Revert "Core: add XML schemas for SAML 2.0"
This reverts commit 5250c2c89e3983189a3c52cd85ad221ff7b6f64b.
This commit is contained in:
parent
21015341e4
commit
90b965e6a3
|
@ -1,283 +0,0 @@
|
|||
<?xml version="1.0" encoding="US-ASCII"?>
|
||||
<schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<import namespace="http://www.w3.org/2000/09/xmldsig#"
|
||||
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
|
||||
<import namespace="http://www.w3.org/2001/04/xmlenc#"
|
||||
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-assertion-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V1.0 (November, 2002):
|
||||
Initial Standard Schema.
|
||||
V1.1 (September, 2003):
|
||||
Updates within the same V1.0 namespace.
|
||||
V2.0 (March, 2005):
|
||||
New assertion schema for SAML V2.0 namespace.
|
||||
</documentation>
|
||||
</annotation>
|
||||
<attributeGroup name="IDNameQualifiers">
|
||||
<attribute name="NameQualifier" type="string" use="optional"/>
|
||||
<attribute name="SPNameQualifier" type="string" use="optional"/>
|
||||
</attributeGroup>
|
||||
<element name="BaseID" type="saml:BaseIDAbstractType"/>
|
||||
<complexType name="BaseIDAbstractType" abstract="true">
|
||||
<attributeGroup ref="saml:IDNameQualifiers"/>
|
||||
</complexType>
|
||||
<element name="NameID" type="saml:NameIDType"/>
|
||||
<complexType name="NameIDType">
|
||||
<simpleContent>
|
||||
<extension base="string">
|
||||
<attributeGroup ref="saml:IDNameQualifiers"/>
|
||||
<attribute name="Format" type="anyURI" use="optional"/>
|
||||
<attribute name="SPProvidedID" type="string" use="optional"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
<complexType name="EncryptedElementType">
|
||||
<sequence>
|
||||
<element ref="xenc:EncryptedData"/>
|
||||
<element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
<element name="EncryptedID" type="saml:EncryptedElementType"/>
|
||||
<element name="Issuer" type="saml:NameIDType"/>
|
||||
<element name="AssertionIDRef" type="NCName"/>
|
||||
<element name="AssertionURIRef" type="anyURI"/>
|
||||
<element name="Assertion" type="saml:AssertionType"/>
|
||||
<complexType name="AssertionType">
|
||||
<sequence>
|
||||
<element ref="saml:Issuer"/>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="saml:Subject" minOccurs="0"/>
|
||||
<element ref="saml:Conditions" minOccurs="0"/>
|
||||
<element ref="saml:Advice" minOccurs="0"/>
|
||||
<choice minOccurs="0" maxOccurs="unbounded">
|
||||
<element ref="saml:Statement"/>
|
||||
<element ref="saml:AuthnStatement"/>
|
||||
<element ref="saml:AuthzDecisionStatement"/>
|
||||
<element ref="saml:AttributeStatement"/>
|
||||
</choice>
|
||||
</sequence>
|
||||
<attribute name="Version" type="string" use="required"/>
|
||||
<attribute name="ID" type="ID" use="required"/>
|
||||
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
||||
</complexType>
|
||||
<element name="Subject" type="saml:SubjectType"/>
|
||||
<complexType name="SubjectType">
|
||||
<choice>
|
||||
<sequence>
|
||||
<choice>
|
||||
<element ref="saml:BaseID"/>
|
||||
<element ref="saml:NameID"/>
|
||||
<element ref="saml:EncryptedID"/>
|
||||
</choice>
|
||||
<element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
|
||||
</choice>
|
||||
</complexType>
|
||||
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
|
||||
<complexType name="SubjectConfirmationType">
|
||||
<sequence>
|
||||
<choice minOccurs="0">
|
||||
<element ref="saml:BaseID"/>
|
||||
<element ref="saml:NameID"/>
|
||||
<element ref="saml:EncryptedID"/>
|
||||
</choice>
|
||||
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="Method" type="anyURI" use="required"/>
|
||||
</complexType>
|
||||
<element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
|
||||
<complexType name="SubjectConfirmationDataType" mixed="true">
|
||||
<complexContent>
|
||||
<restriction base="anyType">
|
||||
<sequence>
|
||||
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="NotBefore" type="dateTime" use="optional"/>
|
||||
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
|
||||
<attribute name="Recipient" type="anyURI" use="optional"/>
|
||||
<attribute name="InResponseTo" type="NCName" use="optional"/>
|
||||
<attribute name="Address" type="string" use="optional"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</restriction>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<complexType name="KeyInfoConfirmationDataType" mixed="false">
|
||||
<complexContent>
|
||||
<restriction base="saml:SubjectConfirmationDataType">
|
||||
<sequence>
|
||||
<element ref="ds:KeyInfo" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</restriction>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="Conditions" type="saml:ConditionsType"/>
|
||||
<complexType name="ConditionsType">
|
||||
<choice minOccurs="0" maxOccurs="unbounded">
|
||||
<element ref="saml:Condition"/>
|
||||
<element ref="saml:AudienceRestriction"/>
|
||||
<element ref="saml:OneTimeUse"/>
|
||||
<element ref="saml:ProxyRestriction"/>
|
||||
</choice>
|
||||
<attribute name="NotBefore" type="dateTime" use="optional"/>
|
||||
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
|
||||
</complexType>
|
||||
<element name="Condition" type="saml:ConditionAbstractType"/>
|
||||
<complexType name="ConditionAbstractType" abstract="true"/>
|
||||
<element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
|
||||
<complexType name="AudienceRestrictionType">
|
||||
<complexContent>
|
||||
<extension base="saml:ConditionAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Audience" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="Audience" type="anyURI"/>
|
||||
<element name="OneTimeUse" type="saml:OneTimeUseType" />
|
||||
<complexType name="OneTimeUseType">
|
||||
<complexContent>
|
||||
<extension base="saml:ConditionAbstractType"/>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
|
||||
<complexType name="ProxyRestrictionType">
|
||||
<complexContent>
|
||||
<extension base="saml:ConditionAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="Count" type="nonNegativeInteger" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="Advice" type="saml:AdviceType"/>
|
||||
<complexType name="AdviceType">
|
||||
<choice minOccurs="0" maxOccurs="unbounded">
|
||||
<element ref="saml:AssertionIDRef"/>
|
||||
<element ref="saml:AssertionURIRef"/>
|
||||
<element ref="saml:Assertion"/>
|
||||
<element ref="saml:EncryptedAssertion"/>
|
||||
<any namespace="##other" processContents="lax"/>
|
||||
</choice>
|
||||
</complexType>
|
||||
<element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
|
||||
<element name="Statement" type="saml:StatementAbstractType"/>
|
||||
<complexType name="StatementAbstractType" abstract="true"/>
|
||||
<element name="AuthnStatement" type="saml:AuthnStatementType"/>
|
||||
<complexType name="AuthnStatementType">
|
||||
<complexContent>
|
||||
<extension base="saml:StatementAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:SubjectLocality" minOccurs="0"/>
|
||||
<element ref="saml:AuthnContext"/>
|
||||
</sequence>
|
||||
<attribute name="AuthnInstant" type="dateTime" use="required"/>
|
||||
<attribute name="SessionIndex" type="string" use="optional"/>
|
||||
<attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
|
||||
<complexType name="SubjectLocalityType">
|
||||
<attribute name="Address" type="string" use="optional"/>
|
||||
<attribute name="DNSName" type="string" use="optional"/>
|
||||
</complexType>
|
||||
<element name="AuthnContext" type="saml:AuthnContextType"/>
|
||||
<complexType name="AuthnContextType">
|
||||
<sequence>
|
||||
<choice>
|
||||
<sequence>
|
||||
<element ref="saml:AuthnContextClassRef"/>
|
||||
<choice minOccurs="0">
|
||||
<element ref="saml:AuthnContextDecl"/>
|
||||
<element ref="saml:AuthnContextDeclRef"/>
|
||||
</choice>
|
||||
</sequence>
|
||||
<choice>
|
||||
<element ref="saml:AuthnContextDecl"/>
|
||||
<element ref="saml:AuthnContextDeclRef"/>
|
||||
</choice>
|
||||
</choice>
|
||||
<element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
<element name="AuthnContextClassRef" type="anyURI"/>
|
||||
<element name="AuthnContextDeclRef" type="anyURI"/>
|
||||
<element name="AuthnContextDecl" type="anyType"/>
|
||||
<element name="AuthenticatingAuthority" type="anyURI"/>
|
||||
<element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
|
||||
<complexType name="AuthzDecisionStatementType">
|
||||
<complexContent>
|
||||
<extension base="saml:StatementAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Action" maxOccurs="unbounded"/>
|
||||
<element ref="saml:Evidence" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="Resource" type="anyURI" use="required"/>
|
||||
<attribute name="Decision" type="saml:DecisionType" use="required"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<simpleType name="DecisionType">
|
||||
<restriction base="string">
|
||||
<enumeration value="Permit"/>
|
||||
<enumeration value="Deny"/>
|
||||
<enumeration value="Indeterminate"/>
|
||||
</restriction>
|
||||
</simpleType>
|
||||
<element name="Action" type="saml:ActionType"/>
|
||||
<complexType name="ActionType">
|
||||
<simpleContent>
|
||||
<extension base="string">
|
||||
<attribute name="Namespace" type="anyURI" use="required"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
<element name="Evidence" type="saml:EvidenceType"/>
|
||||
<complexType name="EvidenceType">
|
||||
<choice maxOccurs="unbounded">
|
||||
<element ref="saml:AssertionIDRef"/>
|
||||
<element ref="saml:AssertionURIRef"/>
|
||||
<element ref="saml:Assertion"/>
|
||||
<element ref="saml:EncryptedAssertion"/>
|
||||
</choice>
|
||||
</complexType>
|
||||
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
|
||||
<complexType name="AttributeStatementType">
|
||||
<complexContent>
|
||||
<extension base="saml:StatementAbstractType">
|
||||
<choice maxOccurs="unbounded">
|
||||
<element ref="saml:Attribute"/>
|
||||
<element ref="saml:EncryptedAttribute"/>
|
||||
</choice>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="Attribute" type="saml:AttributeType"/>
|
||||
<complexType name="AttributeType">
|
||||
<sequence>
|
||||
<element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="Name" type="string" use="required"/>
|
||||
<attribute name="NameFormat" type="anyURI" use="optional"/>
|
||||
<attribute name="FriendlyName" type="string" use="optional"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
<element name="AttributeValue" type="anyType" nillable="true"/>
|
||||
<element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
|
||||
</schema>
|
|
@ -1,23 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<xs:schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Document identifier: saml-schema-authn-context-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New core authentication context schema for SAML V2.0.
