aaf-mdqt 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (66) hide show
  1. checksums.yaml +7 -0
  2. data/.github/workflows/codeql-analysis.yml +70 -0
  3. data/.github/workflows/ruby.yml +41 -0
  4. data/.gitignore +25 -0
  5. data/.rspec +2 -0
  6. data/.rubocop.yml +1 -0
  7. data/.rubocop_todo.yml +296 -0
  8. data/.ruby-version +1 -0
  9. data/.tool-versions +1 -0
  10. data/.travis.yml +7 -0
  11. data/CHANGELOG.md +168 -0
  12. data/CODE_OF_CONDUCT.md +74 -0
  13. data/Gemfile +9 -0
  14. data/LICENSE.txt +21 -0
  15. data/Makefile +4 -0
  16. data/README.md +268 -0
  17. data/Rakefile +5 -0
  18. data/aaf-mdqt.gemspec +46 -0
  19. data/bin/console +14 -0
  20. data/bin/setup +8 -0
  21. data/cucumber.yml +2 -0
  22. data/exe/mdqt +174 -0
  23. data/lib/mdqt/cli/base.rb +190 -0
  24. data/lib/mdqt/cli/cache_control.rb +25 -0
  25. data/lib/mdqt/cli/check.rb +78 -0
  26. data/lib/mdqt/cli/compliance.rb +0 -0
  27. data/lib/mdqt/cli/defaults.rb +70 -0
  28. data/lib/mdqt/cli/entities.rb +47 -0
  29. data/lib/mdqt/cli/exists.rb +0 -0
  30. data/lib/mdqt/cli/get.rb +130 -0
  31. data/lib/mdqt/cli/list.rb +65 -0
  32. data/lib/mdqt/cli/ln.rb +81 -0
  33. data/lib/mdqt/cli/ls.rb +54 -0
  34. data/lib/mdqt/cli/rename.rb +75 -0
  35. data/lib/mdqt/cli/reset.rb +27 -0
  36. data/lib/mdqt/cli/services.rb +25 -0
  37. data/lib/mdqt/cli/transform.rb +33 -0
  38. data/lib/mdqt/cli/url.rb +37 -0
  39. data/lib/mdqt/cli/version.rb +17 -0
  40. data/lib/mdqt/cli.rb +24 -0
  41. data/lib/mdqt/client/identifier_utils.rb +51 -0
  42. data/lib/mdqt/client/metadata_file.rb +144 -0
  43. data/lib/mdqt/client/metadata_response.rb +182 -0
  44. data/lib/mdqt/client/metadata_service.rb +194 -0
  45. data/lib/mdqt/client/metadata_validator.rb +81 -0
  46. data/lib/mdqt/client.rb +83 -0
  47. data/lib/mdqt/schema/MetadataExchange.xsd +112 -0
  48. data/lib/mdqt/schema/mdqt_check_schema.xsd +5 -0
  49. data/lib/mdqt/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd +195 -0
  50. data/lib/mdqt/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd +108 -0
  51. data/lib/mdqt/schema/saml-schema-assertion-2.0.xsd +283 -0
  52. data/lib/mdqt/schema/saml-schema-metadata-2.0.xsd +337 -0
  53. data/lib/mdqt/schema/ws-addr.xsd +137 -0
  54. data/lib/mdqt/schema/ws-authorization.xsd +145 -0
  55. data/lib/mdqt/schema/ws-federation.xsd +471 -0
  56. data/lib/mdqt/schema/ws-securitypolicy-1.2.xsd +1205 -0
  57. data/lib/mdqt/schema/xenc-schema.xsd +136 -0
  58. data/lib/mdqt/schema/xml.xsd +287 -0
  59. data/lib/mdqt/schema/xmldsig-core-schema.xsd +309 -0
  60. data/lib/mdqt/version.rb +3 -0
  61. data/lib/mdqt.rb +5 -0
  62. data/lib/tasks/cucumber.rake +8 -0
  63. data/lib/tasks/spec.rake +5 -0
  64. data/lib/tasks/tests.rake +6 -0
  65. data/lib/tasks/yard.rake +6 -0
  66. metadata +332 -0
@@ -0,0 +1,471 @@
1
+ <?xml version="1.0" encoding="UTF-8" ?>
2
+ <!--
3
+ OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
4
+ implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
5
+ neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
6
+ specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
7
+ available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
8
+ of this specification, can be obtained from the OASIS Executive Director.
9
+ OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
10
+ cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
11
+ Copyright © OASIS Open 2002-2007. All Rights Reserved.
12
+ This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
13
+ in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
14
+ above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
15
+ in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
16
+ in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
17
+ it into languages other than English.
