="minimum"/>
+ <enumeration value="maximum"/>
+ <enumeration value="better"/>
+ </restriction>
+ </simpleType>
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+ <complexType name="AttributeQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
+ <complexType name="AuthzDecisionQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
+ <complexType name="AuthnRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="saml:Subject" minOccurs="0"/>
+ <element ref="samlp:NameIDPolicy" minOccurs="0"/>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+ <element ref="samlp:Scoping" minOccurs="0"/>
+ </sequence>
+ <attribute name="ForceAuthn" type="boolean" use="optional"/>
+ <attribute name="IsPassive" type="boolean" use="optional"/>
+ <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
+ <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
+ <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
+ <attribute name="ProviderName" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
+ <complexType name="NameIDPolicyType">
+ <attribute name="Format" type="anyURI" use="optional"/>
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
+ <attribute name="AllowCreate" type="boolean" use="optional"/>
+ </complexType>
+ <element name="Scoping" type="samlp:ScopingType"/>
+ <complexType name="ScopingType">
+ <sequence>
+ <element ref="samlp:IDPList" minOccurs="0"/>
+ <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
+ </complexType>
+ <element name="RequesterID" type="anyURI"/>
+ <element name="IDPList" type="samlp:IDPListType"/>
+ <complexType name="IDPListType">
+ <sequence>
+ <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
+ <element ref="samlp:GetComplete" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="IDPEntry" type="samlp:IDPEntryType"/>
+ <complexType name="IDPEntryType">
+ <attribute name="ProviderID" type="anyURI" use="required"/>
+ <attribute name="Name" type="string" use="optional"/>
+ <attribute name="Loc" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="GetComplete" type="anyURI"/>
+ <element name="Response" type="samlp:ResponseType"/>
+ <complexType name="ResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:Assertion"/>
+ <element ref="saml:EncryptedAssertion"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
+ <complexType name="ArtifactResolveType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <element ref="samlp:Artifact"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Artifact" type="string"/>
+ <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
+ <complexType name="ArtifactResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
+ <complexType name="ManageNameIDRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <choice>
+ <element ref="samlp:NewID"/>
+ <element ref="samlp:NewEncryptedID"/>
+ <element ref="samlp:Terminate"/>
+ </choice>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NewID" type="string"/>
+ <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
+ <element name="Terminate" type="samlp:TerminateType"/>
+ <complexType name="TerminateType"/>
+ <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
+ <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
+ <complexType name="LogoutRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Reason" type="string" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SessionIndex" type="string"/>
+ <element name="LogoutResponse" type="samlp:StatusResponseType"/>
+ <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
+ <complexType name="NameIDMappingRequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <sequence>
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <element ref="samlp:NameIDPolicy"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
+ <complexType name="NameIDMappingResponseType">
+ <complexContent>
+ <extension base="samlp:StatusResponseType">
+ <choice>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-x500-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- Custom schema for X.500 attribute profile, first published in SAML 2.0.\r
- </documentation>\r
- </annotation>\r
- <attribute name="Encoding" type="string"/>\r
-</schema>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-x500-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ Custom schema for X.500 attribute profile, first published in SAML 2.0.
+ </documentation>
+ </annotation>
+ <attribute name="Encoding" type="string"/>
+</schema>
+
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <annotation>\r
- <documentation>\r
- Document identifier: saml-schema-xacml-2.0\r
- Location: http://docs.oasis-open.org/security/saml/v2.0/\r
- Revision history:\r
- V2.0 (March, 2005):\r
- Custom schema for XACML attribute profile, first published in SAML 2.0.\r
- </documentation>\r
- </annotation>\r
- <attribute name="DataType" type="anyURI"/>\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <annotation>
+ <documentation>
+ Document identifier: saml-schema-xacml-2.0
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
+ Revision history:
+ V2.0 (March, 2005):
+ Custom schema for XACML attribute profile, first published in SAML 2.0.
+ </documentation>
+ </annotation>
+ <attribute name="DataType" type="anyURI"/>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema \r
- targetNamespace="urn:oasis:names:tc:SAML:metadata:attribute"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <annotation>\r
- <documentation>\r
- Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema\r
- Document identifier: sstc-metadata-attr.xsd\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- V1.0 (November 2008):\r
- Initial version.\r
- </documentation>\r
- </annotation>\r
-\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
-\r
- <element name="EntityAttributes" type="mdattr:EntityAttributesType"/>\r
- <complexType name="EntityAttributesType">\r
- <choice maxOccurs="unbounded">\r
- <element ref="saml:Attribute"/>\r
- <element ref="saml:Assertion"/>\r
- </choice>\r
- </complexType>\r
-\r
-</schema>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:metadata:attribute"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+
+ <annotation>
+ <documentation>
+ Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema
+ Document identifier: sstc-metadata-attr.xsd
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ V1.0 (November 2008):
+ Initial version.
