From 1ebebb45490337e381bcae637b6af253a8d3f006 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Pe=CC=81rez?= <jaime.perez@uninett.no> Date: Wed, 30 Nov 2016 10:31:50 +0100 Subject: [PATCH] Change the schemas to use LF for line endings instead of CRLF. This resolves #523. --- .../oasis-sstc-saml-schema-assertion-1.1.xsd | 402 ++-- .../oasis-sstc-saml-schema-protocol-1.1.xsd | 264 +-- schemas/saml-schema-assertion-2.0.xsd | 566 +++--- schemas/saml-schema-authn-context-2.0.xsd | 44 +- ...chema-authn-context-auth-telephony-2.0.xsd | 160 +- schemas/saml-schema-authn-context-ip-2.0.xsd | 128 +- .../saml-schema-authn-context-ippword-2.0.xsd | 134 +- ...saml-schema-authn-context-kerberos-2.0.xsd | 164 +- ...-authn-context-mobileonefactor-reg-2.0.xsd | 372 ++-- ...uthn-context-mobileonefactor-unreg-2.0.xsd | 366 ++-- ...-authn-context-mobiletwofactor-reg-2.0.xsd | 404 ++-- ...uthn-context-mobiletwofactor-unreg-2.0.xsd | 400 ++-- ...hema-authn-context-nomad-telephony-2.0.xsd | 160 +- ...a-authn-context-personal-telephony-2.0.xsd | 160 +- schemas/saml-schema-authn-context-pgp-2.0.xsd | 164 +- schemas/saml-schema-authn-context-ppt-2.0.xsd | 160 +- .../saml-schema-authn-context-pword-2.0.xsd | 126 +- .../saml-schema-authn-context-session-2.0.xsd | 126 +- ...aml-schema-authn-context-smartcard-2.0.xsd | 126 +- ...-schema-authn-context-smartcardpki-2.0.xsd | 258 +-- ...l-schema-authn-context-softwarepki-2.0.xsd | 258 +-- .../saml-schema-authn-context-spki-2.0.xsd | 164 +- schemas/saml-schema-authn-context-srp-2.0.xsd | 164 +- .../saml-schema-authn-context-sslcert-2.0.xsd | 194 +- ...aml-schema-authn-context-telephony-2.0.xsd | 156 +- ...saml-schema-authn-context-timesync-2.0.xsd | 210 +-- .../saml-schema-authn-context-types-2.0.xsd | 1642 ++++++++--------- .../saml-schema-authn-context-x509-2.0.xsd | 166 +- .../saml-schema-authn-context-xmldsig-2.0.xsd | 166 +- schemas/saml-schema-dce-2.0.xsd | 58 +- schemas/saml-schema-ecp-2.0.xsd | 114 +- schemas/saml-schema-metadata-2.0.xsd | 674 +++---- schemas/saml-schema-protocol-2.0.xsd | 604 +++--- schemas/saml-schema-x500-2.0.xsd | 40 +- schemas/saml-schema-xacml-2.0.xsd | 38 +- 35 files changed, 4666 insertions(+), 4666 deletions(-) diff --git a/schemas/oasis-sstc-saml-schema-assertion-1.1.xsd b/schemas/oasis-sstc-saml-schema-assertion-1.1.xsd index 4cc2bf338..dee3a3e26 100644 --- a/schemas/oasis-sstc-saml-schema-assertion-1.1.xsd +++ b/schemas/oasis-sstc-saml-schema-assertion-1.1.xsd @@ -1,201 +1,201 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1"> - <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> - <annotation> - <documentation> - Document identifier: oasis-sstc-saml-schema-assertion-1.1 - Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security - Revision history: - V1.0 (November, 2002): - Initial standard schema. - V1.1 (September, 2003): - * Note that V1.1 of this schema has the same XML namespace as V1.0. - Rebased ID content directly on XML Schema types - Added DoNotCacheCondition element and DoNotCacheConditionType - </documentation> - </annotation> - <simpleType name="DecisionType"> - <restriction base="string"> - <enumeration value="Permit"/> - <enumeration value="Deny"/> - <enumeration value="Indeterminate"/> - </restriction> - </simpleType> - <element name="AssertionIDReference" type="NCName"/> - <element name="Assertion" type="saml:AssertionType"/> - <complexType name="AssertionType"> - <sequence> - <element ref="saml:Conditions" minOccurs="0"/> - <element ref="saml:Advice" minOccurs="0"/> - <choice maxOccurs="unbounded"> - <element ref="saml:Statement"/> - <element ref="saml:SubjectStatement"/> - <element ref="saml:AuthenticationStatement"/> - <element ref="saml:AuthorizationDecisionStatement"/> - <element ref="saml:AttributeStatement"/> - </choice> - <element ref="ds:Signature" minOccurs="0"/> - </sequence> - <attribute name="MajorVersion" type="integer" use="required"/> - <attribute name="MinorVersion" type="integer" use="required"/> - <attribute name="AssertionID" type="ID" use="required"/> - <attribute name="Issuer" type="string" use="required"/> - <attribute name="IssueInstant" type="dateTime" use="required"/> - </complexType> - <element name="Conditions" type="saml:ConditionsType"/> - <complexType name="ConditionsType"> - <choice minOccurs="0" maxOccurs="unbounded"> - <element ref="saml:AudienceRestrictionCondition"/> - <element ref="saml:DoNotCacheCondition"/> - <element ref="saml:Condition"/> - </choice> - <attribute name="NotBefore" type="dateTime" use="optional"/> - <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> - </complexType> - <element name="Condition" type="saml:ConditionAbstractType"/> - <complexType name="ConditionAbstractType" abstract="true"/> - <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/> - <complexType name="AudienceRestrictionConditionType"> - <complexContent> - <extension base="saml:ConditionAbstractType"> - <sequence> - <element ref="saml:Audience" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="Audience" type="anyURI"/> - <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType"/> - <complexType name="DoNotCacheConditionType"> - <complexContent> - <extension base="saml:ConditionAbstractType"/> - </complexContent> - </complexType> - <element name="Advice" type="saml:AdviceType"/> - <complexType name="AdviceType"> - <choice minOccurs="0" maxOccurs="unbounded"> - <element ref="saml:AssertionIDReference"/> - <element ref="saml:Assertion"/> - <any namespace="##other" processContents="lax"/> - </choice> - </complexType> - <element name="Statement" type="saml:StatementAbstractType"/> - <complexType name="StatementAbstractType" abstract="true"/> - <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/> - <complexType name="SubjectStatementAbstractType" abstract="true"> - <complexContent> - <extension base="saml:StatementAbstractType"> - <sequence> - <element ref="saml:Subject"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="Subject" type="saml:SubjectType"/> - <complexType name="SubjectType"> - <choice> - <sequence> - <element ref="saml:NameIdentifier"/> - <element ref="saml:SubjectConfirmation" minOccurs="0"/> - </sequence> - <element ref="saml:SubjectConfirmation"/> - </choice> - </complexType> - <element name="NameIdentifier" type="saml:NameIdentifierType"/> - <complexType name="NameIdentifierType"> - <simpleContent> - <extension base="string"> - <attribute name="NameQualifier" type="string" use="optional"/> - <attribute name="Format" type="anyURI" use="optional"/> - </extension> - </simpleContent> - </complexType> - <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/> - <complexType name="SubjectConfirmationType"> - <sequence> - <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/> - <element ref="saml:SubjectConfirmationData" minOccurs="0"/> - <element ref="ds:KeyInfo" minOccurs="0"/> - </sequence> - </complexType> - <element name="SubjectConfirmationData" type="anyType"/> - <element name="ConfirmationMethod" type="anyURI"/> - <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/> - <complexType name="AuthenticationStatementType"> - <complexContent> - <extension base="saml:SubjectStatementAbstractType"> - <sequence> - <element ref="saml:SubjectLocality" minOccurs="0"/> - <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="AuthenticationMethod" type="anyURI" use="required"/> - <attribute name="AuthenticationInstant" type="dateTime" use="required"/> - </extension> - </complexContent> - </complexType> - <element name="SubjectLocality" type="saml:SubjectLocalityType"/> - <complexType name="SubjectLocalityType"> - <attribute name="IPAddress" type="string" use="optional"/> - <attribute name="DNSAddress" type="string" use="optional"/> - </complexType> - <element name="AuthorityBinding" type="saml:AuthorityBindingType"/> - <complexType name="AuthorityBindingType"> - <attribute name="AuthorityKind" type="QName" use="required"/> - <attribute name="Location" type="anyURI" use="required"/> - <attribute name="Binding" type="anyURI" use="required"/> - </complexType> - <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/> - <complexType name="AuthorizationDecisionStatementType"> - <complexContent> - <extension base="saml:SubjectStatementAbstractType"> - <sequence> - <element ref="saml:Action" maxOccurs="unbounded"/> - <element ref="saml:Evidence" minOccurs="0"/> - </sequence> - <attribute name="Resource" type="anyURI" use="required"/> - <attribute name="Decision" type="saml:DecisionType" use="required"/> - </extension> - </complexContent> - </complexType> - <element name="Action" type="saml:ActionType"/> - <complexType name="ActionType"> - <simpleContent> - <extension base="string"> - <attribute name="Namespace" type="anyURI"/> - </extension> - </simpleContent> - </complexType> - <element name="Evidence" type="saml:EvidenceType"/> - <complexType name="EvidenceType"> - <choice maxOccurs="unbounded"> - <element ref="saml:AssertionIDReference"/> - <element ref="saml:Assertion"/> - </choice> - </complexType> - <element name="AttributeStatement" type="saml:AttributeStatementType"/> - <complexType name="AttributeStatementType"> - <complexContent> - <extension base="saml:SubjectStatementAbstractType"> - <sequence> - <element ref="saml:Attribute" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/> - <complexType name="AttributeDesignatorType"> - <attribute name="AttributeName" type="string" use="required"/> - <attribute name="AttributeNamespace" type="anyURI" use="required"/> - </complexType> - <element name="Attribute" type="saml:AttributeType"/> - <complexType name="AttributeType"> - <complexContent> - <extension base="saml:AttributeDesignatorType"> - <sequence> - <element ref="saml:AttributeValue" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AttributeValue" type="anyType"/> -</schema> +<?xml version="1.0" encoding="UTF-8"?> +<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> + <annotation> + <documentation> + Document identifier: oasis-sstc-saml-schema-assertion-1.1 + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November, 2002): + Initial standard schema. + V1.1 (September, 2003): + * Note that V1.1 of this schema has the same XML namespace as V1.0. + Rebased ID content directly on XML Schema types + Added DoNotCacheCondition element and DoNotCacheConditionType + </documentation> + </annotation> + <simpleType name="DecisionType"> + <restriction base="string"> + <enumeration value="Permit"/> + <enumeration value="Deny"/> + <enumeration value="Indeterminate"/> + </restriction> + </simpleType> + <element name="AssertionIDReference" type="NCName"/> + <element name="Assertion" type="saml:AssertionType"/> + <complexType name="AssertionType"> + <sequence> + <element ref="saml:Conditions" minOccurs="0"/> + <element ref="saml:Advice" minOccurs="0"/> + <choice maxOccurs="unbounded"> + <element ref="saml:Statement"/> + <element ref="saml:SubjectStatement"/> + <element ref="saml:AuthenticationStatement"/> + <element ref="saml:AuthorizationDecisionStatement"/> + <element ref="saml:AttributeStatement"/> + </choice> + <element ref="ds:Signature" minOccurs="0"/> + </sequence> + <attribute name="MajorVersion" type="integer" use="required"/> + <attribute name="MinorVersion" type="integer" use="required"/> + <attribute name="AssertionID" type="ID" use="required"/> + <attribute name="Issuer" type="string" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + </complexType> + <element name="Conditions" type="saml:ConditionsType"/> + <complexType name="ConditionsType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:AudienceRestrictionCondition"/> + <element ref="saml:DoNotCacheCondition"/> + <element ref="saml:Condition"/> + </choice> + <attribute name="NotBefore" type="dateTime" use="optional"/> + <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> + </complexType> + <element name="Condition" type="saml:ConditionAbstractType"/> + <complexType name="ConditionAbstractType" abstract="true"/> + <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/> + <complexType name="AudienceRestrictionConditionType"> + <complexContent> + <extension base="saml:ConditionAbstractType"> + <sequence> + <element ref="saml:Audience" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Audience" type="anyURI"/> + <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType"/> + <complexType name="DoNotCacheConditionType"> + <complexContent> + <extension base="saml:ConditionAbstractType"/> + </complexContent> + </complexType> + <element name="Advice" type="saml:AdviceType"/> + <complexType name="AdviceType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:AssertionIDReference"/> + <element ref="saml:Assertion"/> + <any namespace="##other" processContents="lax"/> + </choice> + </complexType> + <element name="Statement" type="saml:StatementAbstractType"/> + <complexType name="StatementAbstractType" abstract="true"/> + <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/> + <complexType name="SubjectStatementAbstractType" abstract="true"> + <complexContent> + <extension base="saml:StatementAbstractType"> + <sequence> + <element ref="saml:Subject"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Subject" type="saml:SubjectType"/> + <complexType name="SubjectType"> + <choice> + <sequence> + <element ref="saml:NameIdentifier"/> + <element ref="saml:SubjectConfirmation" minOccurs="0"/> + </sequence> + <element ref="saml:SubjectConfirmation"/> + </choice> + </complexType> + <element name="NameIdentifier" type="saml:NameIdentifierType"/> + <complexType name="NameIdentifierType"> + <simpleContent> + <extension base="string"> + <attribute name="NameQualifier" type="string" use="optional"/> + <attribute name="Format" type="anyURI" use="optional"/> + </extension> + </simpleContent> + </complexType> + <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/> + <complexType name="SubjectConfirmationType"> + <sequence> + <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/> + <element ref="saml:SubjectConfirmationData" minOccurs="0"/> + <element ref="ds:KeyInfo" minOccurs="0"/> + </sequence> + </complexType> + <element name="SubjectConfirmationData" type="anyType"/> + <element name="ConfirmationMethod" type="anyURI"/> + <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/> + <complexType name="AuthenticationStatementType"> + <complexContent> + <extension base="saml:SubjectStatementAbstractType"> + <sequence> + <element ref="saml:SubjectLocality" minOccurs="0"/> + <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="AuthenticationMethod" type="anyURI" use="required"/> + <attribute name="AuthenticationInstant" type="dateTime" use="required"/> + </extension> + </complexContent> + </complexType> + <element name="SubjectLocality" type="saml:SubjectLocalityType"/> + <complexType name="SubjectLocalityType"> + <attribute name="IPAddress" type="string" use="optional"/> + <attribute name="DNSAddress" type="string" use="optional"/> + </complexType> + <element name="AuthorityBinding" type="saml:AuthorityBindingType"/> + <complexType name="AuthorityBindingType"> + <attribute name="AuthorityKind" type="QName" use="required"/> + <attribute name="Location" type="anyURI" use="required"/> + <attribute name="Binding" type="anyURI" use="required"/> + </complexType> + <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/> + <complexType name="AuthorizationDecisionStatementType"> + <complexContent> + <extension base="saml:SubjectStatementAbstractType"> + <sequence> + <element ref="saml:Action" maxOccurs="unbounded"/> + <element ref="saml:Evidence" minOccurs="0"/> + </sequence> + <attribute name="Resource" type="anyURI" use="required"/> + <attribute name="Decision" type="saml:DecisionType" use="required"/> + </extension> + </complexContent> + </complexType> + <element name="Action" type="saml:ActionType"/> + <complexType name="ActionType"> + <simpleContent> + <extension base="string"> + <attribute name="Namespace" type="anyURI"/> + </extension> + </simpleContent> + </complexType> + <element name="Evidence" type="saml:EvidenceType"/> + <complexType name="EvidenceType"> + <choice maxOccurs="unbounded"> + <element ref="saml:AssertionIDReference"/> + <element ref="saml:Assertion"/> + </choice> + </complexType> + <element name="AttributeStatement" type="saml:AttributeStatementType"/> + <complexType name="AttributeStatementType"> + <complexContent> + <extension base="saml:SubjectStatementAbstractType"> + <sequence> + <element ref="saml:Attribute" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/> + <complexType name="AttributeDesignatorType"> + <attribute name="AttributeName" type="string" use="required"/> + <attribute name="AttributeNamespace" type="anyURI" use="required"/> + </complexType> + <element name="Attribute" type="saml:AttributeType"/> + <complexType name="AttributeType"> + <complexContent> + <extension base="saml:AttributeDesignatorType"> + <sequence> + <element ref="saml:AttributeValue" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AttributeValue" type="anyType"/> +</schema> diff --git a/schemas/oasis-sstc-saml-schema-protocol-1.1.xsd b/schemas/oasis-sstc-saml-schema-protocol-1.1.xsd index 9df108d93..8bea3a944 100644 --- a/schemas/oasis-sstc-saml-schema-protocol-1.1.xsd +++ b/schemas/oasis-sstc-saml-schema-protocol-1.1.xsd @@ -1,132 +1,132 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1"> - <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="oasis-sstc-saml-schema-assertion-1.1.xsd"/> - <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> - <annotation> - <documentation> - Document identifier: oasis-sstc-saml-schema-protocol-1.1 - Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security - Revision history: - V1.0 (November, 2002): - Initial standard schema. - V1.1 (September, 2003): - * Note that V1.1 of this schema has the same XML namespace as V1.0. - Rebased ID content directly on XML Schema types - </documentation> - </annotation> - <complexType name="RequestAbstractType" abstract="true"> - <sequence> - <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/> - <element ref="ds:Signature" minOccurs="0"/> - </sequence> - <attribute name="RequestID" type="ID" use="required"/> - <attribute name="MajorVersion" type="integer" use="required"/> - <attribute name="MinorVersion" type="integer" use="required"/> - <attribute name="IssueInstant" type="dateTime" use="required"/> - </complexType> - <element name="RespondWith" type="QName"/> - <element name="Request" type="samlp:RequestType"/> - <complexType name="RequestType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <choice> - <element ref="samlp:Query"/> - <element ref="samlp:SubjectQuery"/> - <element ref="samlp:AuthenticationQuery"/> - <element ref="samlp:AttributeQuery"/> - <element ref="samlp:AuthorizationDecisionQuery"/> - <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/> - <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/> - </choice> - </extension> - </complexContent> - </complexType> - <element name="AssertionArtifact" type="string"/> - <element name="Query" type="samlp:QueryAbstractType"/> - <complexType name="QueryAbstractType" abstract="true"/> - <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> - <complexType name="SubjectQueryAbstractType" abstract="true"> - <complexContent> - <extension base="samlp:QueryAbstractType"> - <sequence> - <element ref="saml:Subject"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/> - <complexType name="AuthenticationQueryType"> - <complexContent> - <extension base="samlp:SubjectQueryAbstractType"> - <attribute name="AuthenticationMethod" type="anyURI"/> - </extension> - </complexContent> - </complexType> - <element name="AttributeQuery" type="samlp:AttributeQueryType"/> - <complexType name="AttributeQueryType"> - <complexContent> - <extension base="samlp:SubjectQueryAbstractType"> - <sequence> - <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="Resource" type="anyURI" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/> - <complexType name="AuthorizationDecisionQueryType"> - <complexContent> - <extension base="samlp:SubjectQueryAbstractType"> - <sequence> - <element ref="saml:Action" maxOccurs="unbounded"/> - <element ref="saml:Evidence" minOccurs="0"/> - </sequence> - <attribute name="Resource" type="anyURI" use="required"/> - </extension> - </complexContent> - </complexType> - <complexType name="ResponseAbstractType" abstract="true"> - <sequence> - <element ref="ds:Signature" minOccurs="0"/> - </sequence> - <attribute name="ResponseID" type="ID" use="required"/> - <attribute name="InResponseTo" type="NCName" use="optional"/> - <attribute name="MajorVersion" type="integer" use="required"/> - <attribute name="MinorVersion" type="integer" use="required"/> - <attribute name="IssueInstant" type="dateTime" use="required"/> - <attribute name="Recipient" type="anyURI" use="optional"/> - </complexType> - <element name="Response" type="samlp:ResponseType"/> - <complexType name="ResponseType"> - <complexContent> - <extension base="samlp:ResponseAbstractType"> - <sequence> - <element ref="samlp:Status"/> - <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="Status" type="samlp:StatusType"/> - <complexType name="StatusType"> - <sequence> - <element ref="samlp:StatusCode"/> - <element ref="samlp:StatusMessage" minOccurs="0"/> - <element ref="samlp:StatusDetail" minOccurs="0"/> - </sequence> - </complexType> - <element name="StatusCode" type="samlp:StatusCodeType"/> - <complexType name="StatusCodeType"> - <sequence> - <element ref="samlp:StatusCode" minOccurs="0"/> - </sequence> - <attribute name="Value" type="QName" use="required"/> - </complexType> - <element name="StatusMessage" type="string"/> - <element name="StatusDetail" type="samlp:StatusDetailType"/> - <complexType name="StatusDetailType"> - <sequence> - <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </complexType> -</schema> +<?xml version="1.0" encoding="UTF-8"?