|
||||
This is just an include of all types from the schema
|
||||
referred to in the include statement below.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>
|
||||
|
||||
</xs:schema>
|
|
@ -1,81 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
|
||||
Document identifier: saml-schema-authn-context-auth-telephony-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Password"/>
|
||||
<xs:element ref="SubscriberLineNumber"/>
|
||||
<xs:element ref="UserSuffix"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PSTN"/>
|
||||
<xs:element ref="ISDN"/>
|
||||
<xs:element ref="ADSL"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,65 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
|
||||
Document identifier: saml-schema-authn-context-ip-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="IPAddress"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,67 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
|
||||
xmlns:ac="urn:oasis:names:tc:SAML:2.0:ac"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
|
||||
Document identifier: saml-schema-authn-context-ippword-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Password"/>
|
||||
<xs:element ref="IPAddress"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,83 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
|
||||
Document identifier: saml-schema-authn-context-kerberos-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SharedSecretChallengeResponseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SharedSecretChallengeResponseType">
|
||||
<xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,186 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
|
||||
Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="ZeroKnowledge"/>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="MobileNetworkNoEncryption"/>
|
||||
<xs:element ref="MobileNetworkRadioEncryption"/>
|
||||
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="OperationalProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="OperationalProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SecurityAudit"/>
|
||||
<xs:element ref="DeactivationCallCenter"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
<xs:element ref="SecretKeyProtection"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecretKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecretKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyStorageType">
|
||||
<xs:attribute name="medium" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="mediumType">
|
||||
<xs:enumeration value="smartcard"/>
|
||||
<xs:enumeration value="MobileDevice"/>
|
||||
<xs:enumeration value="MobileAuthCard"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecurityAuditType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecurityAuditType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SwitchAudit"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="IdentificationType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="IdentificationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PhysicalVerification"/>
|
||||
<xs:element ref="WrittenConsent"/>
|
||||
<xs:element ref="GoverningAgreements"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="nym">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="nymType">
|
||||
<xs:enumeration value="anonymity"/>
|
||||
<xs:enumeration value="verinymity"/>
|
||||
<xs:enumeration value="pseudonymity"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,183 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered
|
||||
Document identifier: saml-schema-authn-context-mobileonefactor-unreg-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="ZeroKnowledge"/>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="MobileNetworkNoEncryption"/>
|
||||
<xs:element ref="MobileNetworkRadioEncryption"/>
|
||||
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="OperationalProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="OperationalProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SecurityAudit"/>
|
||||
<xs:element ref="DeactivationCallCenter"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
<xs:element ref="SecretKeyProtection"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecretKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecretKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyStorageType">
|
||||
<xs:attribute name="medium" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="mediumType">
|
||||
<xs:enumeration value="MobileDevice"/>
|
||||
<xs:enumeration value="MobileAuthCard"/>
|
||||
<xs:enumeration value="smartcard"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecurityAuditType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecurityAuditType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SwitchAudit"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="IdentificationType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="IdentificationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="GoverningAgreements"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="nym">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="nymType">
|
||||
<xs:enumeration value="anonymity"/>
|
||||
<xs:enumeration value="pseudonymity"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,202 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
|
||||
Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="ZeroKnowledge"/>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
<xs:element ref="ComplexAuthenticator"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ComplexAuthenticatorType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="ComplexAuthenticatorType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Password"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="MobileNetworkNoEncryption"/>
|
||||
<xs:element ref="MobileNetworkRadioEncryption"/>
|
||||
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="OperationalProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="OperationalProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SecurityAudit"/>
|
||||
<xs:element ref="DeactivationCallCenter"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
<xs:element ref="SecretKeyProtection"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation"/>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecretKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecretKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation"/>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyStorageType">
|
||||
<xs:attribute name="medium" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="mediumType">
|
||||
<xs:enumeration value="MobileDevice"/>
|
||||
<xs:enumeration value="MobileAuthCard"/>
|
||||
<xs:enumeration value="smartcard"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecurityAuditType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecurityAuditType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SwitchAudit"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="IdentificationType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="IdentificationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PhysicalVerification"/>
|
||||
<xs:element ref="WrittenConsent"/>
|
||||
<xs:element ref="GoverningAgreements"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="nym">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="nymType">
|
||||
<xs:enumeration value="anonymity"/>
|
||||
<xs:enumeration value="verinymity"/>
|
||||
<xs:enumeration value="pseudonymity"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,200 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered
|
||||
Document identifier: saml-schema-authn-context-mobiletwofactor-unreg-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="ZeroKnowledge"/>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
<xs:element ref="ComplexAuthenticator"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ComplexAuthenticatorType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="ComplexAuthenticatorType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Password"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="MobileNetworkNoEncryption"/>
|
||||
<xs:element ref="MobileNetworkRadioEncryption"/>
|
||||
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="OperationalProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="OperationalProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SecurityAudit"/>
|
||||
<xs:element ref="DeactivationCallCenter"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
<xs:element ref="SecretKeyProtection"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation"/>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecretKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecretKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation"/>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyStorageType">
|
||||
<xs:attribute name="medium" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="mediumType">
|
||||
<xs:enumeration value="MobileDevice"/>
|
||||
<xs:enumeration value="MobileAuthCard"/>
|
||||
<xs:enumeration value="smartcard"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecurityAuditType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SecurityAuditType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SwitchAudit"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="IdentificationType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="IdentificationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="GoverningAgreements"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="nym">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="nymType">
|
||||
<xs:enumeration value="anonymity"/>
|
||||
<xs:enumeration value="pseudonymity"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,81 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony
|
||||
Document identifier: saml-schema-authn-context-nomad-telephony-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Password"/>
|
||||
<xs:element ref="SubscriberLineNumber"/>
|
||||
<xs:element ref="UserSuffix"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PSTN"/>
|
||||
<xs:element ref="ISDN"/>
|
||||
<xs:element ref="ADSL"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,80 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony
|
||||
Document identifier: saml-schema-authn-context-personal-telephony-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SubscriberLineNumber"/>
|
||||
<xs:element ref="UserSuffix"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PSTN"/>
|
||||
<xs:element ref="ISDN"/>
|
||||
<xs:element ref="ADSL"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,83 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PGP