+ </documentation>
+ </annotation>
+
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+
+ <element name="EntityAttributes" type="mdattr:EntityAttributesType"/>
+ <complexType name="EntityAttributesType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Attribute"/>
+ <element ref="saml:Assertion"/>
+ </choice>
+ </complexType>
+
+</schema>
+
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema \r
- targetNamespace="urn:oasis:names:tc:SAML:attribute:ext"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <annotation>\r
- <documentation>\r
- Document title: SAML V2.0 Attribute Extension Schema\r
- Document identifier: sstc-saml-attribute-ext.xsd\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- V1.0 (October 2008):\r
- Initial version.\r
- </documentation>\r
- </annotation>\r
-\r
- <attribute name="OriginalIssuer" type="anyURI"/>\r
- <attribute name="LastModified" type="dateTime"/>\r
-\r
-</schema>\r
-\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:attribute:ext"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+
+ <annotation>
+ <documentation>
+ Document title: SAML V2.0 Attribute Extension Schema
+ Document identifier: sstc-saml-attribute-ext.xsd
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ V1.0 (October 2008):
+ Initial version.
+ </documentation>
+ </annotation>
+
+ <attribute name="OriginalIssuer" type="anyURI"/>
+ <attribute name="LastModified" type="dateTime"/>
+
+</schema>
+
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:2.0:conditions:delegation"\r
- xmlns:del="urn:oasis:names:tc:SAML:2.0:conditions:delegation"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <annotation>\r
- <documentation>\r
- Document identifier: sstc-saml-delegation\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- V1.0 (February 2009):\r
- Initial version.\r
- </documentation>\r
- </annotation>\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
- <complexType name="DelegationRestrictionType">\r
- <complexContent>\r
- <extension base="saml:ConditionAbstractType">\r
- <sequence>\r
- <element ref="del:Delegate" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
- <element name="Delegate" type="del:DelegateType"/>\r
- <complexType name="DelegateType">\r
- <choice>\r
- <element ref="saml:BaseID"/>\r
- <element ref="saml:NameID"/>\r
- <element ref="saml:EncryptedID"/>\r
- </choice>\r
- <attribute name="DelegationInstant" type="dateTime" use="optional"/>\r
- <attribute name="ConfirmationMethod" type="anyURI" use="optional"/>\r
- </complexType>\r
-</schema>\r
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:conditions:delegation"
+ xmlns:del="urn:oasis:names:tc:SAML:2.0:conditions:delegation"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <annotation>
+ <documentation>
+ Document identifier: sstc-saml-delegation
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ V1.0 (February 2009):
+ Initial version.
+ </documentation>
+ </annotation>
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+ <complexType name="DelegationRestrictionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="del:Delegate" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Delegate" type="del:DelegateType"/>
+ <complexType name="DelegateType">
+ <choice>
+ <element ref="saml:BaseID"/>
+ <element ref="saml:NameID"/>
+ <element ref="saml:EncryptedID"/>
+ </choice>
+ <attribute name="DelegationInstant" type="dateTime" use="optional"/>
+ <attribute name="ConfirmationMethod" type="anyURI" use="optional"/>
+ </complexType>
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-\r
-<schema \r
- targetNamespace="urn:oasis:names:tc:SAML:metadata:ext:query"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"\r
- xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <annotation>\r
- <documentation>\r
- Document title: SAML Metadata Extension Schema for Query Requester\r
- Document identifier: sstc-saml-metadata-ext-query.xsd\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- V1.0 (February 2006):\r
- Initial version.\r
- </documentation>\r
- </annotation>\r
-\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:metadata"\r
- schemaLocation="saml-schema-metadata-2.0.xsd"/>\r
-\r
- <complexType name="QueryDescriptorType" abstract="true">\r
- <complexContent>\r
- <extension base="md:RoleDescriptorType">\r
- <sequence>\r
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
-\r
- <complexType name="AuthnQueryDescriptorType">\r
- <complexContent>\r
- <extension base="query:QueryDescriptorType"/>\r
- </complexContent>\r
- </complexType>\r
-\r
- <complexType name="AttributeQueryDescriptorType">\r
- <complexContent>\r
- <extension base="query:QueryDescriptorType">\r
- <sequence>\r
- <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
-\r
- <element name="ActionNamespace" type="anyURI"/>\r
- \r
- <complexType name="AuthzDecisionQueryDescriptorType">\r
- <complexContent>\r
- <extension base="query:QueryDescriptorType">\r
- <sequence>\r
- <element ref="query:ActionNamespace" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
- </extension>\r
- </complexContent>\r
- </complexType>\r
-\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:metadata:ext:query"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+
+ <annotation>
+ <documentation>
+ Document title: SAML Metadata Extension Schema for Query Requester
+ Document identifier: sstc-saml-metadata-ext-query.xsd
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ V1.0 (February 2006):
+ Initial version.