> +<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1"> + <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="oasis-sstc-saml-schema-assertion-1.1.xsd"/> + <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> + <annotation> + <documentation> + Document identifier: oasis-sstc-saml-schema-protocol-1.1 + Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security + Revision history: + V1.0 (November, 2002): + Initial standard schema. + V1.1 (September, 2003): + * Note that V1.1 of this schema has the same XML namespace as V1.0. + Rebased ID content directly on XML Schema types + </documentation> + </annotation> + <complexType name="RequestAbstractType" abstract="true"> + <sequence> + <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/> + <element ref="ds:Signature" minOccurs="0"/> + </sequence> + <attribute name="RequestID" type="ID" use="required"/> + <attribute name="MajorVersion" type="integer" use="required"/> + <attribute name="MinorVersion" type="integer" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + </complexType> + <element name="RespondWith" type="QName"/> + <element name="Request" type="samlp:RequestType"/> + <complexType name="RequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <choice> + <element ref="samlp:Query"/> + <element ref="samlp:SubjectQuery"/> + <element ref="samlp:AuthenticationQuery"/> + <element ref="samlp:AttributeQuery"/> + <element ref="samlp:AuthorizationDecisionQuery"/> + <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/> + <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/> + </choice> + </extension> + </complexContent> + </complexType> + <element name="AssertionArtifact" type="string"/> + <element name="Query" type="samlp:QueryAbstractType"/> + <complexType name="QueryAbstractType" abstract="true"/> + <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> + <complexType name="SubjectQueryAbstractType" abstract="true"> + <complexContent> + <extension base="samlp:QueryAbstractType"> + <sequence> + <element ref="saml:Subject"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/> + <complexType name="AuthenticationQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <attribute name="AuthenticationMethod" type="anyURI"/> + </extension> + </complexContent> + </complexType> + <element name="AttributeQuery" type="samlp:AttributeQueryType"/> + <complexType name="AttributeQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Resource" type="anyURI" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/> + <complexType name="AuthorizationDecisionQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="saml:Action" maxOccurs="unbounded"/> + <element ref="saml:Evidence" minOccurs="0"/> + </sequence> + <attribute name="Resource" type="anyURI" use="required"/> + </extension> + </complexContent> + </complexType> + <complexType name="ResponseAbstractType" abstract="true"> + <sequence> + <element ref="ds:Signature" minOccurs="0"/> + </sequence> + <attribute name="ResponseID" type="ID" use="required"/> + <attribute name="InResponseTo" type="NCName" use="optional"/> + <attribute name="MajorVersion" type="integer" use="required"/> + <attribute name="MinorVersion" type="integer" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + <attribute name="Recipient" type="anyURI" use="optional"/> + </complexType> + <element name="Response" type="samlp:ResponseType"/> + <complexType name="ResponseType"> + <complexContent> + <extension base="samlp:ResponseAbstractType"> + <sequence> + <element ref="samlp:Status"/> + <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Status" type="samlp:StatusType"/> + <complexType name="StatusType"> + <sequence> + <element ref="samlp:StatusCode"/> + <element ref="samlp:StatusMessage" minOccurs="0"/> + <element ref="samlp:StatusDetail" minOccurs="0"/> + </sequence> + </complexType> + <element name="StatusCode" type="samlp:StatusCodeType"/> + <complexType name="StatusCodeType"> + <sequence> + <element ref="samlp:StatusCode" minOccurs="0"/> + </sequence> + <attribute name="Value" type="QName" use="required"/> + </complexType> + <element name="StatusMessage" type="string"/> + <element name="StatusDetail" type="samlp:StatusDetailType"/> + <complexType name="StatusDetailType"> + <sequence> + <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </complexType> +</schema> diff --git a/schemas/saml-schema-assertion-2.0.xsd b/schemas/saml-schema-assertion-2.0.xsd index 6aa3b27d6..9bbfa26e3 100644 --- a/schemas/saml-schema-assertion-2.0.xsd +++ b/schemas/saml-schema-assertion-2.0.xsd @@ -1,283 +1,283 @@ -<?xml version="1.0" encoding="US-ASCII"?> -<schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion" - xmlns="http://www.w3.org/2001/XMLSchema" - xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" - xmlns:ds="http://www.w3.org/2000/09/xmldsig#" - xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <import namespace="http://www.w3.org/2000/09/xmldsig#" - schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> - <import namespace="http://www.w3.org/2001/04/xmlenc#" - schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/> - <annotation> - <documentation> - Document identifier: saml-schema-assertion-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V1.0 (November, 2002): - Initial Standard Schema. - V1.1 (September, 2003): - Updates within the same V1.0 namespace. - V2.0 (March, 2005): - New assertion schema for SAML V2.0 namespace. - </documentation> - </annotation> - <attributeGroup name="IDNameQualifiers"> - <attribute name="NameQualifier" type="string" use="optional"/> - <attribute name="SPNameQualifier" type="string" use="optional"/> - </attributeGroup> - <element name="BaseID" type="saml:BaseIDAbstractType"/> - <complexType name="BaseIDAbstractType" abstract="true"> - <attributeGroup ref="saml:IDNameQualifiers"/> - </complexType> - <element name="NameID" type="saml:NameIDType"/> - <complexType name="NameIDType"> - <simpleContent> - <extension base="string"> - <attributeGroup ref="saml:IDNameQualifiers"/> - <attribute name="Format" type="anyURI" use="optional"/> - <attribute name="SPProvidedID" type="string" use="optional"/> - </extension> - </simpleContent> - </complexType> - <complexType name="EncryptedElementType"> - <sequence> - <element ref="xenc:EncryptedData"/> - <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </complexType> - <element name="EncryptedID" type="saml:EncryptedElementType"/> - <element name="Issuer" type="saml:NameIDType"/> - <element name="AssertionIDRef" type="NCName"/> - <element name="AssertionURIRef" type="anyURI"/> - <element name="Assertion" type="saml:AssertionType"/> - <complexType name="AssertionType"> - <sequence> - <element ref="saml:Issuer"/> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="saml:Subject" minOccurs="0"/> - <element ref="saml:Conditions" minOccurs="0"/> - <element ref="saml:Advice" minOccurs="0"/> - <choice minOccurs="0" maxOccurs="unbounded"> - <element ref="saml:Statement"/> - <element ref="saml:AuthnStatement"/> - <element ref="saml:AuthzDecisionStatement"/> - <element ref="saml:AttributeStatement"/> - </choice> - </sequence> - <attribute name="Version" type="string" use="required"/> - <attribute name="ID" type="ID" use="required"/> - <attribute name="IssueInstant" type="dateTime" use="required"/> - </complexType> - <element name="Subject" type="saml:SubjectType"/> - <complexType name="SubjectType"> - <choice> - <sequence> - <choice> - <element ref="saml:BaseID"/> - <element ref="saml:NameID"/> - <element ref="saml:EncryptedID"/> - </choice> - <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/> - </choice> - </complexType> - <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/> - <complexType name="SubjectConfirmationType"> - <sequence> - <choice minOccurs="0"> - <element ref="saml:BaseID"/> - <element ref="saml:NameID"/> - <element ref="saml:EncryptedID"/> - </choice> - <element ref="saml:SubjectConfirmationData" minOccurs="0"/> - </sequence> - <attribute name="Method" type="anyURI" use="required"/> - </complexType> - <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/> - <complexType name="SubjectConfirmationDataType" mixed="true"> - <complexContent> - <restriction base="anyType"> - <sequence> - <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="NotBefore" type="dateTime" use="optional"/> - <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> - <attribute name="Recipient" type="anyURI" use="optional"/> - <attribute name="InResponseTo" type="NCName" use="optional"/> - <attribute name="Address" type="string" use="optional"/> - <anyAttribute namespace="##other" processContents="lax"/> - </restriction> - </complexContent> - </complexType> - <complexType name="KeyInfoConfirmationDataType" mixed="false"> - <complexContent> - <restriction base="saml:SubjectConfirmationDataType"> - <sequence> - <element ref="ds:KeyInfo" maxOccurs="unbounded"/> - </sequence> - </restriction> - </complexContent> - </complexType> - <element name="Conditions" type="saml:ConditionsType"/> - <complexType name="ConditionsType"> - <choice minOccurs="0" maxOccurs="unbounded"> - <element ref="saml:Condition"/> - <element ref="saml:AudienceRestriction"/> - <element ref="saml:OneTimeUse"/> - <element ref="saml:ProxyRestriction"/> - </choice> - <attribute name="NotBefore" type="dateTime" use="optional"/> - <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> - </complexType> - <element name="Condition" type="saml:ConditionAbstractType"/> - <complexType name="ConditionAbstractType" abstract="true"/> - <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/> - <complexType name="AudienceRestrictionType"> - <complexContent> - <extension base="saml:ConditionAbstractType"> - <sequence> - <element ref="saml:Audience" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="Audience" type="anyURI"/> - <element name="OneTimeUse" type="saml:OneTimeUseType" /> - <complexType name="OneTimeUseType"> - <complexContent> - <extension base="saml:ConditionAbstractType"/> - </complexContent> - </complexType> - <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/> - <complexType name="ProxyRestrictionType"> - <complexContent> - <extension base="saml:ConditionAbstractType"> - <sequence> - <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="Count" type="nonNegativeInteger" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="Advice" type="saml:AdviceType"/> - <complexType name="AdviceType"> - <choice minOccurs="0" maxOccurs="unbounded"> - <element ref="saml:AssertionIDRef"/> - <element ref="saml:AssertionURIRef"/> - <element ref="saml:Assertion"/> - <element ref="saml:EncryptedAssertion"/> - <any namespace="##other" processContents="lax"/> - </choice> - </complexType> - <element name="EncryptedAssertion" type="saml:EncryptedElementType"/> - <element name="Statement" type="saml:StatementAbstractType"/> - <complexType name="StatementAbstractType" abstract="true"/> - <element name="AuthnStatement" type="saml:AuthnStatementType"/> - <complexType name="AuthnStatementType"> - <complexContent> - <extension base="saml:StatementAbstractType"> - <sequence> - <element ref="saml:SubjectLocality" minOccurs="0"/> - <element ref="saml:AuthnContext"/> - </sequence> - <attribute name="AuthnInstant" type="dateTime" use="required"/> - <attribute name="SessionIndex" type="string" use="optional"/> - <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="SubjectLocality" type="saml:SubjectLocalityType"/> - <complexType name="SubjectLocalityType"> - <attribute name="Address" type="string" use="optional"/> - <attribute name="DNSName" type="string" use="optional"/> - </complexType> - <element name="AuthnContext" type="saml:AuthnContextType"/> - <complexType name="AuthnContextType"> - <sequence> - <choice> - <sequence> - <element ref="saml:AuthnContextClassRef"/> - <choice minOccurs="0"> - <element ref="saml:AuthnContextDecl"/> - <element ref="saml:AuthnContextDeclRef"/> - </choice> - </sequence> - <choice> - <element ref="saml:AuthnContextDecl"/> - <element ref="saml:AuthnContextDeclRef"/> - </choice> - </choice> - <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </complexType> - <element name="AuthnContextClassRef" type="anyURI"/> - <element name="AuthnContextDeclRef" type="anyURI"/> - <element name="AuthnContextDecl" type="anyType"/> - <element name="AuthenticatingAuthority" type="anyURI"/> - <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/> - <complexType name="AuthzDecisionStatementType"> - <complexContent> - <extension base="saml:StatementAbstractType"> - <sequence> - <element ref="saml:Action" maxOccurs="unbounded"/> - <element ref="saml:Evidence" minOccurs="0"/> - </sequence> - <attribute name="Resource" type="anyURI" use="required"/> - <attribute name="Decision" type="saml:DecisionType" use="required"/> - </extension> - </complexContent> - </complexType> - <simpleType name="DecisionType"> - <restriction base="string"> - <enumeration value="Permit"/> - <enumeration value="Deny"/> - <enumeration value="Indeterminate"/> - </restriction> - </simpleType> - <element name="Action" type="saml:ActionType"/> - <complexType name="ActionType"> - <simpleContent> - <extension base="string"> - <attribute name="Namespace" type="anyURI" use="required"/> - </extension> - </simpleContent> - </complexType> - <element name="Evidence" type="saml:EvidenceType"/> - <complexType name="EvidenceType"> - <choice maxOccurs="unbounded"> - <element ref="saml:AssertionIDRef"/> - <element ref="saml:AssertionURIRef"/> - <element ref="saml:Assertion"/> - <element ref="saml:EncryptedAssertion"/> - </choice> - </complexType> - <element name="AttributeStatement" type="saml:AttributeStatementType"/> - <complexType name="AttributeStatementType"> - <complexContent> - <extension base="saml:StatementAbstractType"> - <choice maxOccurs="unbounded"> - <element ref="saml:Attribute"/> - <element ref="saml:EncryptedAttribute"/> - </choice> - </extension> - </complexContent> - </complexType> - <element name="Attribute" type="saml:AttributeType"/> - <complexType name="AttributeType"> - <sequence> - <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="Name" type="string" use="required"/> - <attribute name="NameFormat" type="anyURI" use="optional"/> - <attribute name="FriendlyName" type="string" use="optional"/> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - <element name="AttributeValue" type="anyType" nillable="true"/> - <element name="EncryptedAttribute" type="saml:EncryptedElementType"/> -</schema> +<?xml version="1.0" encoding="US-ASCII"?> +<schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns="http://www.w3.org/2001/XMLSchema" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> + <import namespace="http://www.w3.org/2001/04/xmlenc#" + schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/> + <annotation> + <documentation> + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + </documentation> + </annotation> + <attributeGroup name="IDNameQualifiers"> + <attribute name="NameQualifier" type="string" use="optional"/> + <attribute name="SPNameQualifier" type="string" use="optional"/> + </attributeGroup> + <element name="BaseID" type="saml:BaseIDAbstractType"/> + <complexType name="BaseIDAbstractType" abstract="true"> + <attributeGroup ref="saml:IDNameQualifiers"/> + </complexType> + <element name="NameID" type="saml:NameIDType"/> + <complexType name="NameIDType"> + <simpleContent> + <extension base="string"> + <attributeGroup ref="saml:IDNameQualifiers"/> + <attribute name="Format" type="anyURI" use="optional"/> + <attribute name="SPProvidedID" type="string" use="optional"/> + </extension> + </simpleContent> + </complexType> + <complexType name="EncryptedElementType"> + <sequence> + <element ref="xenc:EncryptedData"/> + <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </complexType> + <element name="EncryptedID" type="saml:EncryptedElementType"/> + <element name="Issuer" type="saml:NameIDType"/> + <element name="AssertionIDRef" type="NCName"/> + <element name="AssertionURIRef" type="anyURI"/> + <element name="Assertion" type="saml:AssertionType"/> + <complexType name="AssertionType"> + <sequence> + <element ref="saml:Issuer"/> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="saml:Subject" minOccurs="0"/> + <element ref="saml:Conditions" minOccurs="0"/> + <element ref="saml:Advice" minOccurs="0"/> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:Statement"/> + <element ref="saml:AuthnStatement"/> + <element ref="saml:AuthzDecisionStatement"/> + <element ref="saml:AttributeStatement"/> + </choice> + </sequence> + <attribute name="Version" type="string" use="required"/> + <attribute name="ID" type="ID" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + </complexType> + <element name="Subject" type="saml:SubjectType"/> + <complexType name="SubjectType"> + <choice> + <sequence> + <choice> + <element ref="saml:BaseID"/> + <element ref="saml:NameID"/> + <element ref="saml:EncryptedID"/> + </choice> + <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/> + </choice> + </complexType> + <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/> + <complexType name="SubjectConfirmationType"> + <sequence> + <choice minOccurs="0"> + <element ref="saml:BaseID"/> + <element ref="saml:NameID"/> + <element ref="saml:EncryptedID"/> + </choice> + <element ref="saml:SubjectConfirmationData" minOccurs="0"/> + </sequence> + <attribute name="Method" type="anyURI" use="required"/> + </complexType> + <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/> + <complexType name="SubjectConfirmationDataType" mixed="true"> + <complexContent> + <restriction base="anyType"> + <sequence> + <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="NotBefore" type="dateTime" use="optional"/> + <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> + <attribute name="Recipient" type="anyURI" use="optional"/> + <attribute name="InResponseTo" type="NCName" use="optional"/> + <attribute name="Address" type="string" use="optional"/> + <anyAttribute namespace="##other" processContents="lax"/> + </restriction> + </complexContent> + </complexType> + <complexType name="KeyInfoConfirmationDataType" mixed="false"> + <complexContent> + <restriction base="saml:SubjectConfirmationDataType"> + <sequence> + <element ref="ds:KeyInfo" maxOccurs="unbounded"/> + </sequence> + </restriction> + </complexContent> + </complexType> + <element name="Conditions" type="saml:ConditionsType"/> + <complexType name="ConditionsType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:Condition"/> + <element ref="saml:AudienceRestriction"/> + <element ref="saml:OneTimeUse"/> + <element ref="saml:ProxyRestriction"/> + </choice> + <attribute name="NotBefore" type="dateTime" use="optional"/> + <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> + </complexType> + <element name="Condition" type="saml:ConditionAbstractType"/> + <complexType name="ConditionAbstractType" abstract="true"/> + <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/> + <complexType name="AudienceRestrictionType"> + <complexContent> + <extension base="saml:ConditionAbstractType"> + <sequence> + <element ref="saml:Audience" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Audience" type="anyURI"/> + <element name="OneTimeUse" type="saml:OneTimeUseType" /> + <complexType name="OneTimeUseType"> + <complexContent> + <extension base="saml:ConditionAbstractType"/> + </complexContent> + </complexType> + <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/> + <complexType name="ProxyRestrictionType"> + <complexContent> + <extension base="saml:ConditionAbstractType"> + <sequence> + <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Count" type="nonNegativeInteger" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="Advice" type="saml:AdviceType"/> + <complexType name="AdviceType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:AssertionIDRef"/> + <element ref="saml:AssertionURIRef"/> + <element ref="saml:Assertion"/> + <element ref="saml:EncryptedAssertion"/> + <any namespace="##other" processContents="lax"/> + </choice> + </complexType> + <element name="EncryptedAssertion" type="saml:EncryptedElementType"/> + <element name="Statement" type="saml:StatementAbstractType"/> + <complexType name="StatementAbstractType" abstract="true"/> + <element name="AuthnStatement" type="saml:AuthnStatementType"/> + <complexType name="AuthnStatementType"> + <complexContent> + <extension base="saml:StatementAbstractType"> + <sequence> + <element ref="saml:SubjectLocality" minOccurs="0"/> + <element ref="saml:AuthnContext"/> + </sequence> + <attribute name="AuthnInstant" type="dateTime" use="required"/> + <attribute name="SessionIndex" type="string" use="optional"/> + <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="SubjectLocality" type="saml:SubjectLocalityType"/> + <complexType name="SubjectLocalityType"> + <attribute name="Address" type="string" use="optional"/> + <attribute name="DNSName" type="string" use="optional"/> + </complexType> + <element name="AuthnContext" type="saml:AuthnContextType"/> + <complexType name="AuthnContextType"> + <sequence> + <choice> + <sequence> + <element ref="saml:AuthnContextClassRef"/> + <choice minOccurs="0"> + <element ref="saml:AuthnContextDecl"/> + <element ref="saml:AuthnContextDeclRef"/> + </choice> + </sequence> + <choice> + <element ref="saml:AuthnContextDecl"/> + <element ref="saml:AuthnContextDeclRef"/> + </choice> + </choice> + <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </complexType> + <element name="AuthnContextClassRef" type="anyURI"/> + <element name="AuthnContextDeclRef" type="anyURI"/> + <element name="AuthnContextDecl" type="anyType"/> + <element name="AuthenticatingAuthority" type="anyURI"/> + <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/> + <complexType name="AuthzDecisionStatementType"> + <complexContent> + <extension base="saml:StatementAbstractType"> + <sequence> + <element ref="saml:Action" maxOccurs="unbounded"/> + <element ref="saml:Evidence" minOccurs="0"/> + </sequence> + <attribute name="Resource" type="anyURI" use="required"/> + <attribute name="Decision" type="saml:DecisionType" use="required"/> + </extension> + </complexContent> + </complexType> + <simpleType name="DecisionType"> + <restriction base="string"> + <enumeration value="Permit"/> + <enumeration value="Deny"/> + <enumeration value="Indeterminate"/> + </restriction> + </simpleType> + <element name="Action" type="saml:ActionType"/> + <complexType name="ActionType"> + <simpleContent> + <extension base="string"> + <attribute name="Namespace" type="anyURI" use="required"/> + </extension> + </simpleContent> + </complexType> + <element name="Evidence" type="saml:EvidenceType"/> + <complexType name="EvidenceType"> + <choice maxOccurs="unbounded"> + <element ref="saml:AssertionIDRef"/> + <element ref="saml:AssertionURIRef"/> + <element ref="saml:Assertion"/> + <element ref="saml:EncryptedAssertion"/> + </choice> + </complexType> + <element name="AttributeStatement" type="saml:AttributeStatementType"/> + <complexType name="AttributeStatementType"> + <complexContent> + <extension base="saml:StatementAbstractType"> + <choice maxOccurs="unbounded"> + <element ref="saml:Attribute"/> + <element ref="saml:EncryptedAttribute"/> + </choice> + </extension> + </complexContent> + </complexType> + <element name="Attribute" type="saml:AttributeType"/> + <complexType name="AttributeType"> + <sequence> + <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Name" type="string" use="required"/> + <attribute name="NameFormat" type="anyURI" use="optional"/> + <attribute name="FriendlyName" type="string" use="optional"/> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + <element name="AttributeValue" type="anyType" nillable="true"/> + <element name="EncryptedAttribute" type="saml:EncryptedElementType"/> +</schema> diff --git a/schemas/saml-schema-authn-context-2.0.xsd b/schemas/saml-schema-authn-context-2.0.xsd index 5723bb91b..e4754faf8 100644 --- a/schemas/saml-schema-authn-context-2.0.xsd +++ b/schemas/saml-schema-authn-context-2.0.xsd @@ -1,23 +1,23 @@ -<?xml version="1.0" encoding="UTF-8"?