|
||||
Document identifier: saml-schema-authn-context-pgp-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="DigSig"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PublicKeyType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PublicKeyType">
|
||||
<xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,81 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
|
||||
Document identifier: saml-schema-authn-context-ppt-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="MobileNetworkRadioEncryption"/>
|
||||
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
<xs:element ref="IPSec"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,64 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
|
||||
Document identifier: saml-schema-authn-context-pword-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,64 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
|
||||
Document identifier: saml-schema-authn-context-session-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PreviousSession"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,64 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
|
||||
Document identifier: saml-schema-authn-context-smartcard-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Smartcard"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,129 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
|
||||
Document identifier: saml-schema-authn-context-smartcardpki-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
</xs:choice>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Smartcard"/>
|
||||
<xs:element ref="ActivationPin"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation"/>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyActivationType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyActivationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="ActivationPin"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyStorageType">
|
||||
<xs:attribute name="medium" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="mediumType">
|
||||
<xs:enumeration value="smartcard"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,129 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI
|
||||
Document identifier: saml-schema-authn-context-softwarepki-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
</xs:choice>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="ActivationPin"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation"/>
|
||||
<xs:element ref="KeyStorage"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyActivationType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyActivationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="ActivationPin"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="KeyStorageType">
|
||||
<xs:attribute name="medium" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="mediumType">
|
||||
<xs:enumeration value="memory"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,83 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI
|
||||
Document identifier: saml-schema-authn-context-spki-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="DigSig"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PublicKeyType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PublicKeyType">
|
||||
<xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,82 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword
|
||||
Document identifier: saml-schema-authn-context-srp-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SharedSecretChallengeResponseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="SharedSecretChallengeResponseType">
|
||||
<xs:attribute name="method" type="xs:anyURI" fixed="urn:ietf:rfc:2945"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,97 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
|
||||
Document identifier: saml-schema-authn-context-sslcert-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="DigSig"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PublicKeyType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PublicKeyType">
|
||||
<xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,79 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony
|
||||
Document identifier: saml-schema-authn-context-telephony-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SubscriberLineNumber"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element ref="PSTN"/>
|
||||
<xs:element ref="ISDN"/>
|
||||
<xs:element ref="ADSL"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,105 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
|
||||
Document identifier: saml-schema-authn-context-timesync-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Token"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TokenType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TokenType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="TimeSyncToken"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TimeSyncTokenType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="TimeSyncTokenType">
|
||||
<xs:attribute name="DeviceType" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="DeviceTypeType">
|
||||
<xs:enumeration value="hardware"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
|
||||
<xs:attribute name="SeedLength" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:integer">
|
||||
<xs:minInclusive value="64"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
|
||||
<xs:attribute name="DeviceInHand" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="booleanType">
|
||||
<xs:enumeration value="true"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,821 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<xs:schema
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="qualified"
|
||||
version="2.0">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Document identifier: saml-schema-authn-context-types-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New core authentication context schema types for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
A particular assertion on an identity
|
||||
provider's part with respect to the authentication
|
||||
context associated with an authentication assertion.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="Identification" type="IdentificationType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Refers to those characteristics that describe the
|
||||
processes and mechanisms
|
||||
the Authentication Authority uses to initially create
|
||||
an association between a Principal
|
||||
and the identity (or name) by which the Principal will
|
||||
be known
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="PhysicalVerification">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that identification has been
|
||||
performed in a physical
|
||||
face-to-face meeting with the principal and not in an
|
||||
online manner.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
<xs:complexType>
|
||||
<xs:attribute name="credentialLevel">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:NMTOKEN">
|
||||
<xs:enumeration value="primary"/>
|
||||
<xs:enumeration value="secondary"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="WrittenConsent" type="ExtensionOnlyType"/>
|
||||
|
||||
<xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Refers to those characterstics that describe how the
|
||||
'secret' (the knowledge or possession
|
||||
of which allows the Principal to authenticate to the
|
||||
Authentication Authority) is kept secure
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates the types and strengths of
|
||||
facilities
|
||||
of a UA used to protect a shared secret key from
|
||||
unauthorized access and/or use.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates the types and strengths of
|
||||
facilities
|
||||
of a UA used to protect a private key from
|
||||
unauthorized access and/or use.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="KeyActivation" type="KeyActivationType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>The actions that must be performed
|
||||
before the private key can be used. </xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="KeySharing" type="KeySharingType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Whether or not the private key is shared
|
||||
with the certificate authority.</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="KeyStorage" type="KeyStorageType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
In which medium is the key stored.
|
||||
memory - the key is stored in memory.
|
||||
smartcard - the key is stored in a smartcard.
|
||||
token - the key is stored in a hardware token.
|
||||
MobileDevice - the key is stored in a mobile device.
|
||||
MobileAuthCard - the key is stored in a mobile
|
||||
authentication card.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/>
|
||||
<xs:element name="UserSuffix" type="ExtensionOnlyType"/>
|
||||
|
||||
<xs:element name="Password" type="PasswordType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that a password (or passphrase)
|
||||
has been used to
|
||||
authenticate the Principal to a remote system.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ActivationPin" type="ActivationPinType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that a Pin (Personal
|
||||
Identification Number) has been used to authenticate the Principal to
|
||||
some local system in order to activate a key.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="Token" type="TokenType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that a hardware or software
|
||||
token is used
|
||||
as a method of identifying the Principal.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="TimeSyncToken" type="TimeSyncTokenType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that a time synchronization
|
||||
token is used to identify the Principal. hardware -
|
||||
the time synchonization
|
||||
token has been implemented in hardware. software - the
|
||||
time synchronization
|
||||
token has been implemented in software. SeedLength -
|
||||
the length, in bits, of the
|
||||
random seed used in the time synchronization token.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="Smartcard" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that a smartcard is used to
|
||||
identity the Principal.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="Length" type="LengthType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates the minimum and/or maximum
|
||||
ASCII length of the password which is enforced (by the UA or the
|
||||
IdP). In other words, this is the minimum and/or maximum number of
|
||||
ASCII characters required to represent a valid password.