+ </documentation>
+ </annotation>
+
+ <import namespace="urn:oasis:names:tc:SAML:2.0:metadata"
+ schemaLocation="saml-schema-metadata-2.0.xsd"/>
+
+ <complexType name="QueryDescriptorType" abstract="true">
+ <complexContent>
+ <extension base="md:RoleDescriptorType">
+ <sequence>
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AuthnQueryDescriptorType">
+ <complexContent>
+ <extension base="query:QueryDescriptorType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeQueryDescriptorType">
+ <complexContent>
+ <extension base="query:QueryDescriptorType">
+ <sequence>
+ <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="ActionNamespace" type="anyURI"/>
+
+ <complexType name="AuthzDecisionQueryDescriptorType">
+ <complexContent>
+ <extension base="query:QueryDescriptorType">
+ <sequence>
+ <element ref="query:ActionNamespace" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+</schema>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<schema \r
- targetNamespace="urn:oasis:names:tc:SAML:protocol:ext:third-party"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
-\r
- <annotation>\r
- <documentation>\r
- Document title: SAML Protocol Extension Schema for Third-Party Requests\r
- Document identifier: sstc-saml-protocol-ext-thirdparty.xsd\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- V1.0 (February 2006):\r
- Initial version.\r
- </documentation>\r
- </annotation>\r
-\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
- schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
-\r
- <element name="RespondTo" type="saml:NameIDType"/>\r
- \r
- <attribute name="supportsRespondTo" type="boolean"/>\r
-\r
-</schema>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:protocol:ext:third-party"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+
+ <annotation>
+ <documentation>
+ Document title: SAML Protocol Extension Schema for Third-Party Requests
+ Document identifier: sstc-saml-protocol-ext-thirdparty.xsd
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ V1.0 (February 2006):
+ Initial version.
+ </documentation>
+ </annotation>
+
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
+
+ <element name="RespondTo" type="saml:NameIDType"/>
+
+ <attribute name="supportsRespondTo" type="boolean"/>
+
+</schema>
-<schema\r
- targetNamespace="urn:oasis:names:tc:SAML:profiles:v1metadata"\r
- xmlns:saml1md="urn:oasis:names:tc:SAML:profiles:v1metadata"\r
- xmlns="http://www.w3.org/2001/XMLSchema"\r
- elementFormDefault="unqualified"\r
- attributeFormDefault="unqualified"\r
- blockDefault="substitution"\r
- version="2.0">\r
- <annotation>\r
- <documentation>\r
- Document identifier: sstc-saml1x-metadata\r
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security\r
- Revision history:\r
- V1.0 (July 2006):\r
- Initial version.\r
- </documentation>\r
- </annotation>\r
- <element name="SourceID">\r
- <simpleType>\r
- <restriction base="string">\r
- <pattern value="[a-f0-9]{40}"/>\r
- </restriction>\r
- </simpleType>\r
- </element>\r
-</schema>\r
+<schema
+ targetNamespace="urn:oasis:names:tc:SAML:profiles:v1metadata"
+ xmlns:saml1md="urn:oasis:names:tc:SAML:profiles:v1metadata"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="unqualified"
+ attributeFormDefault="unqualified"
+ blockDefault="substitution"
+ version="2.0">
+ <annotation>
+ <documentation>
+ Document identifier: sstc-saml1x-metadata
+ Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
+ Revision history:
+ V1.0 (July 2006):
+ Initial version.
+ </documentation>
+ </annotation>
+ <element name="SourceID">
+ <simpleType>
+ <restriction base="string">
+ <pattern value="[a-f0-9]{40}"/>
+ </restriction>
+ </simpleType>
+ </element>
+</schema>