> -<xs:schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:ac" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac" - blockDefault="substitution" - version="2.0"> - - <xs:annotation> - <xs:documentation> - Document identifier: saml-schema-authn-context-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New core authentication context schema for SAML V2.0. - This is just an include of all types from the schema - referred to in the include statement below. - </xs:documentation> - </xs:annotation> - - <xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/> - +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:ac" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac" + blockDefault="substitution" + version="2.0"> + + <xs:annotation> + <xs:documentation> + Document identifier: saml-schema-authn-context-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New core authentication context schema for SAML V2.0. + This is just an include of all types from the schema + referred to in the include statement below. + </xs:documentation> + </xs:annotation> + + <xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-auth-telephony-2.0.xsd b/schemas/saml-schema-authn-context-auth-telephony-2.0.xsd index 84dc4ec13..da59934be 100644 --- a/schemas/saml-schema-authn-context-auth-telephony-2.0.xsd +++ b/schemas/saml-schema-authn-context-auth-telephony-2.0.xsd @@ -1,81 +1,81 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony - Document identifier: saml-schema-authn-context-auth-telephony-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="Password"/> - <xs:element ref="SubscriberLineNumber"/> - <xs:element ref="UserSuffix"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PSTN"/> - <xs:element ref="ISDN"/> - <xs:element ref="ADSL"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony + Document identifier: saml-schema-authn-context-auth-telephony-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="Password"/> + <xs:element ref="SubscriberLineNumber"/> + <xs:element ref="UserSuffix"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PSTN"/> + <xs:element ref="ISDN"/> + <xs:element ref="ADSL"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-ip-2.0.xsd b/schemas/saml-schema-authn-context-ip-2.0.xsd index add9e0cc0..d4e7dfba1 100644 --- a/schemas/saml-schema-authn-context-ip-2.0.xsd +++ b/schemas/saml-schema-authn-context-ip-2.0.xsd @@ -1,65 +1,65 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol - Document identifier: saml-schema-authn-context-ip-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="IPAddress"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol + Document identifier: saml-schema-authn-context-ip-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="IPAddress"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-ippword-2.0.xsd b/schemas/saml-schema-authn-context-ippword-2.0.xsd index 7496a0464..708f59643 100644 --- a/schemas/saml-schema-authn-context-ippword-2.0.xsd +++ b/schemas/saml-schema-authn-context-ippword-2.0.xsd @@ -1,67 +1,67 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword" - xmlns:ac="urn:oasis:names:tc:SAML:2.0:ac" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword - Document identifier: saml-schema-authn-context-ippword-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="Password"/> - <xs:element ref="IPAddress"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword" + xmlns:ac="urn:oasis:names:tc:SAML:2.0:ac" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword + Document identifier: saml-schema-authn-context-ippword-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="Password"/> + <xs:element ref="IPAddress"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-kerberos-2.0.xsd b/schemas/saml-schema-authn-context-kerberos-2.0.xsd index 88398cf04..4b6a3a5da 100644 --- a/schemas/saml-schema-authn-context-kerberos-2.0.xsd +++ b/schemas/saml-schema-authn-context-kerberos-2.0.xsd @@ -1,83 +1,83 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos - Document identifier: saml-schema-authn-context-kerberos-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="SharedSecretChallengeResponse"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SharedSecretChallengeResponseType"> - <xs:complexContent> - <xs:restriction base="SharedSecretChallengeResponseType"> - <xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos + Document identifier: saml-schema-authn-context-kerberos-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="SharedSecretChallengeResponse"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SharedSecretChallengeResponseType"> + <xs:complexContent> + <xs:restriction base="SharedSecretChallengeResponseType"> + <xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-mobileonefactor-reg-2.0.xsd b/schemas/saml-schema-authn-context-mobileonefactor-reg-2.0.xsd index 745a277c6..f72443437 100644 --- a/schemas/saml-schema-authn-context-mobileonefactor-reg-2.0.xsd +++ b/schemas/saml-schema-authn-context-mobileonefactor-reg-2.0.xsd @@ -1,186 +1,186 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract - Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="DigSig"/> - <xs:element ref="ZeroKnowledge"/> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SSL"/> - <xs:element ref="MobileNetworkNoEncryption"/> - <xs:element ref="MobileNetworkRadioEncryption"/> - <xs:element ref="MobileNetworkEndToEndEncryption"/> - <xs:element ref="WTLS"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="OperationalProtectionType"> - <xs:complexContent> - <xs:restriction base="OperationalProtectionType"> - <xs:sequence> - <xs:element ref="SecurityAudit"/> - <xs:element ref="DeactivationCallCenter"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:complexContent> - <xs:restriction base="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PrivateKeyProtection"/> - <xs:element ref="SecretKeyProtection"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecretKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="SecretKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyStorageType"> - <xs:complexContent> - <xs:restriction base="KeyStorageType"> - <xs:attribute name="medium" use="required"> - <xs:simpleType> - <xs:restriction base="mediumType"> - <xs:enumeration value="smartcard"/> - <xs:enumeration value="MobileDevice"/> - <xs:enumeration value="MobileAuthCard"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecurityAuditType"> - <xs:complexContent> - <xs:restriction base="SecurityAuditType"> - <xs:sequence> - <xs:element ref="SwitchAudit"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="IdentificationType"> - <xs:complexContent> - <xs:restriction base="IdentificationType"> - <xs:sequence> - <xs:element ref="PhysicalVerification"/> - <xs:element ref="WrittenConsent"/> - <xs:element ref="GoverningAgreements"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="nym"> - <xs:simpleType> - <xs:restriction base="nymType"> - <xs:enumeration value="anonymity"/> - <xs:enumeration value="verinymity"/> - <xs:enumeration value="pseudonymity"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract + Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="DigSig"/> + <xs:element ref="ZeroKnowledge"/> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SSL"/> + <xs:element ref="MobileNetworkNoEncryption"/> + <xs:element ref="MobileNetworkRadioEncryption"/> + <xs:element ref="MobileNetworkEndToEndEncryption"/> + <xs:element ref="WTLS"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="OperationalProtectionType"> + <xs:complexContent> + <xs:restriction base="OperationalProtectionType"> + <xs:sequence> + <xs:element ref="SecurityAudit"/> + <xs:element ref="DeactivationCallCenter"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:complexContent> + <xs:restriction base="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PrivateKeyProtection"/> + <xs:element ref="SecretKeyProtection"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecretKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="SecretKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyStorageType"> + <xs:complexContent> + <xs:restriction base="KeyStorageType"> + <xs:attribute name="medium" use="required"> + <xs:simpleType> + <xs:restriction base="mediumType"> + <xs:enumeration value="smartcard"/> + <xs:enumeration value="MobileDevice"/> + <xs:enumeration value="MobileAuthCard"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecurityAuditType"> + <xs:complexContent> + <xs:restriction base="SecurityAuditType"> + <xs:sequence> + <xs:element ref="SwitchAudit"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="IdentificationType"> + <xs:complexContent> + <xs:restriction base="IdentificationType"> + <xs:sequence> + <xs:element ref="PhysicalVerification"/> + <xs:element ref="WrittenConsent"/> + <xs:element ref="GoverningAgreements"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="nym"> + <xs:simpleType> + <xs:restriction base="nymType"> + <xs:enumeration value="anonymity"/> + <xs:enumeration value="verinymity"/> + <xs:enumeration value="pseudonymity"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-mobileonefactor-unreg-2.0.xsd b/schemas/saml-schema-authn-context-mobileonefactor-unreg-2.0.xsd index deea99661..9727c45fd 100644 --- a/schemas/saml-schema-authn-context-mobileonefactor-unreg-2.0.xsd +++ b/schemas/saml-schema-authn-context-mobileonefactor-unreg-2.0.xsd @@ -1,183 +1,183 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered - Document identifier: saml-schema-authn-context-mobileonefactor-unreg-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="DigSig"/> - <xs:element ref="ZeroKnowledge"/> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SSL"/> - <xs:element ref="MobileNetworkNoEncryption"/> - <xs:element ref="MobileNetworkRadioEncryption"/> - <xs:element ref="MobileNetworkEndToEndEncryption"/> - <xs:element ref="WTLS"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="OperationalProtectionType"> - <xs:complexContent> - <xs:restriction base="OperationalProtectionType"> - <xs:sequence> - <xs:element ref="SecurityAudit"/> - <xs:element ref="DeactivationCallCenter"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:complexContent> - <xs:restriction base="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PrivateKeyProtection"/> - <xs:element ref="SecretKeyProtection"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecretKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="SecretKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyStorageType"> - <xs:complexContent> - <xs:restriction base="KeyStorageType"> - <xs:attribute name="medium" use="required"> - <xs:simpleType> - <xs:restriction base="mediumType"> - <xs:enumeration value="MobileDevice"/> - <xs:enumeration value="MobileAuthCard"/> - <xs:enumeration value="smartcard"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecurityAuditType"> - <xs:complexContent> - <xs:restriction base="SecurityAuditType"> - <xs:sequence> - <xs:element ref="SwitchAudit"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="IdentificationType"> - <xs:complexContent> - <xs:restriction base="IdentificationType"> - <xs:sequence> - <xs:element ref="GoverningAgreements"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="nym"> - <xs:simpleType> - <xs:restriction base="nymType"> - <xs:enumeration value="anonymity"/> - <xs:enumeration value="pseudonymity"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered + Document identifier: saml-schema-authn-context-mobileonefactor-unreg-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="DigSig"/> + <xs:element ref="ZeroKnowledge"/> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SSL"/> + <xs:element ref="MobileNetworkNoEncryption"/> + <xs:element ref="MobileNetworkRadioEncryption"/> + <xs:element ref="MobileNetworkEndToEndEncryption"/> + <xs:element ref="WTLS"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="OperationalProtectionType"> + <xs:complexContent> + <xs:restriction base="OperationalProtectionType"> + <xs:sequence> + <xs:element ref="SecurityAudit"/> + <xs:element ref="DeactivationCallCenter"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:complexContent> + <xs:restriction base="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PrivateKeyProtection"/> + <xs:element ref="SecretKeyProtection"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecretKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="SecretKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyStorageType"> + <xs:complexContent> + <xs:restriction base="KeyStorageType"> + <xs:attribute name="medium" use="required"> + <xs:simpleType> + <xs:restriction base="mediumType"> + <xs:enumeration value="MobileDevice"/> + <xs:enumeration value="MobileAuthCard"/> + <xs:enumeration value="smartcard"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecurityAuditType"> + <xs:complexContent> + <xs:restriction base="SecurityAuditType"> + <xs:sequence> + <xs:element ref="SwitchAudit"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="IdentificationType"> + <xs:complexContent> + <xs:restriction base="IdentificationType"> + <xs:sequence> + <xs:element ref="GoverningAgreements"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="nym"> + <xs:simpleType> + <xs:restriction base="nymType"> + <xs:enumeration value="anonymity"/> + <xs:enumeration value="pseudonymity"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-mobiletwofactor-reg-2.0.xsd b/schemas/saml-schema-authn-context-mobiletwofactor-reg-2.0.xsd index 3bfa7c5c0..d0c59aa13 100644 --- a/schemas/saml-schema-authn-context-mobiletwofactor-reg-2.0.xsd +++ b/schemas/saml-schema-authn-context-mobiletwofactor-reg-2.0.xsd @@ -1,202 +1,202 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract - Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="DigSig"/> - <xs:element ref="ZeroKnowledge"/> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - <xs:element ref="ComplexAuthenticator"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="ComplexAuthenticatorType"> - <xs:complexContent> - <xs:restriction base="ComplexAuthenticatorType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - </xs:choice> - <xs:element ref="Password"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SSL"/> - <xs:element ref="MobileNetworkNoEncryption"/> - <xs:element ref="MobileNetworkRadioEncryption"/> - <xs:element ref="MobileNetworkEndToEndEncryption"/> - <xs:element ref="WTLS"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="OperationalProtectionType"> - <xs:complexContent> - <xs:restriction base="OperationalProtectionType"> - <xs:sequence> - <xs:element ref="SecurityAudit"/> - <xs:element ref="DeactivationCallCenter"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:complexContent> - <xs:restriction base="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PrivateKeyProtection"/> - <xs:element ref="SecretKeyProtection"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation"/> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecretKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="SecretKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation"/> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyStorageType"> - <xs:complexContent> - <xs:restriction base="KeyStorageType"> - <xs:attribute name="medium" use="required"> - <xs:simpleType> - <xs:restriction base="mediumType"> - <xs:enumeration value="MobileDevice"/> - <xs:enumeration value="MobileAuthCard"/> - <xs:enumeration value="smartcard"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecurityAuditType"> - <xs:complexContent> - <xs:restriction base="SecurityAuditType"> - <xs:sequence> - <xs:element ref="SwitchAudit"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="IdentificationType"> - <xs:complexContent> - <xs:restriction base="IdentificationType"> - <xs:sequence> - <xs:element ref="PhysicalVerification"/> - <xs:element ref="WrittenConsent"/> - <xs:element ref="GoverningAgreements"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="nym"> - <xs:simpleType> - <xs:restriction base="nymType"> - <xs:enumeration value="anonymity"/> - <xs:enumeration value="verinymity"/> - <xs:enumeration value="pseudonymity"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract + Document identifier: saml-schema-authn-context-mobiletwofactor-reg-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="DigSig"/> + <xs:element ref="ZeroKnowledge"/> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + <xs:element ref="ComplexAuthenticator"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="ComplexAuthenticatorType"> + <xs:complexContent> + <xs:restriction base="ComplexAuthenticatorType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + </xs:choice> + <xs:element ref="Password"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SSL"/> + <xs:element ref="MobileNetworkNoEncryption"/> + <xs:element ref="MobileNetworkRadioEncryption"/> + <xs:element ref="MobileNetworkEndToEndEncryption"/> + <xs:element ref="WTLS"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="OperationalProtectionType"> + <xs:complexContent> + <xs:restriction base="OperationalProtectionType"> + <xs:sequence> + <xs:element ref="SecurityAudit"/> + <xs:element ref="DeactivationCallCenter"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:complexContent> + <xs:restriction base="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PrivateKeyProtection"/> + <xs:element ref="SecretKeyProtection"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation"/> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecretKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="SecretKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation"/> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyStorageType"> + <xs:complexContent> + <xs:restriction base="KeyStorageType"> + <xs:attribute name="medium" use="required"> + <xs:simpleType> + <xs:restriction base="mediumType"> + <xs:enumeration value="MobileDevice"/> + <xs:enumeration value="MobileAuthCard"/> + <xs:enumeration value="smartcard"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecurityAuditType"> + <xs:complexContent> + <xs:restriction base="SecurityAuditType"> + <xs:sequence> + <xs:element ref="SwitchAudit"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="IdentificationType"> + <xs:complexContent> + <xs:restriction base="IdentificationType"> + <xs:sequence> + <xs:element ref="PhysicalVerification"/> + <xs:element ref="WrittenConsent"/> + <xs:element ref="GoverningAgreements"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="nym"> + <xs:simpleType> + <xs:restriction base="nymType"> + <xs:enumeration value="anonymity"/> + <xs:enumeration value="verinymity"/> + <xs:enumeration value="pseudonymity"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-mobiletwofactor-unreg-2.0.xsd b/schemas/saml-schema-authn-context-mobiletwofactor-unreg-2.0.xsd index 714e0fd93..1a4578cd8 100644 --- a/schemas/saml-schema-authn-context-mobiletwofactor-unreg-2.0.xsd +++ b/schemas/saml-schema-authn-context-mobiletwofactor-unreg-2.0.xsd @@ -1,200 +1,200 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered - Document identifier: saml-schema-authn-context-mobiletwofactor-unreg-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="DigSig"/> - <xs:element ref="ZeroKnowledge"/> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - <xs:element ref="ComplexAuthenticator"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="ComplexAuthenticatorType"> - <xs:complexContent> - <xs:restriction base="ComplexAuthenticatorType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - </xs:choice> - <xs:element ref="Password"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SSL"/> - <xs:element ref="MobileNetworkNoEncryption"/> - <xs:element ref="MobileNetworkRadioEncryption"/> - <xs:element ref="MobileNetworkEndToEndEncryption"/> - <xs:element ref="WTLS"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="OperationalProtectionType"> - <xs:complexContent> - <xs:restriction base="OperationalProtectionType"> - <xs:sequence> - <xs:element ref="SecurityAudit"/> - <xs:element ref="DeactivationCallCenter"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:complexContent> - <xs:restriction base="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PrivateKeyProtection"/> - <xs:element ref="SecretKeyProtection"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation"/> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecretKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="SecretKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation"/> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyStorageType"> - <xs:complexContent> - <xs:restriction base="KeyStorageType"> - <xs:attribute name="medium" use="required"> - <xs:simpleType> - <xs:restriction base="mediumType"> - <xs:enumeration value="MobileDevice"/> - <xs:enumeration value="MobileAuthCard"/> - <xs:enumeration value="smartcard"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SecurityAuditType"> - <xs:complexContent> - <xs:restriction base="SecurityAuditType"> - <xs:sequence> - <xs:element ref="SwitchAudit"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="IdentificationType"> - <xs:complexContent> - <xs:restriction base="IdentificationType"> - <xs:sequence> - <xs:element ref="GoverningAgreements"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="nym"> - <xs:simpleType> - <xs:restriction base="nymType"> - <xs:enumeration value="anonymity"/> - <xs:enumeration value="pseudonymity"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered + Document identifier: saml-schema-authn-context-mobiletwofactor-unreg-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="DigSig"/> + <xs:element ref="ZeroKnowledge"/> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + <xs:element ref="ComplexAuthenticator"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="ComplexAuthenticatorType"> + <xs:complexContent> + <xs:restriction base="ComplexAuthenticatorType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + </xs:choice> + <xs:element ref="Password"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SSL"/> + <xs:element ref="MobileNetworkNoEncryption"/> + <xs:element ref="MobileNetworkRadioEncryption"/> + <xs:element ref="MobileNetworkEndToEndEncryption"/> + <xs:element ref="WTLS"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="OperationalProtectionType"> + <xs:complexContent> + <xs:restriction base="OperationalProtectionType"> + <xs:sequence> + <xs:element ref="SecurityAudit"/> + <xs:element ref="DeactivationCallCenter"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:complexContent> + <xs:restriction base="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PrivateKeyProtection"/> + <xs:element ref="SecretKeyProtection"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation"/> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecretKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="SecretKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation"/> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyStorageType"> + <xs:complexContent> + <xs:restriction base="KeyStorageType"> + <xs:attribute name="medium" use="required"> + <xs:simpleType> + <xs:restriction base="mediumType"> + <xs:enumeration value="MobileDevice"/> + <xs:enumeration value="MobileAuthCard"/> + <xs:enumeration value="smartcard"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SecurityAuditType"> + <xs:complexContent> + <xs:restriction base="SecurityAuditType"> + <xs:sequence> + <xs:element ref="SwitchAudit"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="IdentificationType"> + <xs:complexContent> + <xs:restriction