|
||||
min - the minimum number of ASCII characters required
|
||||
in a valid password, as enforced by the UA or the IdP.
|
||||
max - the maximum number of ASCII characters required
|
||||
in a valid password, as enforced by the UA or the IdP.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ActivationLimit" type="ActivationLimitType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates the length of time for which an
|
||||
PIN-based authentication is valid.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="Generation">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Indicates whether the password was chosen by the
|
||||
Principal or auto-supplied by the Authentication Authority.
|
||||
principalchosen - the Principal is allowed to choose
|
||||
the value of the password. This is true even if
|
||||
the initial password is chosen at random by the UA or
|
||||
the IdP and the Principal is then free to change
|
||||
the password.
|
||||
automatic - the password is chosen by the UA or the
|
||||
IdP to be cryptographically strong in some sense,
|
||||
or to satisfy certain password rules, and that the
|
||||
Principal is not free to change it or to choose a new password.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType>
|
||||
<xs:attribute name="mechanism" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:NMTOKEN">
|
||||
<xs:enumeration value="principalchosen"/>
|
||||
<xs:enumeration value="automatic"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="AuthnMethod" type="AuthnMethodBaseType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Refers to those characteristics that define the
|
||||
mechanisms by which the Principal authenticates to the Authentication
|
||||
Authority.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
The method that a Principal employs to perform
|
||||
authentication to local system components.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="Authenticator" type="AuthenticatorBaseType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
The method applied to validate a principal's
|
||||
authentication across a network
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Supports Authenticators with nested combinations of
|
||||
additional complexity.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="PreviousSession" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Indicates that the Principal has been strongly
|
||||
authenticated in a previous session during which the IdP has set a
|
||||
cookie in the UA. During the present session the Principal has only
|
||||
been authenticated by the UA returning the cookie to the IdP.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ResumeSession" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Rather like PreviousSession but using stronger
|
||||
security. A secret that was established in a previous session with
|
||||
the Authentication Authority has been cached by the local system and
|
||||
is now re-used (e.g. a Master Secret is used to derive new session
|
||||
keys in TLS, SSL, WTLS).
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ZeroKnowledge" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Principal has been
|
||||
authenticated by a zero knowledge technique as specified in ISO/IEC
|
||||
9798-5.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/>
|
||||
|
||||
<xs:complexType name="SharedSecretChallengeResponseType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Principal has been
|
||||
authenticated by a challenge-response protocol utilizing shared secret
|
||||
keys and symmetric cryptography.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
<xs:sequence>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="method" type="xs:anyURI" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="DigSig" type="PublicKeyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Principal has been
|
||||
authenticated by a mechanism which involves the Principal computing a
|
||||
digital signature over at least challenge data provided by the IdP.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="AsymmetricDecryption" type="PublicKeyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
The local system has a private key but it is used
|
||||
in decryption mode, rather than signature mode. For example, the
|
||||
Authentication Authority generates a secret and encrypts it using the
|
||||
local system's public key: the local system then proves it has
|
||||
decrypted the secret.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="AsymmetricKeyAgreement" type="PublicKeyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
The local system has a private key and uses it for
|
||||
shared secret key agreement with the Authentication Authority (e.g.
|
||||
via Diffie Helman).
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:complexType name="PublicKeyType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="keyValidation" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="IPAddress" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Principal has been
|
||||
authenticated through connection from a particular IP address.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
The local system and Authentication Authority
|
||||
share a secret key. The local system uses this to encrypt a
|
||||
randomised string to pass to the Authentication Authority.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
The protocol across which Authenticator information is
|
||||
transferred to an Authentication Authority verifier.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="HTTP" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Authenticator has been
|
||||
transmitted using bare HTTP utilizing no additional security
|
||||
protocols.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="IPSec" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Authenticator has been
|
||||
transmitted using a transport mechanism protected by an IPSEC session.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="WTLS" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Authenticator has been
|
||||
transmitted using a transport mechanism protected by a WTLS session.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Authenticator has been
|
||||
transmitted solely across a mobile network using no additional
|
||||
security mechanism.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/>
|
||||
<xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/>
|
||||
|
||||
<xs:element name="SSL" type="ExtensionOnlyType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Authenticator has been
|
||||
transmitted using a transport mechnanism protected by an SSL or TLS
|
||||
session.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="PSTN" type="ExtensionOnlyType"/>
|
||||
<xs:element name="ISDN" type="ExtensionOnlyType"/>
|
||||
<xs:element name="ADSL" type="ExtensionOnlyType"/>
|
||||
|
||||
<xs:element name="OperationalProtection" type="OperationalProtectionType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Refers to those characteristics that describe
|
||||
procedural security controls employed by the Authentication Authority.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="SecurityAudit" type="SecurityAuditType"/>
|
||||
<xs:element name="SwitchAudit" type="ExtensionOnlyType"/>
|
||||
<xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/>
|
||||
|
||||
<xs:element name="GoverningAgreements" type="GoverningAgreementsType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Provides a mechanism for linking to external (likely
|
||||
human readable) documents in which additional business agreements,
|
||||
(e.g. liability constraints, obligations, etc) can be placed.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>
|
||||
|
||||
<xs:simpleType name="nymType">
|
||||
<xs:restriction base="xs:NMTOKEN">
|
||||
<xs:enumeration value="anonymity"/>
|
||||
<xs:enumeration value="verinymity"/>
|
||||
<xs:enumeration value="pseudonymity"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod" minOccurs="0"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="IdentificationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PhysicalVerification" minOccurs="0"/>
|
||||
<xs:element ref="WrittenConsent" minOccurs="0"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="nym" type="nymType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This attribute indicates whether or not the
|
||||
Identification mechanisms allow the actions of the Principal to be
|
||||
linked to an actual end user.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TechnicalProtectionBaseType">
|
||||
<xs:sequence>
|
||||
<xs:choice minOccurs="0">
|
||||
<xs:element ref="PrivateKeyProtection"/>
|
||||
<xs:element ref="SecretKeyProtection"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="OperationalProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SecurityAudit" minOccurs="0"/>
|
||||
<xs:element ref="DeactivationCallCenter" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
||||
<xs:element ref="Authenticator" minOccurs="0"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="GoverningAgreementsType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="GoverningAgreementRefType">
|
||||
<xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Password" minOccurs="0"/>
|
||||
<xs:element ref="RestrictedPassword" minOccurs="0"/>
|
||||
<xs:element ref="Token" minOccurs="0"/>
|
||||
<xs:element ref="Smartcard" minOccurs="0"/>
|
||||
<xs:element ref="ActivationPin" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:group name="AuthenticatorChoiceGroup">
|
||||
<xs:choice>
|
||||
<xs:element ref="PreviousSession"/>
|
||||
<xs:element ref="ResumeSession"/>
|
||||
<xs:element ref="DigSig"/>
|
||||
<xs:element ref="Password"/>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
<xs:element ref="ZeroKnowledge"/>
|
||||
<xs:element ref="SharedSecretChallengeResponse"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
||||
<xs:element ref="IPAddress"/>
|
||||
<xs:element ref="AsymmetricDecryption"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement"/>
|
||||
<xs:element ref="SubscriberLineNumber"/>
|
||||
<xs:element ref="UserSuffix"/>
|
||||
<xs:element ref="ComplexAuthenticator"/>
|
||||
</xs:choice>
|
||||
</xs:group>
|
||||
|
||||
<xs:group name="AuthenticatorSequenceGroup">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PreviousSession" minOccurs="0"/>
|
||||
<xs:element ref="ResumeSession" minOccurs="0"/>
|
||||
<xs:element ref="DigSig" minOccurs="0"/>
|
||||
<xs:element ref="Password" minOccurs="0"/>
|
||||
<xs:element ref="RestrictedPassword" minOccurs="0"/>
|
||||
<xs:element ref="ZeroKnowledge" minOccurs="0"/>
|
||||
<xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/>
|
||||
<xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/>
|
||||
<xs:element ref="IPAddress" minOccurs="0"/>
|
||||
<xs:element ref="AsymmetricDecryption" minOccurs="0"/>
|
||||
<xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/>
|
||||
<xs:element ref="SubscriberLineNumber" minOccurs="0"/>
|
||||
<xs:element ref="UserSuffix" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:group>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:group ref="AuthenticatorChoiceGroup"/>
|
||||
<xs:group ref="AuthenticatorSequenceGroup"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ComplexAuthenticatorType">
|
||||
<xs:sequence>
|
||||
<xs:group ref="AuthenticatorChoiceGroup"/>
|
||||
<xs:group ref="AuthenticatorSequenceGroup"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorTransportProtocolType">
|
||||
<xs:sequence>
|
||||
<xs:choice minOccurs="0">
|
||||
<xs:element ref="HTTP"/>
|
||||
<xs:element ref="SSL"/>
|
||||
<xs:element ref="MobileNetworkNoEncryption"/>
|
||||
<xs:element ref="MobileNetworkRadioEncryption"/>
|
||||
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
||||
<xs:element ref="WTLS"/>
|
||||
<xs:element ref="IPSec"/>
|
||||
<xs:element ref="PSTN"/>
|
||||
<xs:element ref="ISDN"/>
|
||||
<xs:element ref="ADSL"/>
|
||||
</xs:choice>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeyActivationType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="ActivationPin" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="KeySharingType">
|
||||
<xs:attribute name="sharing" type="xs:boolean" use="required"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrivateKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation" minOccurs="0"/>
|
||||
<xs:element ref="KeyStorage" minOccurs="0"/>
|
||||
<xs:element ref="KeySharing" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PasswordType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Length" minOccurs="0"/>
|
||||
<xs:element ref="Alphabet" minOccurs="0"/>
|
||||
<xs:element ref="Generation" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="RestrictedPassword" type="RestrictedPasswordType"/>
|
||||
|
||||
<xs:complexType name="RestrictedPasswordType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PasswordType">
|
||||
<xs:sequence>
|
||||
<xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>
|
||||
<xs:element ref="Generation" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="RestrictedLengthType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="LengthType">
|
||||
<xs:attribute name="min" use="required">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:integer">
|
||||
<xs:minInclusive value="3"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="max" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ActivationPinType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Length" minOccurs="0"/>
|
||||
<xs:element ref="Alphabet" minOccurs="0"/>
|
||||
<xs:element ref="Generation" minOccurs="0"/>
|
||||
<xs:element ref="ActivationLimit" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="Alphabet" type="AlphabetType"/>
|
||||
<xs:complexType name="AlphabetType">
|
||||
<xs:attribute name="requiredChars" type="xs:string" use="required"/>
|
||||
<xs:attribute name="excludedChars" type="xs:string" use="optional"/>
|
||||
<xs:attribute name="case" type="xs:string" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="TokenType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="TimeSyncToken"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="DeviceTypeType">
|
||||
<xs:restriction base="xs:NMTOKEN">
|
||||
<xs:enumeration value="hardware"/>
|
||||
<xs:enumeration value="software"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:simpleType name="booleanType">
|
||||
<xs:restriction base="xs:NMTOKEN">
|
||||
<xs:enumeration value="true"/>
|
||||
<xs:enumeration value="false"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:complexType name="TimeSyncTokenType">
|
||||
<xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/>
|
||||
<xs:attribute name="SeedLength" type="xs:integer" use="required"/>
|
||||
<xs:attribute name="DeviceInHand" type="booleanType" use="required"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ActivationLimitType">
|
||||
<xs:choice>
|
||||
<xs:element ref="ActivationLimitDuration"/>
|
||||
<xs:element ref="ActivationLimitUsages"/>
|
||||
<xs:element ref="ActivationLimitSession"/>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Key Activation Limit is
|
||||
defined as a specific duration of time.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Key Activation Limit is
|
||||
defined as a number of usages.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
This element indicates that the Key Activation Limit is
|
||||
the session.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:element>
|
||||
|
||||
<xs:complexType name="ActivationLimitDurationType">
|
||||
<xs:attribute name="duration" type="xs:duration" use="required"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ActivationLimitUsagesType">
|
||||
<xs:attribute name="number" type="xs:integer" use="required"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ActivationLimitSessionType"/>
|
||||
|
||||
<xs:complexType name="LengthType">
|
||||
<xs:attribute name="min" type="xs:integer" use="required"/>
|
||||
<xs:attribute name="max" type="xs:integer" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="mediumType">
|
||||
<xs:restriction base="xs:NMTOKEN">
|
||||
<xs:enumeration value="memory"/>
|
||||
<xs:enumeration value="smartcard"/>
|
||||
<xs:enumeration value="token"/>
|
||||
<xs:enumeration value="MobileDevice"/>
|
||||
<xs:enumeration value="MobileAuthCard"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:complexType name="KeyStorageType">
|
||||
<xs:attribute name="medium" type="mediumType" use="required"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecretKeyProtectionType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="KeyActivation" minOccurs="0"/>
|
||||
<xs:element ref="KeyStorage" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="SecurityAuditType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="SwitchAudit" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="ExtensionOnlyType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="Extension" type="ExtensionType"/>
|
||||
|
||||
<xs:complexType name="ExtensionType">
|
||||
<xs:sequence>
|
||||
<xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:schema>
|
|
@ -1,83 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:X509
|
||||
Document identifier: saml-schema-authn-context-x509-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="DigSig"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PublicKeyType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PublicKeyType">
|
||||
<xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,83 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
|
||||
finalDefault="extension"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
|
||||
<xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
|
||||
|
||||
<xs:annotation>
|
||||
<xs:documentation>
|
||||
Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig
|
||||
Document identifier: saml-schema-authn-context-xmldsig-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
New authentication context class schema for SAML V2.0.