base="IdentificationType"> + <xs:sequence> + <xs:element ref="GoverningAgreements"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="nym"> + <xs:simpleType> + <xs:restriction base="nymType"> + <xs:enumeration value="anonymity"/> + <xs:enumeration value="pseudonymity"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-nomad-telephony-2.0.xsd b/schemas/saml-schema-authn-context-nomad-telephony-2.0.xsd index c9065145d..0eb861f93 100644 --- a/schemas/saml-schema-authn-context-nomad-telephony-2.0.xsd +++ b/schemas/saml-schema-authn-context-nomad-telephony-2.0.xsd @@ -1,81 +1,81 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony - Document identifier: saml-schema-authn-context-nomad-telephony-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="Password"/> - <xs:element ref="SubscriberLineNumber"/> - <xs:element ref="UserSuffix"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PSTN"/> - <xs:element ref="ISDN"/> - <xs:element ref="ADSL"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony + Document identifier: saml-schema-authn-context-nomad-telephony-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="Password"/> + <xs:element ref="SubscriberLineNumber"/> + <xs:element ref="UserSuffix"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PSTN"/> + <xs:element ref="ISDN"/> + <xs:element ref="ADSL"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-personal-telephony-2.0.xsd b/schemas/saml-schema-authn-context-personal-telephony-2.0.xsd index bdb0f72b1..a9eebf425 100644 --- a/schemas/saml-schema-authn-context-personal-telephony-2.0.xsd +++ b/schemas/saml-schema-authn-context-personal-telephony-2.0.xsd @@ -1,80 +1,80 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony - Document identifier: saml-schema-authn-context-personal-telephony-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="SubscriberLineNumber"/> - <xs:element ref="UserSuffix"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PSTN"/> - <xs:element ref="ISDN"/> - <xs:element ref="ADSL"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony + Document identifier: saml-schema-authn-context-personal-telephony-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="SubscriberLineNumber"/> + <xs:element ref="UserSuffix"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PSTN"/> + <xs:element ref="ISDN"/> + <xs:element ref="ADSL"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-pgp-2.0.xsd b/schemas/saml-schema-authn-context-pgp-2.0.xsd index cbff52aea..74c73c1c2 100644 --- a/schemas/saml-schema-authn-context-pgp-2.0.xsd +++ b/schemas/saml-schema-authn-context-pgp-2.0.xsd @@ -1,83 +1,83 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PGP - Document identifier: saml-schema-authn-context-pgp-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="DigSig"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PublicKeyType"> - <xs:complexContent> - <xs:restriction base="PublicKeyType"> - <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PGP + Document identifier: saml-schema-authn-context-pgp-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="DigSig"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PublicKeyType"> + <xs:complexContent> + <xs:restriction base="PublicKeyType"> + <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-ppt-2.0.xsd b/schemas/saml-schema-authn-context-ppt-2.0.xsd index a0d9bcb63..257296541 100644 --- a/schemas/saml-schema-authn-context-ppt-2.0.xsd +++ b/schemas/saml-schema-authn-context-ppt-2.0.xsd @@ -1,81 +1,81 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport - Document identifier: saml-schema-authn-context-ppt-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SSL"/> - <xs:element ref="MobileNetworkRadioEncryption"/> - <xs:element ref="MobileNetworkEndToEndEncryption"/> - <xs:element ref="WTLS"/> - <xs:element ref="IPSec"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + Document identifier: saml-schema-authn-context-ppt-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SSL"/> + <xs:element ref="MobileNetworkRadioEncryption"/> + <xs:element ref="MobileNetworkEndToEndEncryption"/> + <xs:element ref="WTLS"/> + <xs:element ref="IPSec"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-pword-2.0.xsd b/schemas/saml-schema-authn-context-pword-2.0.xsd index 7c98cdd20..0c18a42c8 100644 --- a/schemas/saml-schema-authn-context-pword-2.0.xsd +++ b/schemas/saml-schema-authn-context-pword-2.0.xsd @@ -1,64 +1,64 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Password - Document identifier: saml-schema-authn-context-pword-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Password + Document identifier: saml-schema-authn-context-pword-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-session-2.0.xsd b/schemas/saml-schema-authn-context-session-2.0.xsd index c7340bf80..77ef000ac 100644 --- a/schemas/saml-schema-authn-context-session-2.0.xsd +++ b/schemas/saml-schema-authn-context-session-2.0.xsd @@ -1,64 +1,64 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession - Document identifier: saml-schema-authn-context-session-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="PreviousSession"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession + Document identifier: saml-schema-authn-context-session-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="PreviousSession"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-smartcard-2.0.xsd b/schemas/saml-schema-authn-context-smartcard-2.0.xsd index 64a7479a0..1bd084a41 100644 --- a/schemas/saml-schema-authn-context-smartcard-2.0.xsd +++ b/schemas/saml-schema-authn-context-smartcard-2.0.xsd @@ -1,64 +1,64 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard - Document identifier: saml-schema-authn-context-smartcard-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="Smartcard"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard + Document identifier: saml-schema-authn-context-smartcard-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="Smartcard"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-smartcardpki-2.0.xsd b/schemas/saml-schema-authn-context-smartcardpki-2.0.xsd index bb6474d4c..0508d4d5d 100644 --- a/schemas/saml-schema-authn-context-smartcardpki-2.0.xsd +++ b/schemas/saml-schema-authn-context-smartcardpki-2.0.xsd @@ -1,129 +1,129 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI - Document identifier: saml-schema-authn-context-smartcardpki-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:complexContent> - <xs:restriction base="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PrivateKeyProtection"/> - </xs:choice> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="Smartcard"/> - <xs:element ref="ActivationPin"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="DigSig"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation"/> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyActivationType"> - <xs:complexContent> - <xs:restriction base="KeyActivationType"> - <xs:sequence> - <xs:element ref="ActivationPin"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyStorageType"> - <xs:complexContent> - <xs:restriction base="KeyStorageType"> - <xs:attribute name="medium" use="required"> - <xs:simpleType> - <xs:restriction base="mediumType"> - <xs:enumeration value="smartcard"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI + Document identifier: saml-schema-authn-context-smartcardpki-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:complexContent> + <xs:restriction base="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PrivateKeyProtection"/> + </xs:choice> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="Smartcard"/> + <xs:element ref="ActivationPin"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="DigSig"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation"/> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyActivationType"> + <xs:complexContent> + <xs:restriction base="KeyActivationType"> + <xs:sequence> + <xs:element ref="ActivationPin"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyStorageType"> + <xs:complexContent> + <xs:restriction base="KeyStorageType"> + <xs:attribute name="medium" use="required"> + <xs:simpleType> + <xs:restriction base="mediumType"> + <xs:enumeration value="smartcard"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-softwarepki-2.0.xsd b/schemas/saml-schema-authn-context-softwarepki-2.0.xsd index 2054a816a..5c41a2f24 100644 --- a/schemas/saml-schema-authn-context-softwarepki-2.0.xsd +++ b/schemas/saml-schema-authn-context-softwarepki-2.0.xsd @@ -1,129 +1,129 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI - Document identifier: saml-schema-authn-context-softwarepki-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:complexContent> - <xs:restriction base="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PrivateKeyProtection"/> - </xs:choice> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="ActivationPin"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:choice> - <xs:element ref="DigSig"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:complexContent> - <xs:restriction base="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation"/> - <xs:element ref="KeyStorage"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyActivationType"> - <xs:complexContent> - <xs:restriction base="KeyActivationType"> - <xs:sequence> - <xs:element ref="ActivationPin"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="KeyStorageType"> - <xs:complexContent> - <xs:restriction base="KeyStorageType"> - <xs:attribute name="medium" use="required"> - <xs:simpleType> - <xs:restriction base="mediumType"> - <xs:enumeration value="memory"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI + Document identifier: saml-schema-authn-context-softwarepki-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:complexContent> + <xs:restriction base="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PrivateKeyProtection"/> + </xs:choice> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="ActivationPin"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:choice> + <xs:element ref="DigSig"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:complexContent> + <xs:restriction base="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation"/> + <xs:element ref="KeyStorage"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyActivationType"> + <xs:complexContent> + <xs:restriction base="KeyActivationType"> + <xs:sequence> + <xs:element ref="ActivationPin"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="KeyStorageType"> + <xs:complexContent> + <xs:restriction base="KeyStorageType"> + <xs:attribute name="medium" use="required"> + <xs:simpleType> + <xs:restriction base="mediumType"> + <xs:enumeration value="memory"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-spki-2.0.xsd b/schemas/saml-schema-authn-context-spki-2.0.xsd index 698c7c6cf..ce57d7957 100644 --- a/schemas/saml-schema-authn-context-spki-2.0.xsd +++ b/schemas/saml-schema-authn-context-spki-2.0.xsd @@ -1,83 +1,83 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI - Document identifier: saml-schema-authn-context-spki-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="DigSig"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PublicKeyType"> - <xs:complexContent> - <xs:restriction base="PublicKeyType"> - <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI + Document identifier: saml-schema-authn-context-spki-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="DigSig"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PublicKeyType"> + <xs:complexContent> + <xs:restriction base="PublicKeyType"> + <xs:attribute name="keyValidation" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-srp-2.0.xsd b/schemas/saml-schema-authn-context-srp-2.0.xsd index 07c6ae479..9051dd5ab 100644 --- a/schemas/saml-schema-authn-context-srp-2.0.xsd +++ b/schemas/saml-schema-authn-context-srp-2.0.xsd @@ -1,82 +1,82 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword - Document identifier: saml-schema-authn-context-srp-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="SharedSecretChallengeResponse"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="SharedSecretChallengeResponseType"> - <xs:complexContent> - <xs:restriction base="SharedSecretChallengeResponseType"> - <xs:attribute name="method" type="xs:anyURI" fixed="urn:ietf:rfc:2945"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword + Document identifier: saml-schema-authn-context-srp-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="SharedSecretChallengeResponse"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="SharedSecretChallengeResponseType"> + <xs:complexContent> + <xs:restriction base="SharedSecretChallengeResponseType"> + <xs:attribute name="method" type="xs:anyURI" fixed="urn:ietf:rfc:2945"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-sslcert-2.0.xsd b/schemas/saml-schema-authn-context-sslcert-2.0.xsd index 88a4f1783..723103b00 100644 --- a/schemas/saml-schema-authn-context-sslcert-2.0.xsd +++ b/schemas/saml-schema-authn-context-sslcert-2.0.xsd @@ -1,97 +1,97 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient - Document identifier: saml-schema-authn-context-sslcert-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="DigSig"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PublicKeyType"> - <xs:complexContent> - <xs:restriction base="PublicKeyType"> - <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="SSL"/> - <xs:element ref="WTLS"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient + Document identifier: saml-schema-authn-context-sslcert-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="DigSig"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PublicKeyType"> + <xs:complexContent> + <xs:restriction base="PublicKeyType"> + <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="SSL"/> + <xs:element ref="WTLS"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-telephony-2.0.xsd b/schemas/saml-schema-authn-context-telephony-2.0.xsd index e4906c525..15ff75313 100644 --- a/schemas/saml-schema-authn-context-telephony-2.0.xsd +++ b/schemas/saml-schema-authn-context-telephony-2.0.xsd @@ -1,79 +1,79 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony - Document identifier: saml-schema-authn-context-telephony-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="SubscriberLineNumber"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice> - <xs:element ref="PSTN"/> - <xs:element ref="ISDN"/> - <xs:element ref="ADSL"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony + Document identifier: saml-schema-authn-context-telephony-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="SubscriberLineNumber"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice> + <xs:element ref="PSTN"/> + <xs:element ref="ISDN"/> + <xs:element ref="ADSL"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + </xs:schema> \ No newline at end of file diff --git a/schemas/saml-schema-authn-context-timesync-2.0.xsd b/schemas/saml-schema-authn-context-timesync-2.0.xsd index 53b425fc8..afc92f398 100644 --- a/schemas/saml-schema-authn-context-timesync-2.0.xsd +++ b/schemas/saml-schema-authn-context-timesync-2.0.xsd @@ -1,105 +1,105 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken - Document identifier: saml-schema-authn-context-timesync-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="Token"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TokenType"> - <xs:complexContent> - <xs:restriction base="TokenType"> - <xs:sequence> - <xs:element ref="TimeSyncToken"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="TimeSyncTokenType"> - <xs:complexContent> - <xs:restriction base="TimeSyncTokenType"> - <xs:attribute name="DeviceType" use="required"> - <xs:simpleType> - <xs:restriction base="DeviceTypeType"> - <xs:enumeration value="hardware"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - - <xs:attribute name="SeedLength" use="required"> - <xs:simpleType> - <xs:restriction base="xs:integer"> - <xs:minInclusive value="64"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - - <xs:attribute name="DeviceInHand" use="required"> - <xs:simpleType> - <xs:restriction base="booleanType"> - <xs:enumeration value="true"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken + Document identifier: saml-schema-authn-context-timesync-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="Token"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TokenType"> + <xs:complexContent> + <xs:restriction base="TokenType"> + <xs:sequence> + <xs:element ref="TimeSyncToken"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="TimeSyncTokenType"> + <xs:complexContent> + <xs:restriction base="TimeSyncTokenType"> + <xs:attribute name="DeviceType" use="required"> + <xs:simpleType> + <xs:restriction base="DeviceTypeType"> + <xs:enumeration value="hardware"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + + <xs:attribute name="SeedLength" use="required"> + <xs:simpleType> + <xs:restriction base="xs:integer"> + <xs:minInclusive value="64"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + + <xs:attribute name="DeviceInHand" use="required"> + <xs:simpleType> + <xs:restriction base="booleanType"> + <xs:enumeration value="true"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-types-2.0.xsd b/schemas/saml-schema-authn-context-types-2.0.xsd index 6ae1875e4..8513959a5 100644 --- a/schemas/saml-schema-authn-context-types-2.0.xsd +++ b/schemas/saml-schema-authn-context-types-2.0.xsd @@ -1,821 +1,821 @@ -<?xml version="1.0" encoding="UTF-8"?> -<xs:schema - xmlns:xs="http://www.w3.org/2001/XMLSchema" - elementFormDefault="qualified" - version="2.0"> - - <xs:annotation> - <xs:documentation> - Document identifier: saml-schema-authn-context-types-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New core authentication context schema types for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType"> - <xs:annotation> - <xs:documentation> - A particular assertion on an identity - provider's part with respect to the authentication - context associated with an authentication assertion. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="Identification" type="IdentificationType"> - <xs:annotation> - <xs:documentation> - Refers to those characteristics that describe the - processes and mechanisms - the Authentication Authority uses to initially create - an association between a Principal - and the identity (or name) by which the Principal will - be known - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="PhysicalVerification"> - <xs:annotation> - <xs:documentation> - This element indicates that identification has been - performed in a physical - face-to-face meeting with the principal and not in an - online manner. - </xs:documentation> - </xs:annotation> - <xs:complexType> - <xs:attribute name="credentialLevel"> - <xs:simpleType> - <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="primary"/> - <xs:enumeration value="secondary"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:complexType> - </xs:element> - - <xs:element name="WrittenConsent" type="ExtensionOnlyType"/> - - <xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType"> - <xs:annotation> - <xs:documentation> - Refers to those characterstics that describe how the - 'secret' (the knowledge or possession - of which allows the Principal to authenticate to the - Authentication Authority) is kept secure - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="SecretKeyProtection" type="SecretKeyProtectionType"> - <xs:annotation> - <xs:documentation> - This element indicates the types and strengths of - facilities - of a UA used to protect a shared secret key from - unauthorized access and/or use. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType"> - <xs:annotation> - <xs:documentation> - This element indicates the types and strengths of - facilities - of a UA used to protect a private key from - unauthorized access and/or use. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="KeyActivation" type="KeyActivationType"> - <xs:annotation> - <xs:documentation>The actions that must be performed - before the private key can be used. </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="KeySharing" type="KeySharingType"> - <xs:annotation> - <xs:documentation>Whether or not the private key is shared - with the certificate authority.</xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="KeyStorage" type="KeyStorageType"> - <xs:annotation> - <xs:documentation> - In which medium is the key stored. - memory - the key is stored in memory. - smartcard - the key is stored in a smartcard. - token - the key is stored in a hardware token. - MobileDevice - the key is stored in a mobile device. - MobileAuthCard - the key is stored in a mobile - authentication card. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/> - <xs:element name="UserSuffix" type="ExtensionOnlyType"/> - - <xs:element name="Password" type="PasswordType"> - <xs:annotation> - <xs:documentation> - This element indicates that a password (or passphrase) - has been used to - authenticate the Principal to a remote system. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ActivationPin" type="ActivationPinType"> - <xs:annotation> - <xs:documentation> - This element indicates that a Pin (Personal - Identification Number) has been used to authenticate the Principal to - some local system in order to activate a key. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="Token" type="TokenType"> - <xs:annotation> - <xs:documentation> - This element indicates that a hardware or software - token is used - as a method of identifying the Principal. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="TimeSyncToken" type="TimeSyncTokenType"> - <xs:annotation> - <xs:documentation> - This element indicates that a time synchronization - token is used to identify the Principal. hardware - - the time synchonization - token has been implemented in hardware. software - the - time synchronization - token has been implemented in software. SeedLength - - the length, in bits, of the - random seed used in the time synchronization token. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="Smartcard" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that a smartcard is used to - identity the Principal. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="Length" type="LengthType"> - <xs:annotation> - <xs:documentation> - This element indicates the minimum and/or maximum - ASCII length of the password which is enforced (by the UA or the - IdP). In other words, this is the minimum and/or maximum number of - ASCII characters required to represent a valid password. - min - the minimum number of ASCII characters required - in a valid password, as enforced by the UA or the IdP. - max - the maximum number of ASCII characters required - in a valid password, as enforced by the UA or the IdP. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ActivationLimit" type="ActivationLimitType"> - <xs:annotation> - <xs:documentation> - This element indicates the length of time for which an - PIN-based authentication is valid. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="Generation"> - <xs:annotation> - <xs:documentation> - Indicates whether the password was chosen by the - Principal or auto-supplied by the Authentication Authority. - principalchosen - the Principal is allowed to choose - the value of the password. This is true even if - the initial password is chosen at random by the UA or - the IdP and the Principal is then free to change - the password. - automatic - the password is chosen by the UA or the - IdP to be cryptographically strong in some sense, - or to satisfy certain password rules, and that the - Principal is not free to change it or to choose a new password. - </xs:documentation> - </xs:annotation> - - <xs:complexType> - <xs:attribute name="mechanism" use="required"> - <xs:simpleType> - <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="principalchosen"/> - <xs:enumeration value="automatic"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - </xs:complexType> - </xs:element> - - <xs:element name="AuthnMethod" type="AuthnMethodBaseType"> - <xs:annotation> - <xs:documentation> - Refers to those characteristics that define the - mechanisms by which the Principal authenticates to the Authentication - Authority. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType"> - <xs:annotation> - <xs:documentation> - The method that a Principal employs to perform - authentication to local system components. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="Authenticator" type="AuthenticatorBaseType"> - <xs:annotation> - <xs:documentation> - The method applied to validate a principal's - authentication across a network - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType"> - <xs:annotation> - <xs:documentation> - Supports Authenticators with nested combinations of - additional complexity. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="PreviousSession" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - Indicates that the Principal has been strongly - authenticated in a previous session during which the IdP has set a - cookie in the UA. During the present session the Principal has only - been authenticated by the UA returning the cookie to the IdP. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ResumeSession" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - Rather like PreviousSession but using stronger - security. A secret that was established in a previous session with - the Authentication Authority has been cached by the local system and - is now re-used (e.g. a Master Secret is used to derive new session - keys in TLS, SSL, WTLS). - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ZeroKnowledge" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Principal has been - authenticated by a zero knowledge technique as specified in ISO/IEC - 9798-5. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/> - - <xs:complexType name="SharedSecretChallengeResponseType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Principal has been - authenticated by a challenge-response protocol utilizing shared secret - keys and symmetric cryptography. - </xs:documentation> - </xs:annotation> - <xs:sequence> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="method" type="xs:anyURI" use="optional"/> - </xs:complexType> - - <xs:element name="DigSig" type="PublicKeyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Principal has been - authenticated by a mechanism which involves the Principal computing a - digital signature over at least challenge data provided by the IdP. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="AsymmetricDecryption" type="PublicKeyType"> - <xs:annotation> - <xs:documentation> - The local system has a private key but it is used - in decryption mode, rather than signature mode. For example, the - Authentication Authority generates a secret and encrypts it using the - local system's public key: the local system then proves it has - decrypted the secret. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="AsymmetricKeyAgreement" type="PublicKeyType"> - <xs:annotation> - <xs:documentation> - The local system has a private key and uses it for - shared secret key agreement with the Authentication Authority (e.g. - via Diffie Helman). - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:complexType name="PublicKeyType"> - <xs:sequence> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="keyValidation" use="optional"/> - </xs:complexType> - - <xs:element name="IPAddress" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Principal has been - authenticated through connection from a particular IP address. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - The local system and Authentication Authority - share a secret key. The local system uses this to encrypt a - randomised string to pass to the Authentication Authority. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType"> - <xs:annotation> - <xs:documentation> - The protocol across which Authenticator information is - transferred to an Authentication Authority verifier. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="HTTP" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Authenticator has been - transmitted using bare HTTP utilizing no additional security - protocols. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="IPSec" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Authenticator has been - transmitted using a transport mechanism protected by an IPSEC session. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="WTLS" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Authenticator has been - transmitted using a transport mechanism protected by a WTLS session. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Authenticator has been - transmitted solely across a mobile network using no additional - security mechanism. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/> - <xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/> - - <xs:element name="SSL" type="ExtensionOnlyType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Authenticator has been - transmitted using a transport mechnanism protected by an SSL or TLS - session. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="PSTN" type="ExtensionOnlyType"/> - <xs:element name="ISDN" type="ExtensionOnlyType"/> - <xs:element name="ADSL" type="ExtensionOnlyType"/> - - <xs:element name="OperationalProtection" type="OperationalProtectionType"> - <xs:annotation> - <xs:documentation> - Refers to those characteristics that describe - procedural security controls employed by the Authentication Authority. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="SecurityAudit" type="SecurityAuditType"/> - <xs:element name="SwitchAudit" type="ExtensionOnlyType"/> - <xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/> - - <xs:element name="GoverningAgreements" type="GoverningAgreementsType"> - <xs:annotation> - <xs:documentation> - Provides a mechanism for linking to external (likely - human readable) documents in which additional business agreements, - (e.g. liability constraints, obligations, etc) can be placed. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/> - - <xs:simpleType name="nymType"> - <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="anonymity"/> - <xs:enumeration value="verinymity"/> - <xs:enumeration value="pseudonymity"/> - </xs:restriction> - </xs:simpleType> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod" minOccurs="0"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:complexType> - - <xs:complexType name="IdentificationType"> - <xs:sequence> - <xs:element ref="PhysicalVerification" minOccurs="0"/> - <xs:element ref="WrittenConsent" minOccurs="0"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="nym" type="nymType"> - <xs:annotation> - <xs:documentation> - This attribute indicates whether or not the - Identification mechanisms allow the actions of the Principal to be - linked to an actual end user. - </xs:documentation> - </xs:annotation> - </xs:attribute> - </xs:complexType> - - <xs:complexType name="TechnicalProtectionBaseType"> - <xs:sequence> - <xs:choice minOccurs="0"> - <xs:element ref="PrivateKeyProtection"/> - <xs:element ref="SecretKeyProtection"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="OperationalProtectionType"> - <xs:sequence> - <xs:element ref="SecurityAudit" minOccurs="0"/> - <xs:element ref="DeactivationCallCenter" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> - <xs:element ref="Authenticator" minOccurs="0"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="GoverningAgreementsType"> - <xs:sequence> - <xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="GoverningAgreementRefType"> - <xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="Password" minOccurs="0"/> - <xs:element ref="RestrictedPassword" minOccurs="0"/> - <xs:element ref="Token" minOccurs="0"/> - <xs:element ref="Smartcard" minOccurs="0"/> - <xs:element ref="ActivationPin" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:complexType> - - <xs:group name="AuthenticatorChoiceGroup"> - <xs:choice> - <xs:element ref="PreviousSession"/> - <xs:element ref="ResumeSession"/> - <xs:element ref="DigSig"/> - <xs:element ref="Password"/> - <xs:element ref="RestrictedPassword"/> - <xs:element ref="ZeroKnowledge"/> - <xs:element ref="SharedSecretChallengeResponse"/> - <xs:element ref="SharedSecretDynamicPlaintext"/> - <xs:element ref="IPAddress"/> - <xs:element ref="AsymmetricDecryption"/> - <xs:element ref="AsymmetricKeyAgreement"/> - <xs:element ref="SubscriberLineNumber"/> - <xs:element ref="UserSuffix"/> - <xs:element ref="ComplexAuthenticator"/> - </xs:choice> - </xs:group> - - <xs:group name="AuthenticatorSequenceGroup"> - <xs:sequence> - <xs:element ref="PreviousSession" minOccurs="0"/> - <xs:element ref="ResumeSession" minOccurs="0"/> - <xs:element ref="DigSig" minOccurs="0"/> - <xs:element ref="Password" minOccurs="0"/> - <xs:element ref="RestrictedPassword" minOccurs="0"/> - <xs:element ref="ZeroKnowledge" minOccurs="0"/> - <xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/> - <xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/> - <xs:element ref="IPAddress" minOccurs="0"/> - <xs:element ref="AsymmetricDecryption" minOccurs="0"/> - <xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/> - <xs:element ref="SubscriberLineNumber" minOccurs="0"/> - <xs:element ref="UserSuffix" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:group> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:sequence> - <xs:group ref="AuthenticatorChoiceGroup"/> - <xs:group ref="AuthenticatorSequenceGroup"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="ComplexAuthenticatorType"> - <xs:sequence> - <xs:group ref="AuthenticatorChoiceGroup"/> - <xs:group ref="AuthenticatorSequenceGroup"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="AuthenticatorTransportProtocolType"> - <xs:sequence> - <xs:choice minOccurs="0"> - <xs:element ref="HTTP"/> - <xs:element ref="SSL"/> - <xs:element ref="MobileNetworkNoEncryption"/> - <xs:element ref="MobileNetworkRadioEncryption"/> - <xs:element ref="MobileNetworkEndToEndEncryption"/> - <xs:element ref="WTLS"/> - <xs:element ref="IPSec"/> - <xs:element ref="PSTN"/> - <xs:element ref="ISDN"/> - <xs:element ref="ADSL"/> - </xs:choice> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="KeyActivationType"> - <xs:sequence> - <xs:element ref="ActivationPin" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="KeySharingType"> - <xs:attribute name="sharing" type="xs:boolean" use="required"/> - </xs:complexType> - - <xs:complexType name="PrivateKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation" minOccurs="0"/> - <xs:element ref="KeyStorage" minOccurs="0"/> - <xs:element ref="KeySharing" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="PasswordType"> - <xs:sequence> - <xs:element ref="Length" minOccurs="0"/> - <xs:element ref="Alphabet" minOccurs="0"/> - <xs:element ref="Generation" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/> - </xs:complexType> - - <xs:element name="RestrictedPassword" type="RestrictedPasswordType"/> - - <xs:complexType name="RestrictedPasswordType"> - <xs:complexContent> - <xs:restriction base="PasswordType"> - <xs:sequence> - <xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/> - <xs:element ref="Generation" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="RestrictedLengthType"> - <xs:complexContent> - <xs:restriction base="LengthType"> - <xs:attribute name="min" use="required"> - <xs:simpleType> - <xs:restriction base="xs:integer"> - <xs:minInclusive value="3"/> - </xs:restriction> - </xs:simpleType> - </xs:attribute> - <xs:attribute name="max" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="ActivationPinType"> - <xs:sequence> - <xs:element ref="Length" minOccurs="0"/> - <xs:element ref="Alphabet" minOccurs="0"/> - <xs:element ref="Generation" minOccurs="0"/> - <xs:element ref="ActivationLimit" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:element name="Alphabet" type="AlphabetType"/> - <xs:complexType name="AlphabetType"> - <xs:attribute name="requiredChars" type="xs:string" use="required"/> - <xs:attribute name="excludedChars" type="xs:string" use="optional"/> - <xs:attribute name="case" type="xs:string" use="optional"/> - </xs:complexType> - - <xs:complexType name="TokenType"> - <xs:sequence> - <xs:element ref="TimeSyncToken"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:simpleType name="DeviceTypeType"> - <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="hardware"/> - <xs:enumeration value="software"/> - </xs:restriction> - </xs:simpleType> - - <xs:simpleType name="booleanType"> - <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="true"/> - <xs:enumeration value="false"/> - </xs:restriction> - </xs:simpleType> - - <xs:complexType name="TimeSyncTokenType"> - <xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/> - <xs:attribute name="SeedLength" type="xs:integer" use="required"/> - <xs:attribute name="DeviceInHand" type="booleanType" use="required"/> - </xs:complexType> - - <xs:complexType name="ActivationLimitType"> - <xs:choice> - <xs:element ref="ActivationLimitDuration"/> - <xs:element ref="ActivationLimitUsages"/> - <xs:element ref="ActivationLimitSession"/> - </xs:choice> - </xs:complexType> - - <xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Key Activation Limit is - defined as a specific duration of time. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Key Activation Limit is - defined as a number of usages. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:element name="ActivationLimitSession" type="ActivationLimitSessionType"> - <xs:annotation> - <xs:documentation> - This element indicates that the Key Activation Limit is - the session. - </xs:documentation> - </xs:annotation> - </xs:element> - - <xs:complexType name="ActivationLimitDurationType"> - <xs:attribute name="duration" type="xs:duration" use="required"/> - </xs:complexType> - - <xs:complexType name="ActivationLimitUsagesType"> - <xs:attribute name="number" type="xs:integer" use="required"/> - </xs:complexType> - - <xs:complexType name="ActivationLimitSessionType"/> - - <xs:complexType name="LengthType"> - <xs:attribute name="min" type="xs:integer" use="required"/> - <xs:attribute name="max" type="xs:integer" use="optional"/> - </xs:complexType> - - <xs:simpleType name="mediumType"> - <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="memory"/> - <xs:enumeration value="smartcard"/> - <xs:enumeration value="token"/> - <xs:enumeration value="MobileDevice"/> - <xs:enumeration value="MobileAuthCard"/> - </xs:restriction> - </xs:simpleType> - - <xs:complexType name="KeyStorageType"> - <xs:attribute name="medium" type="mediumType" use="required"/> - </xs:complexType> - - <xs:complexType name="SecretKeyProtectionType"> - <xs:sequence> - <xs:element ref="KeyActivation" minOccurs="0"/> - <xs:element ref="KeyStorage" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="SecurityAuditType"> - <xs:sequence> - <xs:element ref="SwitchAudit" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:complexType name="ExtensionOnlyType"> - <xs:sequence> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - - <xs:element name="Extension" type="ExtensionType"/> - - <xs:complexType name="ExtensionType"> - <xs:sequence> - <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + elementFormDefault="qualified" + version="2.0"> + + <xs:annotation> + <xs:documentation> + Document identifier: saml-schema-authn-context-types-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New core authentication context schema types for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType"> + <xs:annotation> + <xs:documentation> + A particular assertion on an identity + provider's part with respect to the authentication + context associated with an authentication assertion. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="Identification" type="IdentificationType"> + <xs:annotation> + <xs:documentation> + Refers to those characteristics that describe the + processes and mechanisms + the Authentication Authority uses to initially create + an association between a Principal + and the identity (or name) by which the Principal will + be known + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="PhysicalVerification"> + <xs:annotation> + <xs:documentation> + This element indicates that identification has been + performed in a physical + face-to-face meeting with the principal and not in an + online manner. + </xs:documentation> + </xs:annotation> + <xs:complexType> + <xs:attribute name="credentialLevel"> + <xs:simpleType> + <xs:restriction base="xs:NMTOKEN"> + <xs:enumeration value="primary"/> + <xs:enumeration value="secondary"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:complexType> + </xs:element> + + <xs:element name="WrittenConsent" type="ExtensionOnlyType"/> + + <xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType"> + <xs:annotation> + <xs:documentation> + Refers to those characterstics that describe how the + 'secret' (the knowledge or possession + of which allows the Principal to authenticate to the + Authentication Authority) is kept secure + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="SecretKeyProtection" type="SecretKeyProtectionType"> + <xs:annotation> + <xs:documentation> + This element indicates the types and strengths of + facilities + of a UA used to protect a shared secret key from + unauthorized access and/or use. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType"> + <xs:annotation> + <xs:documentation> + This element indicates the types and strengths of + facilities + of a UA used to protect a private key from + unauthorized access and/or use. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="KeyActivation" type="KeyActivationType"> + <xs:annotation> + <xs:documentation>The actions that must be performed + before the private key can be used. </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="KeySharing" type="KeySharingType"> + <xs:annotation> + <xs:documentation>Whether or not the private key is shared + with the certificate authority.</xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="KeyStorage" type="KeyStorageType"> + <xs:annotation> + <xs:documentation> + In which medium is the key stored. + memory - the key is stored in memory. + smartcard - the key is stored in a smartcard. + token - the key is stored in a hardware token. + MobileDevice - the key is stored in a mobile device. + MobileAuthCard - the key is stored in a mobile + authentication card. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/> + <xs:element name="UserSuffix" type="ExtensionOnlyType"/> + + <xs:element name="Password" type="PasswordType"> + <xs:annotation> + <xs:documentation> + This element indicates that a password (or passphrase) + has been used to + authenticate the Principal to a remote system. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ActivationPin" type="ActivationPinType"> + <xs:annotation> + <xs:documentation> + This element indicates that a Pin (Personal + Identification Number) has been used to authenticate the Principal to + some local system in order to activate a key. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="Token" type="TokenType"> + <xs:annotation> + <xs:documentation> + This element indicates that a hardware or software + token is used + as a method of identifying the Principal. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="TimeSyncToken" type="TimeSyncTokenType"> + <xs:annotation> + <xs:documentation> + This element indicates that a time synchronization + token is used to identify the Principal. hardware - + the time synchonization + token has been implemented in hardware. software - the + time synchronization + token has been implemented in software. SeedLength - + the length, in bits, of the + random seed used in the time synchronization token. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="Smartcard" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that a smartcard is used to + identity the Principal. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="Length" type="LengthType"> + <xs:annotation> + <xs:documentation> + This element indicates the minimum and/or maximum + ASCII length of the password which is enforced (by the UA or the + IdP). In other words, this is the minimum and/or maximum number of + ASCII characters required to represent a valid password. + min - the minimum number of ASCII characters required + in a valid password, as enforced by the UA or the IdP. + max - the maximum number of ASCII characters required + in a valid password, as enforced by the UA or the IdP. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ActivationLimit" type="ActivationLimitType"> + <xs:annotation> + <xs:documentation> + This element indicates the length of time for which an + PIN-based authentication is valid. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="Generation"> + <xs:annotation> + <xs:documentation> + Indicates whether the password was chosen by the + Principal or auto-supplied by the Authentication Authority. + principalchosen - the Principal is allowed to choose + the value of the password. This is true even if + the initial password is chosen at random by the UA or + the IdP and the Principal is then free to change + the password. + automatic - the password is chosen by the UA or the + IdP to be cryptographically strong in some sense, + or to satisfy certain password rules, and that the + Principal is not free to change it or to choose a new password. + </xs:documentation> + </xs:annotation> + + <xs:complexType> + <xs:attribute name="mechanism" use="required"> + <xs:simpleType> + <xs:restriction base="xs:NMTOKEN"> + <xs:enumeration value="principalchosen"/> + <xs:enumeration value="automatic"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + </xs:complexType> + </xs:element> + + <xs:element name="AuthnMethod" type="AuthnMethodBaseType"> + <xs:annotation> + <xs:documentation> + Refers to those characteristics that define the + mechanisms by which the Principal authenticates to the Authentication + Authority. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType"> + <xs:annotation> + <xs:documentation> + The method that a Principal employs to perform + authentication to local system components. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="Authenticator" type="AuthenticatorBaseType"> + <xs:annotation> + <xs:documentation> + The method applied to validate a principal's + authentication across a network + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType"> + <xs:annotation> + <xs:documentation> + Supports Authenticators with nested combinations of + additional complexity. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="PreviousSession" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + Indicates that the Principal has been strongly + authenticated in a previous session during which the IdP has set a + cookie in the UA. During the present session the Principal has only + been authenticated by the UA returning the cookie to the IdP. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ResumeSession" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + Rather like PreviousSession but using stronger + security. A secret that was established in a previous session with + the Authentication Authority has been cached by the local system and + is now re-used (e.g. a Master Secret is used to derive new session + keys in TLS, SSL, WTLS). + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ZeroKnowledge" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Principal has been + authenticated by a zero knowledge technique as specified in ISO/IEC + 9798-5. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/> + + <xs:complexType name="SharedSecretChallengeResponseType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Principal has been + authenticated by a challenge-response protocol utilizing shared secret + keys and symmetric cryptography. + </xs:documentation> + </xs:annotation> + <xs:sequence> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="method" type="xs:anyURI" use="optional"/> + </xs:complexType> + + <xs:element name="DigSig" type="PublicKeyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Principal has been + authenticated by a mechanism which involves the Principal computing a + digital signature over at least challenge data provided by the IdP. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="AsymmetricDecryption" type="PublicKeyType"> + <xs:annotation> + <xs:documentation> + The local system has a private key but it is used + in decryption mode, rather than signature mode. For example, the + Authentication Authority generates a secret and encrypts it using the + local system's public key: the local system then proves it has + decrypted the secret. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="AsymmetricKeyAgreement" type="PublicKeyType"> + <xs:annotation> + <xs:documentation> + The local system has a private key and uses it for + shared secret key agreement with the Authentication Authority (e.g. + via Diffie Helman). + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:complexType name="PublicKeyType"> + <xs:sequence> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="keyValidation" use="optional"/> + </xs:complexType> + + <xs:element name="IPAddress" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Principal has been + authenticated through connection from a particular IP address. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + The local system and Authentication Authority + share a secret key. The local system uses this to encrypt a + randomised string to pass to the Authentication Authority. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType"> + <xs:annotation> + <xs:documentation> + The protocol across which Authenticator information is + transferred to an Authentication Authority verifier. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="HTTP" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Authenticator has been + transmitted using bare HTTP utilizing no additional security + protocols. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="IPSec" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Authenticator has been + transmitted using a transport mechanism protected by an IPSEC session. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="WTLS" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Authenticator has been + transmitted using a transport mechanism protected by a WTLS session. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Authenticator has been + transmitted solely across a mobile network using no additional + security mechanism. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/> + <xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/> + + <xs:element name="SSL" type="ExtensionOnlyType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Authenticator has been + transmitted using a transport mechnanism protected by an SSL or TLS + session. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="PSTN" type="ExtensionOnlyType"/> + <xs:element name="ISDN" type="ExtensionOnlyType"/> + <xs:element name="ADSL" type="ExtensionOnlyType"/> + + <xs:element name="OperationalProtection" type="OperationalProtectionType"> + <xs:annotation> + <xs:documentation> + Refers to those characteristics that describe + procedural security controls employed by the Authentication Authority. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="SecurityAudit" type="SecurityAuditType"/> + <xs:element name="SwitchAudit" type="ExtensionOnlyType"/> + <xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/> + + <xs:element name="GoverningAgreements" type="GoverningAgreementsType"> + <xs:annotation> + <xs:documentation> + Provides a mechanism for linking to external (likely + human readable) documents in which additional business agreements, + (e.g. liability constraints, obligations, etc) can be placed. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/> + + <xs:simpleType name="nymType"> + <xs:restriction base="xs:NMTOKEN"> + <xs:enumeration value="anonymity"/> + <xs:enumeration value="verinymity"/> + <xs:enumeration value="pseudonymity"/> + </xs:restriction> + </xs:simpleType> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod" minOccurs="0"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:complexType> + + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element ref="PhysicalVerification" minOccurs="0"/> + <xs:element ref="WrittenConsent" minOccurs="0"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="nym" type="nymType"> + <xs:annotation> + <xs:documentation> + This attribute indicates whether or not the + Identification mechanisms allow the actions of the Principal to be + linked to an actual end user. + </xs:documentation> + </xs:annotation> + </xs:attribute> + </xs:complexType> + + <xs:complexType name="TechnicalProtectionBaseType"> + <xs:sequence> + <xs:choice minOccurs="0"> + <xs:element ref="PrivateKeyProtection"/> + <xs:element ref="SecretKeyProtection"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="OperationalProtectionType"> + <xs:sequence> + <xs:element ref="SecurityAudit" minOccurs="0"/> + <xs:element ref="DeactivationCallCenter" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/> + <xs:element ref="Authenticator" minOccurs="0"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GoverningAgreementsType"> + <xs:sequence> + <xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GoverningAgreementRefType"> + <xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="Password" minOccurs="0"/> + <xs:element ref="RestrictedPassword" minOccurs="0"/> + <xs:element ref="Token" minOccurs="0"/> + <xs:element ref="Smartcard" minOccurs="0"/> + <xs:element ref="ActivationPin" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:complexType> + + <xs:group name="AuthenticatorChoiceGroup"> + <xs:choice> + <xs:element ref="PreviousSession"/> + <xs:element ref="ResumeSession"/> + <xs:element ref="DigSig"/> + <xs:element ref="Password"/> + <xs:element ref="RestrictedPassword"/> + <xs:element ref="ZeroKnowledge"/> + <xs:element ref="SharedSecretChallengeResponse"/> + <xs:element ref="SharedSecretDynamicPlaintext"/> + <xs:element ref="IPAddress"/> + <xs:element ref="AsymmetricDecryption"/> + <xs:element ref="AsymmetricKeyAgreement"/> + <xs:element ref="SubscriberLineNumber"/> + <xs:element ref="UserSuffix"/> + <xs:element ref="ComplexAuthenticator"/> + </xs:choice> + </xs:group> + + <xs:group name="AuthenticatorSequenceGroup"> + <xs:sequence> + <xs:element ref="PreviousSession" minOccurs="0"/> + <xs:element ref="ResumeSession" minOccurs="0"/> + <xs:element ref="DigSig" minOccurs="0"/> + <xs:element ref="Password" minOccurs="0"/> + <xs:element ref="RestrictedPassword" minOccurs="0"/> + <xs:element ref="ZeroKnowledge" minOccurs="0"/> + <xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/> + <xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/> + <xs:element ref="IPAddress" minOccurs="0"/> + <xs:element ref="AsymmetricDecryption" minOccurs="0"/> + <xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/> + <xs:element ref="SubscriberLineNumber" minOccurs="0"/> + <xs:element ref="UserSuffix" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:group> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:sequence> + <xs:group ref="AuthenticatorChoiceGroup"/> + <xs:group ref="AuthenticatorSequenceGroup"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="ComplexAuthenticatorType"> + <xs:sequence> + <xs:group ref="AuthenticatorChoiceGroup"/> + <xs:group ref="AuthenticatorSequenceGroup"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="AuthenticatorTransportProtocolType"> + <xs:sequence> + <xs:choice minOccurs="0"> + <xs:element ref="HTTP"/> + <xs:element ref="SSL"/> + <xs:element ref="MobileNetworkNoEncryption"/> + <xs:element ref="MobileNetworkRadioEncryption"/> + <xs:element ref="MobileNetworkEndToEndEncryption"/> + <xs:element ref="WTLS"/> + <xs:element ref="IPSec"/> + <xs:element ref="PSTN"/> + <xs:element ref="ISDN"/> + <xs:element ref="ADSL"/> + </xs:choice> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="KeyActivationType"> + <xs:sequence> + <xs:element ref="ActivationPin" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="KeySharingType"> + <xs:attribute name="sharing" type="xs:boolean" use="required"/> + </xs:complexType> + + <xs:complexType name="PrivateKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation" minOccurs="0"/> + <xs:element ref="KeyStorage" minOccurs="0"/> + <xs:element ref="KeySharing" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="PasswordType"> + <xs:sequence> + <xs:element ref="Length" minOccurs="0"/> + <xs:element ref="Alphabet" minOccurs="0"/> + <xs:element ref="Generation" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/> + </xs:complexType> + + <xs:element name="RestrictedPassword" type="RestrictedPasswordType"/> + + <xs:complexType name="RestrictedPasswordType"> + <xs:complexContent> + <xs:restriction base="PasswordType"> + <xs:sequence> + <xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/> + <xs:element ref="Generation" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="RestrictedLengthType"> + <xs:complexContent> + <xs:restriction base="LengthType"> + <xs:attribute name="min" use="required"> + <xs:simpleType> + <xs:restriction base="xs:integer"> + <xs:minInclusive value="3"/> + </xs:restriction> + </xs:simpleType> + </xs:attribute> + <xs:attribute name="max" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="ActivationPinType"> + <xs:sequence> + <xs:element ref="Length" minOccurs="0"/> + <xs:element ref="Alphabet" minOccurs="0"/> + <xs:element ref="Generation" minOccurs="0"/> + <xs:element ref="ActivationLimit" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="Alphabet" type="AlphabetType"/> + <xs:complexType name="AlphabetType"> + <xs:attribute name="requiredChars" type="xs:string" use="required"/> + <xs:attribute name="excludedChars" type="xs:string" use="optional"/> + <xs:attribute name="case" type="xs:string" use="optional"/> + </xs:complexType> + + <xs:complexType name="TokenType"> + <xs:sequence> + <xs:element ref="TimeSyncToken"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:simpleType name="DeviceTypeType"> + <xs:restriction base="xs:NMTOKEN"> + <xs:enumeration value="hardware"/> + <xs:enumeration value="software"/> + </xs:restriction> + </xs:simpleType> + + <xs:simpleType name="booleanType"> + <xs:restriction base="xs:NMTOKEN"> + <xs:enumeration value="true"/> + <xs:enumeration value="false"/> + </xs:restriction> + </xs:simpleType> + + <xs:complexType name="TimeSyncTokenType"> + <xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/> + <xs:attribute name="SeedLength" type="xs:integer" use="required"/> + <xs:attribute name="DeviceInHand" type="booleanType" use="required"/> + </xs:complexType> + + <xs:complexType name="ActivationLimitType"> + <xs:choice> + <xs:element ref="ActivationLimitDuration"/> + <xs:element ref="ActivationLimitUsages"/> + <xs:element ref="ActivationLimitSession"/> + </xs:choice> + </xs:complexType> + + <xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Key Activation Limit is + defined as a specific duration of time. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Key Activation Limit is + defined as a number of usages. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:element name="ActivationLimitSession" type="ActivationLimitSessionType"> + <xs:annotation> + <xs:documentation> + This element indicates that the Key Activation Limit is + the session. + </xs:documentation> + </xs:annotation> + </xs:element> + + <xs:complexType name="ActivationLimitDurationType"> + <xs:attribute name="duration" type="xs:duration" use="required"/> + </xs:complexType> + + <xs:complexType name="ActivationLimitUsagesType"> + <xs:attribute name="number" type="xs:integer" use="required"/> + </xs:complexType> + + <xs:complexType name="ActivationLimitSessionType"/> + + <xs:complexType name="LengthType"> + <xs:attribute name="min" type="xs:integer" use="required"/> + <xs:attribute name="max" type="xs:integer" use="optional"/> + </xs:complexType> + + <xs:simpleType name="mediumType"> + <xs:restriction base="xs:NMTOKEN"> + <xs:enumeration value="memory"/> + <xs:enumeration value="smartcard"/> + <xs:enumeration value="token"/> + <xs:enumeration value="MobileDevice"/> + <xs:enumeration value="MobileAuthCard"/> + </xs:restriction> + </xs:simpleType> + + <xs:complexType name="KeyStorageType"> + <xs:attribute name="medium" type="mediumType" use="required"/> + </xs:complexType> + + <xs:complexType name="SecretKeyProtectionType"> + <xs:sequence> + <xs:element ref="KeyActivation" minOccurs="0"/> + <xs:element ref="KeyStorage" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="SecurityAuditType"> + <xs:sequence> + <xs:element ref="SwitchAudit" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="ExtensionOnlyType"> + <xs:sequence> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="Extension" type="ExtensionType"/> + + <xs:complexType name="ExtensionType"> + <xs:sequence> + <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-x509-2.0.xsd b/schemas/saml-schema-authn-context-x509-2.0.xsd index 7ea725f50..ce4bd65e0 100644 --- a/schemas/saml-schema-authn-context-x509-2.0.xsd +++ b/schemas/saml-schema-authn-context-x509-2.0.xsd @@ -1,83 +1,83 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:X509 - Document identifier: saml-schema-authn-context-x509-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="DigSig"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PublicKeyType"> - <xs:complexContent> - <xs:restriction base="PublicKeyType"> - <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:X509 + Document identifier: saml-schema-authn-context-x509-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="DigSig"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PublicKeyType"> + <xs:complexContent> + <xs:restriction base="PublicKeyType"> + <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:X509"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-authn-context-xmldsig-2.0.xsd b/schemas/saml-schema-authn-context-xmldsig-2.0.xsd index 2616411f4..61fe0ac8e 100644 --- a/schemas/saml-schema-authn-context-xmldsig-2.0.xsd +++ b/schemas/saml-schema-authn-context-xmldsig-2.0.xsd @@ -1,83 +1,83 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig" - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig" - finalDefault="extension" - blockDefault="substitution" - version="2.0"> - - <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> - - <xs:annotation> - <xs:documentation> - Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig - Document identifier: saml-schema-authn-context-xmldsig-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - New authentication context class schema for SAML V2.0. - </xs:documentation> - </xs:annotation> - - <xs:complexType name="AuthnContextDeclarationBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnContextDeclarationBaseType"> - <xs:sequence> - <xs:element ref="Identification" minOccurs="0"/> - <xs:element ref="TechnicalProtection" minOccurs="0"/> - <xs:element ref="OperationalProtection" minOccurs="0"/> - <xs:element ref="AuthnMethod"/> - <xs:element ref="GoverningAgreements" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - <xs:attribute name="ID" type="xs:ID" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthnMethodBaseType"> - <xs:complexContent> - <xs:restriction base="AuthnMethodBaseType"> - <xs:sequence> - <xs:element ref="PrincipalAuthenticationMechanism"/> - <xs:element ref="Authenticator"/> - <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> - <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PrincipalAuthenticationMechanismType"> - <xs:complexContent> - <xs:restriction base="PrincipalAuthenticationMechanismType"> - <xs:sequence> - <xs:element ref="RestrictedPassword"/> - </xs:sequence> - <xs:attribute name="preauth" type="xs:integer" use="optional"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="AuthenticatorBaseType"> - <xs:complexContent> - <xs:restriction base="AuthenticatorBaseType"> - <xs:sequence> - <xs:element ref="DigSig"/> - </xs:sequence> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - <xs:complexType name="PublicKeyType"> - <xs:complexContent> - <xs:restriction base="PublicKeyType"> - <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:ietf:rfc:3075"/> - </xs:restriction> - </xs:complexContent> - </xs:complexType> - - </xs:redefine> - -</xs:schema> +<?xml version="1.0" encoding="UTF-8"?> + +<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig" + finalDefault="extension" + blockDefault="substitution" + version="2.0"> + + <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd"> + + <xs:annotation> + <xs:documentation> + Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig + Document identifier: saml-schema-authn-context-xmldsig-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + New authentication context class schema for SAML V2.0. + </xs:documentation> + </xs:annotation> + + <xs:complexType name="AuthnContextDeclarationBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnContextDeclarationBaseType"> + <xs:sequence> + <xs:element ref="Identification" minOccurs="0"/> + <xs:element ref="TechnicalProtection" minOccurs="0"/> + <xs:element ref="OperationalProtection" minOccurs="0"/> + <xs:element ref="AuthnMethod"/> + <xs:element ref="GoverningAgreements" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="ID" type="xs:ID" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthnMethodBaseType"> + <xs:complexContent> + <xs:restriction base="AuthnMethodBaseType"> + <xs:sequence> + <xs:element ref="PrincipalAuthenticationMechanism"/> + <xs:element ref="Authenticator"/> + <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/> + <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PrincipalAuthenticationMechanismType"> + <xs:complexContent> + <xs:restriction base="PrincipalAuthenticationMechanismType"> + <xs:sequence> + <xs:element ref="RestrictedPassword"/> + </xs:sequence> + <xs:attribute name="preauth" type="xs:integer" use="optional"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="AuthenticatorBaseType"> + <xs:complexContent> + <xs:restriction base="AuthenticatorBaseType"> + <xs:sequence> + <xs:element ref="DigSig"/> + </xs:sequence> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="PublicKeyType"> + <xs:complexContent> + <xs:restriction base="PublicKeyType"> + <xs:attribute name="keyValidation" type="xs:anyURI" fixed="urn:ietf:rfc:3075"/> + </xs:restriction> + </xs:complexContent> + </xs:complexType> + + </xs:redefine> + +</xs:schema> diff --git a/schemas/saml-schema-dce-2.0.xsd b/schemas/saml-schema-dce-2.0.xsd index 719dfe9ec..e89be866a 100644 --- a/schemas/saml-schema-dce-2.0.xsd +++ b/schemas/saml-schema-dce-2.0.xsd @@ -1,29 +1,29 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE" - xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE" - xmlns="http://www.w3.org/2001/XMLSchema" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <annotation> - <documentation> - Document identifier: saml-schema-dce-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - Custom schema for DCE attribute profile, first published in SAML 2.0. - </documentation> - </annotation> - <complexType name="DCEValueType"> - <simpleContent> - <extension base="anyURI"> - <attribute ref="dce:Realm" use="optional"/> - <attribute ref="dce:FriendlyName" use="optional"/> - </extension> - </simpleContent> - </complexType> - <attribute name="Realm" type="anyURI"/> - <attribute name="FriendlyName" type="string"/> -</schema> - +<?xml version="1.0" encoding="UTF-8"?> +<schema targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE" + xmlns:dce="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE" + xmlns="http://www.w3.org/2001/XMLSchema" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <annotation> + <documentation> + Document identifier: saml-schema-dce-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Custom schema for DCE attribute profile, first published in SAML 2.0. + </documentation> + </annotation> + <complexType name="DCEValueType"> + <simpleContent> + <extension base="anyURI"> + <attribute ref="dce:Realm" use="optional"/> + <attribute ref="dce:FriendlyName" use="optional"/> + </extension> + </simpleContent> + </complexType> + <attribute name="Realm" type="anyURI"/> + <attribute name="FriendlyName" type="string"/> +</schema> + diff --git a/schemas/saml-schema-ecp-2.0.xsd b/schemas/saml-schema-ecp-2.0.xsd index 9eb457b1c..e3f24b9a5 100644 --- a/schemas/saml-schema-ecp-2.0.xsd +++ b/schemas/saml-schema-ecp-2.0.xsd @@ -1,57 +1,57 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" - xmlns="http://www.w3.org/2001/XMLSchema" - xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" - xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" - xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" - xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" - schemaLocation="saml-schema-protocol-2.0.xsd"/> - <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" - schemaLocation="saml-schema-assertion-2.0.xsd"/> - <import namespace="http://schemas.xmlsoap.org/soap/envelope/" - schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/> - <annotation> - <documentation> - Document identifier: saml-schema-ecp-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - Custom schema for ECP profile, first published in SAML 2.0. - </documentation> - </annotation> - - <element name="Request" type="ecp:RequestType"/> - <complexType name="RequestType"> - <sequence> - <element ref="saml:Issuer"/> - <element ref="samlp:IDPList" minOccurs="0"/> - </sequence> - <attribute ref="S:mustUnderstand" use="required"/> - <attribute ref="S:actor" use="required"/> - <attribute name="ProviderName" type="string" use="optional"/> - <attribute name="IsPassive" type="boolean" use="optional"/> - </complexType> - - <element name="Response" type="ecp:ResponseType"/> - <complexType name="ResponseType"> - <attribute ref="S:mustUnderstand" use="required"/> - <attribute ref="S:actor" use="required"/> - <attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/> - </complexType> - - <element name="RelayState" type="ecp:RelayStateType"/> - <complexType name="RelayStateType"> - <simpleContent> - <extension base="string"> - <attribute ref="S:mustUnderstand" use="required"/> - <attribute ref="S:actor" use="required"/> - </extension> - </simpleContent> - </complexType> -</schema> +<?xml version="1.0" encoding="UTF-8"?