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
||||
<xs:complexType name="AuthnContextDeclarationBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnContextDeclarationBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="Identification" minOccurs="0"/>
|
||||
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
||||
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
||||
<xs:element ref="AuthnMethod"/>
|
||||
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthnMethodBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthnMethodBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="PrincipalAuthenticationMechanism"/>
|
||||
<xs:element ref="Authenticator"/>
|
||||
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
||||
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PrincipalAuthenticationMechanismType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="RestrictedPassword"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="AuthenticatorBaseType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="AuthenticatorBaseType">
|
||||
<xs:sequence>
|
||||
<xs:element ref="DigSig"/>
|
||||
</xs:sequence>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="PublicKeyType">
|
||||
<xs:complexContent>
|
||||
<xs:restriction base="PublicKeyType">
|
||||
<xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:ietf:rfc:3075"/>
|
||||
</xs:restriction>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:redefine>
|
||||
|
||||
</xs:schema>
|
|
@ -1,29 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
|
||||
xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-dce-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
Custom schema for DCE attribute profile, first published in SAML 2.0.
|
||||
</documentation>
|
||||
</annotation>
|
||||
<complexType name="DCEValueType">
|
||||
<simpleContent>
|
||||
<extension base="anyURI">
|
||||
<attribute ref="dce:Realm" use="optional"/>
|
||||
<attribute ref="dce:FriendlyName" use="optional"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
<attribute name="Realm" type="anyURI"/>
|
||||
<attribute name="FriendlyName" type="string"/>
|
||||
</schema>
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
schemaLocation="saml-schema-protocol-2.0.xsd"/>
|
||||
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
schemaLocation="saml-schema-assertion-2.0.xsd"/>
|
||||
<import namespace="http://schemas.xmlsoap.org/soap/envelope/"
|
||||
schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-ecp-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
Custom schema for ECP profile, first published in SAML 2.0.
|
||||
</documentation>
|
||||
</annotation>
|
||||
|
||||
<element name="Request" type="ecp:RequestType"/>
|
||||
<complexType name="RequestType">
|
||||
<sequence>
|
||||
<element ref="saml:Issuer"/>
|
||||
<element ref="samlp:IDPList" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute ref="S:mustUnderstand" use="required"/>
|
||||
<attribute ref="S:actor" use="required"/>
|
||||
<attribute name="ProviderName" type="string" use="optional"/>
|
||||
<attribute name="IsPassive" type="boolean" use="optional"/>
|
||||
</complexType>
|
||||
|
||||
<element name="Response" type="ecp:ResponseType"/>
|
||||
<complexType name="ResponseType">
|
||||
<attribute ref="S:mustUnderstand" use="required"/>
|
||||
<attribute ref="S:actor" use="required"/>
|
||||
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/>
|
||||
</complexType>
|
||||
|
||||
<element name="RelayState" type="ecp:RelayStateType"/>
|
||||
<complexType name="RelayStateType">
|
||||
<simpleContent>
|
||||
<extension base="string">
|
||||
<attribute ref="S:mustUnderstand" use="required"/>
|
||||
<attribute ref="S:actor" use="required"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
</schema>
|
|
@ -1,337 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<import namespace="http://www.w3.org/2000/09/xmldsig#"
|
||||
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
|
||||
<import namespace="http://www.w3.org/2001/04/xmlenc#"
|
||||
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
|
||||
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
schemaLocation="saml-schema-assertion-2.0.xsd"/>
|
||||
<import namespace="http://www.w3.org/XML/1998/namespace"
|
||||
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-metadata-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
Schema for SAML metadata, first published in SAML 2.0.
|
||||
</documentation>
|
||||
</annotation>
|
||||
|
||||
<simpleType name="entityIDType">
|
||||
<restriction base="anyURI">
|
||||
<maxLength value="1024"/>
|
||||
</restriction>
|
||||
</simpleType>
|
||||
<complexType name="localizedNameType">
|
||||
<simpleContent>
|
||||
<extension base="string">
|
||||
<attribute ref="xml:lang" use="required"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
<complexType name="localizedURIType">
|
||||
<simpleContent>
|
||||
<extension base="anyURI">
|
||||
<attribute ref="xml:lang" use="required"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
|
||||
<element name="Extensions" type="md:ExtensionsType"/>
|
||||
<complexType final="#all" name="ExtensionsType">
|
||||
<sequence>
|
||||
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
|
||||
<complexType name="EndpointType">
|
||||
<sequence>
|
||||
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="Binding" type="anyURI" use="required"/>
|
||||
<attribute name="Location" type="anyURI" use="required"/>
|
||||
<attribute name="ResponseLocation" type="anyURI" use="optional"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
|
||||
<complexType name="IndexedEndpointType">
|
||||
<complexContent>
|
||||
<extension base="md:EndpointType">
|
||||
<attribute name="index" type="unsignedShort" use="required"/>
|
||||
<attribute name="isDefault" type="boolean" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
|
||||
<element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
|
||||
<complexType name="EntitiesDescriptorType">
|
||||
<sequence>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="md:Extensions" minOccurs="0"/>
|
||||
<choice minOccurs="1" maxOccurs="unbounded">
|
||||
<element ref="md:EntityDescriptor"/>
|
||||
<element ref="md:EntitiesDescriptor"/>
|
||||
</choice>
|
||||
</sequence>
|
||||
<attribute name="validUntil" type="dateTime" use="optional"/>
|
||||
<attribute name="cacheDuration" type="duration" use="optional"/>
|
||||
<attribute name="ID" type="ID" use="optional"/>
|
||||
<attribute name="Name" type="string" use="optional"/>
|
||||
</complexType>
|
||||
|
||||
<element name="EntityDescriptor" type="md:EntityDescriptorType"/>
|
||||
<complexType name="EntityDescriptorType">
|
||||
<sequence>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="md:Extensions" minOccurs="0"/>
|
||||
<choice>
|
||||
<choice maxOccurs="unbounded">
|
||||
<element ref="md:RoleDescriptor"/>
|
||||
<element ref="md:IDPSSODescriptor"/>
|
||||
<element ref="md:SPSSODescriptor"/>
|
||||
<element ref="md:AuthnAuthorityDescriptor"/>
|
||||
<element ref="md:AttributeAuthorityDescriptor"/>
|
||||
<element ref="md:PDPDescriptor"/>
|
||||
</choice>
|
||||
<element ref="md:AffiliationDescriptor"/>
|
||||
</choice>
|
||||
<element ref="md:Organization" minOccurs="0"/>
|
||||
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="entityID" type="md:entityIDType" use="required"/>
|
||||
<attribute name="validUntil" type="dateTime" use="optional"/>
|
||||
<attribute name="cacheDuration" type="duration" use="optional"/>
|
||||
<attribute name="ID" type="ID" use="optional"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
|
||||
<element name="Organization" type="md:OrganizationType"/>
|
||||
<complexType name="OrganizationType">
|
||||
<sequence>
|
||||
<element ref="md:Extensions" minOccurs="0"/>
|
||||
<element ref="md:OrganizationName" maxOccurs="unbounded"/>
|
||||
<element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
|
||||
<element ref="md:OrganizationURL" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
<element name="OrganizationName" type="md:localizedNameType"/>
|
||||
<element name="OrganizationDisplayName" type="md:localizedNameType"/>
|
||||
<element name="OrganizationURL" type="md:localizedURIType"/>
|
||||
<element name="ContactPerson" type="md:ContactType"/>
|
||||
<complexType name="ContactType">
|
||||
<sequence>
|
||||
<element ref="md:Extensions" minOccurs="0"/>
|
||||
<element ref="md:Company" minOccurs="0"/>
|
||||
<element ref="md:GivenName" minOccurs="0"/>
|
||||
<element ref="md:SurName" minOccurs="0"/>
|
||||
<element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="contactType" type="md:ContactTypeType" use="required"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
<element name="Company" type="string"/>
|
||||
<element name="GivenName" type="string"/>
|
||||
<element name="SurName" type="string"/>
|
||||
<element name="EmailAddress" type="anyURI"/>
|
||||
<element name="TelephoneNumber" type="string"/>
|
||||
<simpleType name="ContactTypeType">
|
||||
<restriction base="string">
|
||||
<enumeration value="technical"/>
|
||||
<enumeration value="support"/>
|
||||
<enumeration value="administrative"/>
|
||||
<enumeration value="billing"/>
|
||||
<enumeration value="other"/>
|
||||
</restriction>
|
||||
</simpleType>
|
||||
|
||||
<element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
|
||||
<complexType name="AdditionalMetadataLocationType">
|
||||
<simpleContent>
|
||||
<extension base="anyURI">
|
||||
<attribute name="namespace" type="anyURI" use="required"/>
|
||||
</extension>
|
||||
</simpleContent>
|
||||
</complexType>
|
||||
|
||||
<element name="RoleDescriptor" type="md:RoleDescriptorType"/>
|
||||
<complexType name="RoleDescriptorType" abstract="true">
|
||||
<sequence>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="md:Extensions" minOccurs="0"/>
|
||||
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:Organization" minOccurs="0"/>
|
||||
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="ID" type="ID" use="optional"/>
|
||||
<attribute name="validUntil" type="dateTime" use="optional"/>
|
||||
<attribute name="cacheDuration" type="duration" use="optional"/>
|
||||
<attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
|
||||
<attribute name="errorURL" type="anyURI" use="optional"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
<simpleType name="anyURIListType">
|
||||
<list itemType="anyURI"/>
|
||||
</simpleType>
|
||||
|
||||
<element name="KeyDescriptor" type="md:KeyDescriptorType"/>
|
||||
<complexType name="KeyDescriptorType">
|
||||
<sequence>
|
||||
<element ref="ds:KeyInfo"/>
|
||||
<element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="use" type="md:KeyTypes" use="optional"/>
|
||||
</complexType>
|
||||
<simpleType name="KeyTypes">
|
||||
<restriction base="string">
|
||||
<enumeration value="encryption"/>
|
||||
<enumeration value="signing"/>
|
||||
</restriction>
|
||||
</simpleType>
|
||||
<element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
|
||||
|
||||
<complexType name="SSODescriptorType" abstract="true">
|
||||
<complexContent>
|
||||
<extension base="md:RoleDescriptorType">
|
||||
<sequence>
|
||||
<element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
|
||||
<element name="SingleLogoutService" type="md:EndpointType"/>
|
||||
<element name="ManageNameIDService" type="md:EndpointType"/>
|
||||
<element name="NameIDFormat" type="anyURI"/>
|
||||
|
||||
<element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
|
||||
<complexType name="IDPSSODescriptorType">
|
||||
<complexContent>
|
||||
<extension base="md:SSODescriptorType">
|
||||
<sequence>
|
||||
<element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
|
||||
<element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="SingleSignOnService" type="md:EndpointType"/>
|
||||
<element name="NameIDMappingService" type="md:EndpointType"/>
|
||||
<element name="AssertionIDRequestService" type="md:EndpointType"/>
|
||||
<element name="AttributeProfile" type="anyURI"/>
|
||||
|
||||
<element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
|
||||
<complexType name="SPSSODescriptorType">
|
||||
<complexContent>
|
||||
<extension base="md:SSODescriptorType">
|
||||
<sequence>
|
||||
<element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
|
||||
<element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
|
||||
<attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
|
||||
<element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
|
||||
<complexType name="AttributeConsumingServiceType">
|
||||
<sequence>
|
||||
<element ref="md:ServiceName" maxOccurs="unbounded"/>
|
||||
<element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="index" type="unsignedShort" use="required"/>
|
||||
<attribute name="isDefault" type="boolean" use="optional"/>
|
||||
</complexType>
|
||||
<element name="ServiceName" type="md:localizedNameType"/>
|
||||
<element name="ServiceDescription" type="md:localizedNameType"/>
|
||||
<element name="RequestedAttribute" type="md:RequestedAttributeType"/>
|
||||
<complexType name="RequestedAttributeType">
|
||||
<complexContent>
|
||||
<extension base="saml:AttributeType">
|
||||
<attribute name="isRequired" type="boolean" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
|
||||
<element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
|
||||
<complexType name="AuthnAuthorityDescriptorType">
|
||||
<complexContent>
|
||||
<extension base="md:RoleDescriptorType">
|
||||
<sequence>
|
||||
<element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
|
||||
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AuthnQueryService" type="md:EndpointType"/>
|
||||
|
||||
<element name="PDPDescriptor" type="md:PDPDescriptorType"/>
|
||||
<complexType name="PDPDescriptorType">
|
||||
<complexContent>
|
||||
<extension base="md:RoleDescriptorType">
|
||||
<sequence>
|
||||
<element ref="md:AuthzService" maxOccurs="unbounded"/>
|
||||
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AuthzService" type="md:EndpointType"/>
|
||||
|
||||
<element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
|
||||
<complexType name="AttributeAuthorityDescriptorType">
|
||||
<complexContent>
|
||||
<extension base="md:RoleDescriptorType">
|
||||
<sequence>
|
||||
<element ref="md:AttributeService" maxOccurs="unbounded"/>
|
||||
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AttributeService" type="md:EndpointType"/>
|
||||
|
||||
<element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
|
||||
<complexType name="AffiliationDescriptorType">
|
||||
<sequence>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="md:Extensions" minOccurs="0"/>
|
||||
<element ref="md:AffiliateMember" maxOccurs="unbounded"/>
|
||||
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
|
||||
<attribute name="validUntil" type="dateTime" use="optional"/>
|
||||
<attribute name="cacheDuration" type="duration" use="optional"/>
|
||||
<attribute name="ID" type="ID" use="optional"/>
|
||||
<anyAttribute namespace="##other" processContents="lax"/>
|
||||
</complexType>
|
||||
<element name="AffiliateMember" type="md:entityIDType"/>
|
||||
</schema>
|
|
@ -1,302 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
schemaLocation="saml-schema-assertion-2.0.xsd"/>
|
||||
<import namespace="http://www.w3.org/2000/09/xmldsig#"
|
||||
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-protocol-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V1.0 (November, 2002):
|
||||
Initial Standard Schema.
|
||||
V1.1 (September, 2003):
|
||||
Updates within the same V1.0 namespace.
|
||||
V2.0 (March, 2005):
|
||||
New protocol schema based in a SAML V2.0 namespace.