> +<schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" + xmlns="http://www.w3.org/2001/XMLSchema" + xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" + xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" + schemaLocation="saml-schema-protocol-2.0.xsd"/> + <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" + schemaLocation="saml-schema-assertion-2.0.xsd"/> + <import namespace="http://schemas.xmlsoap.org/soap/envelope/" + schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/> + <annotation> + <documentation> + Document identifier: saml-schema-ecp-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Custom schema for ECP profile, first published in SAML 2.0. + </documentation> + </annotation> + + <element name="Request" type="ecp:RequestType"/> + <complexType name="RequestType"> + <sequence> + <element ref="saml:Issuer"/> + <element ref="samlp:IDPList" minOccurs="0"/> + </sequence> + <attribute ref="S:mustUnderstand" use="required"/> + <attribute ref="S:actor" use="required"/> + <attribute name="ProviderName" type="string" use="optional"/> + <attribute name="IsPassive" type="boolean" use="optional"/> + </complexType> + + <element name="Response" type="ecp:ResponseType"/> + <complexType name="ResponseType"> + <attribute ref="S:mustUnderstand" use="required"/> + <attribute ref="S:actor" use="required"/> + <attribute name="AssertionConsumerServiceURL" type="anyURI" use="required"/> + </complexType> + + <element name="RelayState" type="ecp:RelayStateType"/> + <complexType name="RelayStateType"> + <simpleContent> + <extension base="string"> + <attribute ref="S:mustUnderstand" use="required"/> + <attribute ref="S:actor" use="required"/> + </extension> + </simpleContent> + </complexType> +</schema> diff --git a/schemas/saml-schema-metadata-2.0.xsd b/schemas/saml-schema-metadata-2.0.xsd index 0d158c0ba..923b598bf 100644 --- a/schemas/saml-schema-metadata-2.0.xsd +++ b/schemas/saml-schema-metadata-2.0.xsd @@ -1,337 +1,337 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata" - xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" - xmlns:ds="http://www.w3.org/2000/09/xmldsig#" - xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" - xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" - xmlns="http://www.w3.org/2001/XMLSchema" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <import namespace="http://www.w3.org/2000/09/xmldsig#" - schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> - <import namespace="http://www.w3.org/2001/04/xmlenc#" - schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/> - <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" - schemaLocation="saml-schema-assertion-2.0.xsd"/> - <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2001/xml.xsd"/> - <annotation> - <documentation> - Document identifier: saml-schema-metadata-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - Schema for SAML metadata, first published in SAML 2.0. - </documentation> - </annotation> - - <simpleType name="entityIDType"> - <restriction base="anyURI"> - <maxLength value="1024"/> - </restriction> - </simpleType> - <complexType name="localizedNameType"> - <simpleContent> - <extension base="string"> - <attribute ref="xml:lang" use="required"/> - </extension> - </simpleContent> - </complexType> - <complexType name="localizedURIType"> - <simpleContent> - <extension base="anyURI"> - <attribute ref="xml:lang" use="required"/> - </extension> - </simpleContent> - </complexType> - - <element name="Extensions" type="md:ExtensionsType"/> - <complexType final="#all" name="ExtensionsType"> - <sequence> - <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> - </sequence> - </complexType> - - <complexType name="EndpointType"> - <sequence> - <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="Binding" type="anyURI" use="required"/> - <attribute name="Location" type="anyURI" use="required"/> - <attribute name="ResponseLocation" type="anyURI" use="optional"/> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - - <complexType name="IndexedEndpointType"> - <complexContent> - <extension base="md:EndpointType"> - <attribute name="index" type="unsignedShort" use="required"/> - <attribute name="isDefault" type="boolean" use="optional"/> - </extension> - </complexContent> - </complexType> - - <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/> - <complexType name="EntitiesDescriptorType"> - <sequence> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="md:Extensions" minOccurs="0"/> - <choice minOccurs="1" maxOccurs="unbounded"> - <element ref="md:EntityDescriptor"/> - <element ref="md:EntitiesDescriptor"/> - </choice> - </sequence> - <attribute name="validUntil" type="dateTime" use="optional"/> - <attribute name="cacheDuration" type="duration" use="optional"/> - <attribute name="ID" type="ID" use="optional"/> - <attribute name="Name" type="string" use="optional"/> - </complexType> - - <element name="EntityDescriptor" type="md:EntityDescriptorType"/> - <complexType name="EntityDescriptorType"> - <sequence> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="md:Extensions" minOccurs="0"/> - <choice> - <choice maxOccurs="unbounded"> - <element ref="md:RoleDescriptor"/> - <element ref="md:IDPSSODescriptor"/> - <element ref="md:SPSSODescriptor"/> - <element ref="md:AuthnAuthorityDescriptor"/> - <element ref="md:AttributeAuthorityDescriptor"/> - <element ref="md:PDPDescriptor"/> - </choice> - <element ref="md:AffiliationDescriptor"/> - </choice> - <element ref="md:Organization" minOccurs="0"/> - <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="entityID" type="md:entityIDType" use="required"/> - <attribute name="validUntil" type="dateTime" use="optional"/> - <attribute name="cacheDuration" type="duration" use="optional"/> - <attribute name="ID" type="ID" use="optional"/> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - - <element name="Organization" type="md:OrganizationType"/> - <complexType name="OrganizationType"> - <sequence> - <element ref="md:Extensions" minOccurs="0"/> - <element ref="md:OrganizationName" maxOccurs="unbounded"/> - <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/> - <element ref="md:OrganizationURL" maxOccurs="unbounded"/> - </sequence> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - <element name="OrganizationName" type="md:localizedNameType"/> - <element name="OrganizationDisplayName" type="md:localizedNameType"/> - <element name="OrganizationURL" type="md:localizedURIType"/> - <element name="ContactPerson" type="md:ContactType"/> - <complexType name="ContactType"> - <sequence> - <element ref="md:Extensions" minOccurs="0"/> - <element ref="md:Company" minOccurs="0"/> - <element ref="md:GivenName" minOccurs="0"/> - <element ref="md:SurName" minOccurs="0"/> - <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="contactType" type="md:ContactTypeType" use="required"/> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - <element name="Company" type="string"/> - <element name="GivenName" type="string"/> - <element name="SurName" type="string"/> - <element name="EmailAddress" type="anyURI"/> - <element name="TelephoneNumber" type="string"/> - <simpleType name="ContactTypeType"> - <restriction base="string"> - <enumeration value="technical"/> - <enumeration value="support"/> - <enumeration value="administrative"/> - <enumeration value="billing"/> - <enumeration value="other"/> - </restriction> - </simpleType> - - <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/> - <complexType name="AdditionalMetadataLocationType"> - <simpleContent> - <extension base="anyURI"> - <attribute name="namespace" type="anyURI" use="required"/> - </extension> - </simpleContent> - </complexType> - - <element name="RoleDescriptor" type="md:RoleDescriptorType"/> - <complexType name="RoleDescriptorType" abstract="true"> - <sequence> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="md:Extensions" minOccurs="0"/> - <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:Organization" minOccurs="0"/> - <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="ID" type="ID" use="optional"/> - <attribute name="validUntil" type="dateTime" use="optional"/> - <attribute name="cacheDuration" type="duration" use="optional"/> - <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/> - <attribute name="errorURL" type="anyURI" use="optional"/> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - <simpleType name="anyURIListType"> - <list itemType="anyURI"/> - </simpleType> - - <element name="KeyDescriptor" type="md:KeyDescriptorType"/> - <complexType name="KeyDescriptorType"> - <sequence> - <element ref="ds:KeyInfo"/> - <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="use" type="md:KeyTypes" use="optional"/> - </complexType> - <simpleType name="KeyTypes"> - <restriction base="string"> - <enumeration value="encryption"/> - <enumeration value="signing"/> - </restriction> - </simpleType> - <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/> - - <complexType name="SSODescriptorType" abstract="true"> - <complexContent> - <extension base="md:RoleDescriptorType"> - <sequence> - <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/> - <element name="SingleLogoutService" type="md:EndpointType"/> - <element name="ManageNameIDService" type="md:EndpointType"/> - <element name="NameIDFormat" type="anyURI"/> - - <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/> - <complexType name="IDPSSODescriptorType"> - <complexContent> - <extension base="md:SSODescriptorType"> - <sequence> - <element ref="md:SingleSignOnService" maxOccurs="unbounded"/> - <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> - <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="SingleSignOnService" type="md:EndpointType"/> - <element name="NameIDMappingService" type="md:EndpointType"/> - <element name="AssertionIDRequestService" type="md:EndpointType"/> - <element name="AttributeProfile" type="anyURI"/> - - <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/> - <complexType name="SPSSODescriptorType"> - <complexContent> - <extension base="md:SSODescriptorType"> - <sequence> - <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/> - <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/> - <attribute name="WantAssertionsSigned" type="boolean" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="AssertionConsumerService" type="md:IndexedEndpointType"/> - <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/> - <complexType name="AttributeConsumingServiceType"> - <sequence> - <element ref="md:ServiceName" maxOccurs="unbounded"/> - <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:RequestedAttribute" maxOccurs="unbounded"/> - </sequence> - <attribute name="index" type="unsignedShort" use="required"/> - <attribute name="isDefault" type="boolean" use="optional"/> - </complexType> - <element name="ServiceName" type="md:localizedNameType"/> - <element name="ServiceDescription" type="md:localizedNameType"/> - <element name="RequestedAttribute" type="md:RequestedAttributeType"/> - <complexType name="RequestedAttributeType"> - <complexContent> - <extension base="saml:AttributeType"> - <attribute name="isRequired" type="boolean" use="optional"/> - </extension> - </complexContent> - </complexType> - - <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/> - <complexType name="AuthnAuthorityDescriptorType"> - <complexContent> - <extension base="md:RoleDescriptorType"> - <sequence> - <element ref="md:AuthnQueryService" maxOccurs="unbounded"/> - <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AuthnQueryService" type="md:EndpointType"/> - - <element name="PDPDescriptor" type="md:PDPDescriptorType"/> - <complexType name="PDPDescriptorType"> - <complexContent> - <extension base="md:RoleDescriptorType"> - <sequence> - <element ref="md:AuthzService" maxOccurs="unbounded"/> - <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AuthzService" type="md:EndpointType"/> - - <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/> - <complexType name="AttributeAuthorityDescriptorType"> - <complexContent> - <extension base="md:RoleDescriptorType"> - <sequence> - <element ref="md:AttributeService" maxOccurs="unbounded"/> - <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> - <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> - <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AttributeService" type="md:EndpointType"/> - - <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/> - <complexType name="AffiliationDescriptorType"> - <sequence> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="md:Extensions" minOccurs="0"/> - <element ref="md:AffiliateMember" maxOccurs="unbounded"/> - <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/> - <attribute name="validUntil" type="dateTime" use="optional"/> - <attribute name="cacheDuration" type="duration" use="optional"/> - <attribute name="ID" type="ID" use="optional"/> - <anyAttribute namespace="##other" processContents="lax"/> - </complexType> - <element name="AffiliateMember" type="md:entityIDType"/> -</schema> +<?xml version="1.0" encoding="UTF-8"?> +<schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns="http://www.w3.org/2001/XMLSchema" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> + <import namespace="http://www.w3.org/2001/04/xmlenc#" + schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/> + <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" + schemaLocation="saml-schema-assertion-2.0.xsd"/> + <import namespace="http://www.w3.org/XML/1998/namespace" + schemaLocation="http://www.w3.org/2001/xml.xsd"/> + <annotation> + <documentation> + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + </documentation> + </annotation> + + <simpleType name="entityIDType"> + <restriction base="anyURI"> + <maxLength value="1024"/> + </restriction> + </simpleType> + <complexType name="localizedNameType"> + <simpleContent> + <extension base="string"> + <attribute ref="xml:lang" use="required"/> + </extension> + </simpleContent> + </complexType> + <complexType name="localizedURIType"> + <simpleContent> + <extension base="anyURI"> + <attribute ref="xml:lang" use="required"/> + </extension> + </simpleContent> + </complexType> + + <element name="Extensions" type="md:ExtensionsType"/> + <complexType final="#all" name="ExtensionsType"> + <sequence> + <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> + </sequence> + </complexType> + + <complexType name="EndpointType"> + <sequence> + <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Binding" type="anyURI" use="required"/> + <attribute name="Location" type="anyURI" use="required"/> + <attribute name="ResponseLocation" type="anyURI" use="optional"/> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + + <complexType name="IndexedEndpointType"> + <complexContent> + <extension base="md:EndpointType"> + <attribute name="index" type="unsignedShort" use="required"/> + <attribute name="isDefault" type="boolean" use="optional"/> + </extension> + </complexContent> + </complexType> + + <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/> + <complexType name="EntitiesDescriptorType"> + <sequence> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="md:Extensions" minOccurs="0"/> + <choice minOccurs="1" maxOccurs="unbounded"> + <element ref="md:EntityDescriptor"/> + <element ref="md:EntitiesDescriptor"/> + </choice> + </sequence> + <attribute name="validUntil" type="dateTime" use="optional"/> + <attribute name="cacheDuration" type="duration" use="optional"/> + <attribute name="ID" type="ID" use="optional"/> + <attribute name="Name" type="string" use="optional"/> + </complexType> + + <element name="EntityDescriptor" type="md:EntityDescriptorType"/> + <complexType name="EntityDescriptorType"> + <sequence> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="md:Extensions" minOccurs="0"/> + <choice> + <choice maxOccurs="unbounded"> + <element ref="md:RoleDescriptor"/> + <element ref="md:IDPSSODescriptor"/> + <element ref="md:SPSSODescriptor"/> + <element ref="md:AuthnAuthorityDescriptor"/> + <element ref="md:AttributeAuthorityDescriptor"/> + <element ref="md:PDPDescriptor"/> + </choice> + <element ref="md:AffiliationDescriptor"/> + </choice> + <element ref="md:Organization" minOccurs="0"/> + <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="entityID" type="md:entityIDType" use="required"/> + <attribute name="validUntil" type="dateTime" use="optional"/> + <attribute name="cacheDuration" type="duration" use="optional"/> + <attribute name="ID" type="ID" use="optional"/> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + + <element name="Organization" type="md:OrganizationType"/> + <complexType name="OrganizationType"> + <sequence> + <element ref="md:Extensions" minOccurs="0"/> + <element ref="md:OrganizationName" maxOccurs="unbounded"/> + <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/> + <element ref="md:OrganizationURL" maxOccurs="unbounded"/> + </sequence> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + <element name="OrganizationName" type="md:localizedNameType"/> + <element name="OrganizationDisplayName" type="md:localizedNameType"/> + <element name="OrganizationURL" type="md:localizedURIType"/> + <element name="ContactPerson" type="md:ContactType"/> + <complexType name="ContactType"> + <sequence> + <element ref="md:Extensions" minOccurs="0"/> + <element ref="md:Company" minOccurs="0"/> + <element ref="md:GivenName" minOccurs="0"/> + <element ref="md:SurName" minOccurs="0"/> + <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="contactType" type="md:ContactTypeType" use="required"/> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + <element name="Company" type="string"/> + <element name="GivenName" type="string"/> + <element name="SurName" type="string"/> + <element name="EmailAddress" type="anyURI"/> + <element name="TelephoneNumber" type="string"/> + <simpleType name="ContactTypeType"> + <restriction base="string"> + <enumeration value="technical"/> + <enumeration value="support"/> + <enumeration value="administrative"/> + <enumeration value="billing"/> + <enumeration value="other"/> + </restriction> + </simpleType> + + <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/> + <complexType name="AdditionalMetadataLocationType"> + <simpleContent> + <extension base="anyURI"> + <attribute name="namespace" type="anyURI" use="required"/> + </extension> + </simpleContent> + </complexType> + + <element name="RoleDescriptor" type="md:RoleDescriptorType"/> + <complexType name="RoleDescriptorType" abstract="true"> + <sequence> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="md:Extensions" minOccurs="0"/> + <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:Organization" minOccurs="0"/> + <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="ID" type="ID" use="optional"/> + <attribute name="validUntil" type="dateTime" use="optional"/> + <attribute name="cacheDuration" type="duration" use="optional"/> + <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/> + <attribute name="errorURL" type="anyURI" use="optional"/> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + <simpleType name="anyURIListType"> + <list itemType="anyURI"/> + </simpleType> + + <element name="KeyDescriptor" type="md:KeyDescriptorType"/> + <complexType name="KeyDescriptorType"> + <sequence> + <element ref="ds:KeyInfo"/> + <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="use" type="md:KeyTypes" use="optional"/> + </complexType> + <simpleType name="KeyTypes"> + <restriction base="string"> + <enumeration value="encryption"/> + <enumeration value="signing"/> + </restriction> + </simpleType> + <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/> + + <complexType name="SSODescriptorType" abstract="true"> + <complexContent> + <extension base="md:RoleDescriptorType"> + <sequence> + <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/> + <element name="SingleLogoutService" type="md:EndpointType"/> + <element name="ManageNameIDService" type="md:EndpointType"/> + <element name="NameIDFormat" type="anyURI"/> + + <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/> + <complexType name="IDPSSODescriptorType"> + <complexContent> + <extension base="md:SSODescriptorType"> + <sequence> + <element ref="md:SingleSignOnService" maxOccurs="unbounded"/> + <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> + <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="SingleSignOnService" type="md:EndpointType"/> + <element name="NameIDMappingService" type="md:EndpointType"/> + <element name="AssertionIDRequestService" type="md:EndpointType"/> + <element name="AttributeProfile" type="anyURI"/> + + <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/> + <complexType name="SPSSODescriptorType"> + <complexContent> + <extension base="md:SSODescriptorType"> + <sequence> + <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/> + <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/> + <attribute name="WantAssertionsSigned" type="boolean" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="AssertionConsumerService" type="md:IndexedEndpointType"/> + <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/> + <complexType name="AttributeConsumingServiceType"> + <sequence> + <element ref="md:ServiceName" maxOccurs="unbounded"/> + <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:RequestedAttribute" maxOccurs="unbounded"/> + </sequence> + <attribute name="index" type="unsignedShort" use="required"/> + <attribute name="isDefault" type="boolean" use="optional"/> + </complexType> + <element name="ServiceName" type="md:localizedNameType"/> + <element name="ServiceDescription" type="md:localizedNameType"/> + <element name="RequestedAttribute" type="md:RequestedAttributeType"/> + <complexType name="RequestedAttributeType"> + <complexContent> + <extension base="saml:AttributeType"> + <attribute name="isRequired" type="boolean" use="optional"/> + </extension> + </complexContent> + </complexType> + + <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/> + <complexType