|
||||
</documentation>
|
||||
</annotation>
|
||||
<complexType name="RequestAbstractType" abstract="true">
|
||||
<sequence>
|
||||
<element ref="saml:Issuer" minOccurs="0"/>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="samlp:Extensions" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="ID" type="ID" use="required"/>
|
||||
<attribute name="Version" type="string" use="required"/>
|
||||
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
||||
<attribute name="Destination" type="anyURI" use="optional"/>
|
||||
<attribute name="Consent" type="anyURI" use="optional"/>
|
||||
</complexType>
|
||||
<element name="Extensions" type="samlp:ExtensionsType"/>
|
||||
<complexType name="ExtensionsType">
|
||||
<sequence>
|
||||
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
<complexType name="StatusResponseType">
|
||||
<sequence>
|
||||
<element ref="saml:Issuer" minOccurs="0"/>
|
||||
<element ref="ds:Signature" minOccurs="0"/>
|
||||
<element ref="samlp:Extensions" minOccurs="0"/>
|
||||
<element ref="samlp:Status"/>
|
||||
</sequence>
|
||||
<attribute name="ID" type="ID" use="required"/>
|
||||
<attribute name="InResponseTo" type="NCName" use="optional"/>
|
||||
<attribute name="Version" type="string" use="required"/>
|
||||
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
||||
<attribute name="Destination" type="anyURI" use="optional"/>
|
||||
<attribute name="Consent" type="anyURI" use="optional"/>
|
||||
</complexType>
|
||||
<element name="Status" type="samlp:StatusType"/>
|
||||
<complexType name="StatusType">
|
||||
<sequence>
|
||||
<element ref="samlp:StatusCode"/>
|
||||
<element ref="samlp:StatusMessage" minOccurs="0"/>
|
||||
<element ref="samlp:StatusDetail" minOccurs="0"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
<element name="StatusCode" type="samlp:StatusCodeType"/>
|
||||
<complexType name="StatusCodeType">
|
||||
<sequence>
|
||||
<element ref="samlp:StatusCode" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="Value" type="anyURI" use="required"/>
|
||||
</complexType>
|
||||
<element name="StatusMessage" type="string"/>
|
||||
<element name="StatusDetail" type="samlp:StatusDetailType"/>
|
||||
<complexType name="StatusDetailType">
|
||||
<sequence>
|
||||
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
|
||||
<complexType name="AssertionIDRequestType">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
|
||||
<complexType name="SubjectQueryAbstractType" abstract="true">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Subject"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
|
||||
<complexType name="AuthnQueryType">
|
||||
<complexContent>
|
||||
<extension base="samlp:SubjectQueryAbstractType">
|
||||
<sequence>
|
||||
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="SessionIndex" type="string" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
|
||||
<complexType name="RequestedAuthnContextType">
|
||||
<choice>
|
||||
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
|
||||
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
|
||||
</choice>
|
||||
<attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
|
||||
</complexType>
|
||||
<simpleType name="AuthnContextComparisonType">
|
||||
<restriction base="string">
|
||||
<enumeration value="exact"/>
|
||||
<enumeration value="minimum"/>
|
||||
<enumeration value="maximum"/>
|
||||
<enumeration value="better"/>
|
||||
</restriction>
|
||||
</simpleType>
|
||||
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
|
||||
<complexType name="AttributeQueryType">
|
||||
<complexContent>
|
||||
<extension base="samlp:SubjectQueryAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
|
||||
<complexType name="AuthzDecisionQueryType">
|
||||
<complexContent>
|
||||
<extension base="samlp:SubjectQueryAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Action" maxOccurs="unbounded"/>
|
||||
<element ref="saml:Evidence" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="Resource" type="anyURI" use="required"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
|
||||
<complexType name="AuthnRequestType">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<element ref="saml:Subject" minOccurs="0"/>
|
||||
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
|
||||
<element ref="saml:Conditions" minOccurs="0"/>
|
||||
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
|
||||
<element ref="samlp:Scoping" minOccurs="0"/>
|
||||
</sequence>
|
||||
<attribute name="ForceAuthn" type="boolean" use="optional"/>
|
||||
<attribute name="IsPassive" type="boolean" use="optional"/>
|
||||
<attribute name="ProtocolBinding" type="anyURI" use="optional"/>
|
||||
<attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
|
||||
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
|
||||
<attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
|
||||
<attribute name="ProviderName" type="string" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
|
||||
<complexType name="NameIDPolicyType">
|
||||
<attribute name="Format" type="anyURI" use="optional"/>
|
||||
<attribute name="SPNameQualifier" type="string" use="optional"/>
|
||||
<attribute name="AllowCreate" type="boolean" use="optional"/>
|
||||
</complexType>
|
||||
<element name="Scoping" type="samlp:ScopingType"/>
|
||||
<complexType name="ScopingType">
|
||||
<sequence>
|
||||
<element ref="samlp:IDPList" minOccurs="0"/>
|
||||
<element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
|
||||
</complexType>
|
||||
<element name="RequesterID" type="anyURI"/>
|
||||
<element name="IDPList" type="samlp:IDPListType"/>
|
||||
<complexType name="IDPListType">
|
||||
<sequence>
|
||||
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
|
||||
<element ref="samlp:GetComplete" minOccurs="0"/>
|
||||
</sequence>
|
||||
</complexType>
|
||||
<element name="IDPEntry" type="samlp:IDPEntryType"/>
|
||||
<complexType name="IDPEntryType">
|
||||
<attribute name="ProviderID" type="anyURI" use="required"/>
|
||||
<attribute name="Name" type="string" use="optional"/>
|
||||
<attribute name="Loc" type="anyURI" use="optional"/>
|
||||
</complexType>
|
||||
<element name="GetComplete" type="anyURI"/>
|
||||
<element name="Response" type="samlp:ResponseType"/>
|
||||
<complexType name="ResponseType">
|
||||
<complexContent>
|
||||
<extension base="samlp:StatusResponseType">
|
||||
<choice minOccurs="0" maxOccurs="unbounded">
|
||||
<element ref="saml:Assertion"/>
|
||||
<element ref="saml:EncryptedAssertion"/>
|
||||
</choice>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
|
||||
<complexType name="ArtifactResolveType">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<element ref="samlp:Artifact"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="Artifact" type="string"/>
|
||||
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
|
||||
<complexType name="ArtifactResponseType">
|
||||
<complexContent>
|
||||
<extension base="samlp:StatusResponseType">
|
||||
<sequence>
|
||||
<any namespace="##any" processContents="lax" minOccurs="0"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
|
||||
<complexType name="ManageNameIDRequestType">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<choice>
|
||||
<element ref="saml:NameID"/>
|
||||
<element ref="saml:EncryptedID"/>
|
||||
</choice>
|
||||
<choice>
|
||||
<element ref="samlp:NewID"/>
|
||||
<element ref="samlp:NewEncryptedID"/>
|
||||
<element ref="samlp:Terminate"/>
|
||||
</choice>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="NewID" type="string"/>
|
||||
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
|
||||
<element name="Terminate" type="samlp:TerminateType"/>
|
||||
<complexType name="TerminateType"/>
|
||||
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
|
||||
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
|
||||
<complexType name="LogoutRequestType">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<choice>
|
||||
<element ref="saml:BaseID"/>
|
||||
<element ref="saml:NameID"/>
|
||||
<element ref="saml:EncryptedID"/>
|
||||
</choice>
|
||||
<element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
|
||||
</sequence>
|
||||
<attribute name="Reason" type="string" use="optional"/>
|
||||
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="SessionIndex" type="string"/>
|
||||
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
|
||||
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
|
||||
<complexType name="NameIDMappingRequestType">
|
||||
<complexContent>
|
||||
<extension base="samlp:RequestAbstractType">
|
||||
<sequence>
|
||||
<choice>
|
||||
<element ref="saml:BaseID"/>
|
||||
<element ref="saml:NameID"/>
|
||||
<element ref="saml:EncryptedID"/>
|
||||
</choice>
|
||||
<element ref="samlp:NameIDPolicy"/>
|
||||
</sequence>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
|
||||
<complexType name="NameIDMappingResponseType">
|
||||
<complexContent>
|
||||
<extension base="samlp:StatusResponseType">
|
||||
<choice>
|
||||
<element ref="saml:NameID"/>
|
||||
<element ref="saml:EncryptedID"/>
|
||||
</choice>
|
||||
</extension>
|
||||
</complexContent>
|
||||
</complexType>
|
||||
</schema>
|
|
@ -1,20 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-x500-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
Custom schema for X.500 attribute profile, first published in SAML 2.0.
|
||||
</documentation>
|
||||
</annotation>
|
||||
<attribute name="Encoding" type="string"/>
|
||||
</schema>
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<schema
|
||||
targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
|
||||
xmlns="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="unqualified"
|
||||
attributeFormDefault="unqualified"
|
||||
blockDefault="substitution"
|
||||
version="2.0">
|
||||
<annotation>
|
||||
<documentation>
|
||||
Document identifier: saml-schema-xacml-2.0
|
||||
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
||||
Revision history:
|
||||
V2.0 (March, 2005):
|
||||
Custom schema for XACML attribute profile, first published in SAML 2.0.
|
||||
</documentation>
|
||||
</annotation>
|
||||
<attribute name="DataType" type="anyURI"/>
|
||||
</schema>
|
Loading…
Reference in New Issue