name="AuthnAuthorityDescriptorType"> + <complexContent> + <extension base="md:RoleDescriptorType"> + <sequence> + <element ref="md:AuthnQueryService" maxOccurs="unbounded"/> + <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AuthnQueryService" type="md:EndpointType"/> + + <element name="PDPDescriptor" type="md:PDPDescriptorType"/> + <complexType name="PDPDescriptorType"> + <complexContent> + <extension base="md:RoleDescriptorType"> + <sequence> + <element ref="md:AuthzService" maxOccurs="unbounded"/> + <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AuthzService" type="md:EndpointType"/> + + <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/> + <complexType name="AttributeAuthorityDescriptorType"> + <complexContent> + <extension base="md:RoleDescriptorType"> + <sequence> + <element ref="md:AttributeService" maxOccurs="unbounded"/> + <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> + <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> + <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AttributeService" type="md:EndpointType"/> + + <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/> + <complexType name="AffiliationDescriptorType"> + <sequence> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="md:Extensions" minOccurs="0"/> + <element ref="md:AffiliateMember" maxOccurs="unbounded"/> + <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/> + <attribute name="validUntil" type="dateTime" use="optional"/> + <attribute name="cacheDuration" type="duration" use="optional"/> + <attribute name="ID" type="ID" use="optional"/> + <anyAttribute namespace="##other" processContents="lax"/> + </complexType> + <element name="AffiliateMember" type="md:entityIDType"/> +</schema> diff --git a/schemas/saml-schema-protocol-2.0.xsd b/schemas/saml-schema-protocol-2.0.xsd index eb480e553..13656b18a 100644 --- a/schemas/saml-schema-protocol-2.0.xsd +++ b/schemas/saml-schema-protocol-2.0.xsd @@ -1,302 +1,302 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol" - xmlns="http://www.w3.org/2001/XMLSchema" - xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" - xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" - xmlns:ds="http://www.w3.org/2000/09/xmldsig#" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" - schemaLocation="saml-schema-assertion-2.0.xsd"/> - <import namespace="http://www.w3.org/2000/09/xmldsig#" - schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> - <annotation> - <documentation> - Document identifier: saml-schema-protocol-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V1.0 (November, 2002): - Initial Standard Schema. - V1.1 (September, 2003): - Updates within the same V1.0 namespace. - V2.0 (March, 2005): - New protocol schema based in a SAML V2.0 namespace. - </documentation> - </annotation> - <complexType name="RequestAbstractType" abstract="true"> - <sequence> - <element ref="saml:Issuer" minOccurs="0"/> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="samlp:Extensions" minOccurs="0"/> - </sequence> - <attribute name="ID" type="ID" use="required"/> - <attribute name="Version" type="string" use="required"/> - <attribute name="IssueInstant" type="dateTime" use="required"/> - <attribute name="Destination" type="anyURI" use="optional"/> - <attribute name="Consent" type="anyURI" use="optional"/> - </complexType> - <element name="Extensions" type="samlp:ExtensionsType"/> - <complexType name="ExtensionsType"> - <sequence> - <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> - </sequence> - </complexType> - <complexType name="StatusResponseType"> - <sequence> - <element ref="saml:Issuer" minOccurs="0"/> - <element ref="ds:Signature" minOccurs="0"/> - <element ref="samlp:Extensions" minOccurs="0"/> - <element ref="samlp:Status"/> - </sequence> - <attribute name="ID" type="ID" use="required"/> - <attribute name="InResponseTo" type="NCName" use="optional"/> - <attribute name="Version" type="string" use="required"/> - <attribute name="IssueInstant" type="dateTime" use="required"/> - <attribute name="Destination" type="anyURI" use="optional"/> - <attribute name="Consent" type="anyURI" use="optional"/> - </complexType> - <element name="Status" type="samlp:StatusType"/> - <complexType name="StatusType"> - <sequence> - <element ref="samlp:StatusCode"/> - <element ref="samlp:StatusMessage" minOccurs="0"/> - <element ref="samlp:StatusDetail" minOccurs="0"/> - </sequence> - </complexType> - <element name="StatusCode" type="samlp:StatusCodeType"/> - <complexType name="StatusCodeType"> - <sequence> - <element ref="samlp:StatusCode" minOccurs="0"/> - </sequence> - <attribute name="Value" type="anyURI" use="required"/> - </complexType> - <element name="StatusMessage" type="string"/> - <element name="StatusDetail" type="samlp:StatusDetailType"/> - <complexType name="StatusDetailType"> - <sequence> - <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </complexType> - <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/> - <complexType name="AssertionIDRequestType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> - <complexType name="SubjectQueryAbstractType" abstract="true"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <element ref="saml:Subject"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AuthnQuery" type="samlp:AuthnQueryType"/> - <complexType name="AuthnQueryType"> - <complexContent> - <extension base="samlp:SubjectQueryAbstractType"> - <sequence> - <element ref="samlp:RequestedAuthnContext" minOccurs="0"/> - </sequence> - <attribute name="SessionIndex" type="string" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/> - <complexType name="RequestedAuthnContextType"> - <choice> - <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/> - <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/> - </choice> - <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/> - </complexType> - <simpleType name="AuthnContextComparisonType"> - <restriction base="string"> - <enumeration value="exact"/> - <enumeration value="minimum"/> - <enumeration value="maximum"/> - <enumeration value="better"/> - </restriction> - </simpleType> - <element name="AttributeQuery" type="samlp:AttributeQueryType"/> - <complexType name="AttributeQueryType"> - <complexContent> - <extension base="samlp:SubjectQueryAbstractType"> - <sequence> - <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/> - <complexType name="AuthzDecisionQueryType"> - <complexContent> - <extension base="samlp:SubjectQueryAbstractType"> - <sequence> - <element ref="saml:Action" maxOccurs="unbounded"/> - <element ref="saml:Evidence" minOccurs="0"/> - </sequence> - <attribute name="Resource" type="anyURI" use="required"/> - </extension> - </complexContent> - </complexType> - <element name="AuthnRequest" type="samlp:AuthnRequestType"/> - <complexType name="AuthnRequestType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <element ref="saml:Subject" minOccurs="0"/> - <element ref="samlp:NameIDPolicy" minOccurs="0"/> - <element ref="saml:Conditions" minOccurs="0"/> - <element ref="samlp:RequestedAuthnContext" minOccurs="0"/> - <element ref="samlp:Scoping" minOccurs="0"/> - </sequence> - <attribute name="ForceAuthn" type="boolean" use="optional"/> - <attribute name="IsPassive" type="boolean" use="optional"/> - <attribute name="ProtocolBinding" type="anyURI" use="optional"/> - <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/> - <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/> - <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/> - <attribute name="ProviderName" type="string" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/> - <complexType name="NameIDPolicyType"> - <attribute name="Format" type="anyURI" use="optional"/> - <attribute name="SPNameQualifier" type="string" use="optional"/> - <attribute name="AllowCreate" type="boolean" use="optional"/> - </complexType> - <element name="Scoping" type="samlp:ScopingType"/> - <complexType name="ScopingType"> - <sequence> - <element ref="samlp:IDPList" minOccurs="0"/> - <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/> - </complexType> - <element name="RequesterID" type="anyURI"/> - <element name="IDPList" type="samlp:IDPListType"/> - <complexType name="IDPListType"> - <sequence> - <element ref="samlp:IDPEntry" maxOccurs="unbounded"/> - <element ref="samlp:GetComplete" minOccurs="0"/> - </sequence> - </complexType> - <element name="IDPEntry" type="samlp:IDPEntryType"/> - <complexType name="IDPEntryType"> - <attribute name="ProviderID" type="anyURI" use="required"/> - <attribute name="Name" type="string" use="optional"/> - <attribute name="Loc" type="anyURI" use="optional"/> - </complexType> - <element name="GetComplete" type="anyURI"/> - <element name="Response" type="samlp:ResponseType"/> - <complexType name="ResponseType"> - <complexContent> - <extension base="samlp:StatusResponseType"> - <choice minOccurs="0" maxOccurs="unbounded"> - <element ref="saml:Assertion"/> - <element ref="saml:EncryptedAssertion"/> - </choice> - </extension> - </complexContent> - </complexType> - <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/> - <complexType name="ArtifactResolveType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <element ref="samlp:Artifact"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="Artifact" type="string"/> - <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/> - <complexType name="ArtifactResponseType"> - <complexContent> - <extension base="samlp:StatusResponseType"> - <sequence> - <any namespace="##any" processContents="lax" minOccurs="0"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/> - <complexType name="ManageNameIDRequestType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <choice> - <element ref="saml:NameID"/> - <element ref="saml:EncryptedID"/> - </choice> - <choice> - <element ref="samlp:NewID"/> - <element ref="samlp:NewEncryptedID"/> - <element ref="samlp:Terminate"/> - </choice> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="NewID" type="string"/> - <element name="NewEncryptedID" type="saml:EncryptedElementType"/> - <element name="Terminate" type="samlp:TerminateType"/> - <complexType name="TerminateType"/> - <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/> - <element name="LogoutRequest" type="samlp:LogoutRequestType"/> - <complexType name="LogoutRequestType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <choice> - <element ref="saml:BaseID"/> - <element ref="saml:NameID"/> - <element ref="saml:EncryptedID"/> - </choice> - <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/> - </sequence> - <attribute name="Reason" type="string" use="optional"/> - <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> - </extension> - </complexContent> - </complexType> - <element name="SessionIndex" type="string"/> - <element name="LogoutResponse" type="samlp:StatusResponseType"/> - <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/> - <complexType name="NameIDMappingRequestType"> - <complexContent> - <extension base="samlp:RequestAbstractType"> - <sequence> - <choice> - <element ref="saml:BaseID"/> - <element ref="saml:NameID"/> - <element ref="saml:EncryptedID"/> - </choice> - <element ref="samlp:NameIDPolicy"/> - </sequence> - </extension> - </complexContent> - </complexType> - <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/> - <complexType name="NameIDMappingResponseType"> - <complexContent> - <extension base="samlp:StatusResponseType"> - <choice> - <element ref="saml:NameID"/> - <element ref="saml:EncryptedID"/> - </choice> - </extension> - </complexContent> - </complexType> -</schema> +<?xml version="1.0" encoding="UTF-8"?> +<schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns="http://www.w3.org/2001/XMLSchema" + xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" + schemaLocation="saml-schema-assertion-2.0.xsd"/> + <import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> + <annotation> + <documentation> + Document identifier: saml-schema-protocol-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New protocol schema based in a SAML V2.0 namespace. + </documentation> + </annotation> + <complexType name="RequestAbstractType" abstract="true"> + <sequence> + <element ref="saml:Issuer" minOccurs="0"/> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="samlp:Extensions" minOccurs="0"/> + </sequence> + <attribute name="ID" type="ID" use="required"/> + <attribute name="Version" type="string" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + <attribute name="Destination" type="anyURI" use="optional"/> + <attribute name="Consent" type="anyURI" use="optional"/> + </complexType> + <element name="Extensions" type="samlp:ExtensionsType"/> + <complexType name="ExtensionsType"> + <sequence> + <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> + </sequence> + </complexType> + <complexType name="StatusResponseType"> + <sequence> + <element ref="saml:Issuer" minOccurs="0"/> + <element ref="ds:Signature" minOccurs="0"/> + <element ref="samlp:Extensions" minOccurs="0"/> + <element ref="samlp:Status"/> + </sequence> + <attribute name="ID" type="ID" use="required"/> + <attribute name="InResponseTo" type="NCName" use="optional"/> + <attribute name="Version" type="string" use="required"/> + <attribute name="IssueInstant" type="dateTime" use="required"/> + <attribute name="Destination" type="anyURI" use="optional"/> + <attribute name="Consent" type="anyURI" use="optional"/> + </complexType> + <element name="Status" type="samlp:StatusType"/> + <complexType name="StatusType"> + <sequence> + <element ref="samlp:StatusCode"/> + <element ref="samlp:StatusMessage" minOccurs="0"/> + <element ref="samlp:StatusDetail" minOccurs="0"/> + </sequence> + </complexType> + <element name="StatusCode" type="samlp:StatusCodeType"/> + <complexType name="StatusCodeType"> + <sequence> + <element ref="samlp:StatusCode" minOccurs="0"/> + </sequence> + <attribute name="Value" type="anyURI" use="required"/> + </complexType> + <element name="StatusMessage" type="string"/> + <element name="StatusDetail" type="samlp:StatusDetailType"/> + <complexType name="StatusDetailType"> + <sequence> + <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </complexType> + <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/> + <complexType name="AssertionIDRequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> + <complexType name="SubjectQueryAbstractType" abstract="true"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <element ref="saml:Subject"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AuthnQuery" type="samlp:AuthnQueryType"/> + <complexType name="AuthnQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="samlp:RequestedAuthnContext" minOccurs="0"/> + </sequence> + <attribute name="SessionIndex" type="string" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/> + <complexType name="RequestedAuthnContextType"> + <choice> + <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/> + <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/> + </choice> + <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/> + </complexType> + <simpleType name="AuthnContextComparisonType"> + <restriction base="string"> + <enumeration value="exact"/> + <enumeration value="minimum"/> + <enumeration value="maximum"/> + <enumeration value="better"/> + </restriction> + </simpleType> + <element name="AttributeQuery" type="samlp:AttributeQueryType"/> + <complexType name="AttributeQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/> + <complexType name="AuthzDecisionQueryType"> + <complexContent> + <extension base="samlp:SubjectQueryAbstractType"> + <sequence> + <element ref="saml:Action" maxOccurs="unbounded"/> + <element ref="saml:Evidence" minOccurs="0"/> + </sequence> + <attribute name="Resource" type="anyURI" use="required"/> + </extension> + </complexContent> + </complexType> + <element name="AuthnRequest" type="samlp:AuthnRequestType"/> + <complexType name="AuthnRequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <element ref="saml:Subject" minOccurs="0"/> + <element ref="samlp:NameIDPolicy" minOccurs="0"/> + <element ref="saml:Conditions" minOccurs="0"/> + <element ref="samlp:RequestedAuthnContext" minOccurs="0"/> + <element ref="samlp:Scoping" minOccurs="0"/> + </sequence> + <attribute name="ForceAuthn" type="boolean" use="optional"/> + <attribute name="IsPassive" type="boolean" use="optional"/> + <attribute name="ProtocolBinding" type="anyURI" use="optional"/> + <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/> + <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/> + <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/> + <attribute name="ProviderName" type="string" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/> + <complexType name="NameIDPolicyType"> + <attribute name="Format" type="anyURI" use="optional"/> + <attribute name="SPNameQualifier" type="string" use="optional"/> + <attribute name="AllowCreate" type="boolean" use="optional"/> + </complexType> + <element name="Scoping" type="samlp:ScopingType"/> + <complexType name="ScopingType"> + <sequence> + <element ref="samlp:IDPList" minOccurs="0"/> + <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/> + </complexType> + <element name="RequesterID" type="anyURI"/> + <element name="IDPList" type="samlp:IDPListType"/> + <complexType name="IDPListType"> + <sequence> + <element ref="samlp:IDPEntry" maxOccurs="unbounded"/> + <element ref="samlp:GetComplete" minOccurs="0"/> + </sequence> + </complexType> + <element name="IDPEntry" type="samlp:IDPEntryType"/> + <complexType name="IDPEntryType"> + <attribute name="ProviderID" type="anyURI" use="required"/> + <attribute name="Name" type="string" use="optional"/> + <attribute name="Loc" type="anyURI" use="optional"/> + </complexType> + <element name="GetComplete" type="anyURI"/> + <element name="Response" type="samlp:ResponseType"/> + <complexType name="ResponseType"> + <complexContent> + <extension base="samlp:StatusResponseType"> + <choice minOccurs="0" maxOccurs="unbounded"> + <element ref="saml:Assertion"/> + <element ref="saml:EncryptedAssertion"/> + </choice> + </extension> + </complexContent> + </complexType> + <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/> + <complexType name="ArtifactResolveType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <element ref="samlp:Artifact"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="Artifact" type="string"/> + <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/> + <complexType name="ArtifactResponseType"> + <complexContent> + <extension base="samlp:StatusResponseType"> + <sequence> + <any namespace="##any" processContents="lax" minOccurs="0"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/> + <complexType name="ManageNameIDRequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <choice> + <element ref="saml:NameID"/> + <element ref="saml:EncryptedID"/> + </choice> + <choice> + <element ref="samlp:NewID"/> + <element ref="samlp:NewEncryptedID"/> + <element ref="samlp:Terminate"/> + </choice> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="NewID" type="string"/> + <element name="NewEncryptedID" type="saml:EncryptedElementType"/> + <element name="Terminate" type="samlp:TerminateType"/> + <complexType name="TerminateType"/> + <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/> + <element name="LogoutRequest" type="samlp:LogoutRequestType"/> + <complexType name="LogoutRequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <choice> + <element ref="saml:BaseID"/> + <element ref="saml:NameID"/> + <element ref="saml:EncryptedID"/> + </choice> + <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Reason" type="string" use="optional"/> + <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> + </extension> + </complexContent> + </complexType> + <element name="SessionIndex" type="string"/> + <element name="LogoutResponse" type="samlp:StatusResponseType"/> + <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/> + <complexType name="NameIDMappingRequestType"> + <complexContent> + <extension base="samlp:RequestAbstractType"> + <sequence> + <choice> + <element ref="saml:BaseID"/> + <element ref="saml:NameID"/> + <element ref="saml:EncryptedID"/> + </choice> + <element ref="samlp:NameIDPolicy"/> + </sequence> + </extension> + </complexContent> + </complexType> + <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/> + <complexType name="NameIDMappingResponseType"> + <complexContent> + <extension base="samlp:StatusResponseType"> + <choice> + <element ref="saml:NameID"/> + <element ref="saml:EncryptedID"/> + </choice> + </extension> + </complexContent> + </complexType> +</schema> diff --git a/schemas/saml-schema-x500-2.0.xsd b/schemas/saml-schema-x500-2.0.xsd index 141b63451..f67f1b04a 100644 --- a/schemas/saml-schema-x500-2.0.xsd +++ b/schemas/saml-schema-x500-2.0.xsd @@ -1,20 +1,20 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" - xmlns="http://www.w3.org/2001/XMLSchema" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <annotation> - <documentation> - Document identifier: saml-schema-x500-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - Custom schema for X.500 attribute profile, first published in SAML 2.0. - </documentation> - </annotation> - <attribute name="Encoding" type="string"/> -</schema> - +<?xml version="1.0" encoding="UTF-8"?> +<schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" + xmlns="http://www.w3.org/2001/XMLSchema" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <annotation> + <documentation> + Document identifier: saml-schema-x500-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Custom schema for X.500 attribute profile, first published in SAML 2.0. + </documentation> + </annotation> + <attribute name="Encoding" type="string"/> +</schema> + diff --git a/schemas/saml-schema-xacml-2.0.xsd b/schemas/saml-schema-xacml-2.0.xsd index a83bc0207..836f9db04 100644 --- a/schemas/saml-schema-xacml-2.0.xsd +++ b/schemas/saml-schema-xacml-2.0.xsd @@ -1,19 +1,19 @@ -<?xml version="1.0" encoding="UTF-8"?> -<schema - targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML" - xmlns="http://www.w3.org/2001/XMLSchema" - elementFormDefault="unqualified" - attributeFormDefault="unqualified" - blockDefault="substitution" - version="2.0"> - <annotation> - <documentation> - Document identifier: saml-schema-xacml-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V2.0 (March, 2005): - Custom schema for XACML attribute profile, first published in SAML 2.0. - </documentation> - </annotation> - <attribute name="DataType" type="anyURI"/> -</schema> +<?xml version="1.0" encoding="UTF-8"?> +<schema + targetNamespace="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML" + xmlns="http://www.w3.org/2001/XMLSchema" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + blockDefault="substitution" + version="2.0"> + <annotation> + <documentation> + Document identifier: saml-schema-xacml-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Custom schema for XACML attribute profile, first published in SAML 2.0. + </documentation> + </annotation> + <attribute name="DataType" type="anyURI"/> +</schema> -- GitLab