18
+ The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
19
+ This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
20
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
21
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
22
+ -->
23
+ <xs:schema xmlns:xs='http://www.w3.org/2001/XMLSchema'
24
+ xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
25
+ xmlns:tns='http://docs.oasis-open.org/wsfed/federation/200706'
26
+ xmlns:wsa='http://www.w3.org/2005/08/addressing'
27
+ xmlns:mex='http://schemas.xmlsoap.org/ws/2004/09/mex'
28
+ xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
29
+ xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
30
+ xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'
31
+ xmlns:auth='http://docs.oasis-open.org/wsfed/authorization/200706'
32
+ targetNamespace='http://docs.oasis-open.org/wsfed/federation/200706'
33
+ elementFormDefault='qualified' >
34
+
35
+ <xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
36
+ schemaLocation='oasis-200401-wss-wssecurity-secext-1.0.xsd' />
37
+ <xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
38
+ schemaLocation='oasis-200401-wss-wssecurity-utility-1.0.xsd' />
39
+ <xs:import namespace='http://www.w3.org/2005/08/addressing'
40
+ schemaLocation='ws-addr.xsd' />
41
+ <xs:import namespace='http://schemas.xmlsoap.org/ws/2004/09/mex'
42
+ schemaLocation='MetadataExchange.xsd' />
43
+ <xs:import namespace='urn:oasis:names:tc:SAML:2.0:metadata'
44
+ schemaLocation='saml-schema-metadata-2.0.xsd' />
45
+ <xs:import namespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
46
+ schemaLocation='ws-securitypolicy-1.2.xsd'/>
47
+ <xs:import namespace='http://docs.oasis-open.org/wsfed/authorization/200706'
48
+ schemaLocation='ws-authorization.xsd'/>
49
+
50
+ <!-- Section 3.1 -->
51
+ <!-- Note: Use of this root element is discouraged in favor of use of md:EntitiesDescriptor or md EntityDescriptor -->
52
+ <xs:element name='FederationMetadata' type='tns:FederationMetadataType' />
53
+
54
+ <xs:complexType name='FederationMetadataType' >
55
+ <xs:sequence>
56
+ <!--
57
+ *** Accurate content model is nondeterministic ***
58
+ <xs:element name='Federation' type='tns:FederationType' minOccurs='1' maxOccurs='unbounded' />
59
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
60
+ -->
61
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
62
+ </xs:sequence>
63
+ <xs:anyAttribute namespace='##other' processContents='lax' />
64
+ </xs:complexType>
65
+
66
+ <xs:complexType name='FederationType' >
67
+ <xs:sequence>
68
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
69
+ </xs:sequence>
70
+ <xs:attribute name='FederationID' type='xs:anyURI' />
71
+ <xs:anyAttribute namespace='##other' processContents='lax' />
72
+ </xs:complexType>
73
+
74
+ <!-- Section 3.1.2.1 -->
75
+ <xs:complexType name="WebServiceDescriptorType" abstract="true">
76
+ <xs:complexContent>
77
+ <xs:extension base="md:RoleDescriptorType">
78
+ <xs:sequence>
79
+ <xs:element ref="tns:LogicalServiceNamesOffered" minOccurs="0" maxOccurs="1" />
80
+ <xs:element ref="tns:TokenTypesOffered" minOccurs="0" maxOccurs="1" />
81
+ <xs:element ref="tns:ClaimDialectsOffered" minOccurs="0" maxOccurs="1" />
82
+ <xs:element ref="tns:ClaimTypesOffered" minOccurs="0" maxOccurs="1" />
83
+ <xs:element ref="tns:ClaimTypesRequested" minOccurs="0" maxOccurs="1" />
84
+ <xs:element ref="tns:AutomaticPseudonyms" minOccurs="0" maxOccurs="1"/>
85
+ <xs:element ref="tns:TargetScopes" minOccurs="0" maxOccurs="1"/>
86
+ </xs:sequence>
87
+ <xs:attribute name="ServiceDisplayName" type="xs:string" use="optional"/>
88
+ <xs:attribute name="ServiceDescription" type="xs:string" use="optional"/>
89
+ </xs:extension>
90
+ </xs:complexContent>
91
+ </xs:complexType>
92
+
93
+ <xs:element name='LogicalServiceNamesOffered' type='tns:LogicalServiceNamesOfferedType' />
94
+ <xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />
95
+ <xs:element name='ClaimDialectsOffered' type='tns:ClaimDialectsOfferedType' />
96
+ <xs:element name='ClaimTypesOffered' type='tns:ClaimTypesOfferedType' />
97
+ <xs:element name='ClaimTypesRequested' type='tns:ClaimTypesRequestedType' />
98
+ <xs:element name="AutomaticPseudonyms" type="xs:boolean"/>
99
+ <xs:element name='TargetScopes' type='tns:EndpointType'/>
100
+
101
+ <!-- Section 3.1.2.2 -->
102
+ <xs:complexType name="SecurityTokenServiceType">
103
+ <xs:complexContent>
104
+ <xs:extension base="tns:WebServiceDescriptorType">
105
+ <xs:sequence>
106
+ <xs:element ref="tns:SecurityTokenServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
107
+ <xs:element ref="tns:SingleSignOutSubscriptionEndpoint" minOccurs="0" maxOccurs="unbounded"/>
108
+ <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
109
+ <xs:element ref="tns:PassiveRequestorEndpoint" minOccurs="0" maxOccurs="unbounded"/>
110
+ </xs:sequence>
111
+ </xs:extension>
112
+ </xs:complexContent>
113
+ </xs:complexType>
114
+ <xs:element name="SecurityTokenServiceEndpoint" type="tns:EndpointType"/>
115
+ <xs:element name="SingleSignOutSubscriptionEndpoint" type="tns:EndpointType"/>
116
+ <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/>
117
+ <xs:element name="PassiveRequestorEndpoint" type="tns:EndpointType"/>
118
+
119
+ <!-- Section 3.1.2.3 -->
120
+ <xs:complexType name="PseudonymServiceType">
121
+ <xs:complexContent>
122
+ <xs:extension base="tns:WebServiceDescriptorType">
123
+ <xs:sequence>
124
+ <xs:element ref="tns:PseudonymServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
125
+ <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
126
+ </xs:sequence>
127
+ </xs:extension>
128
+ </xs:complexContent>
129
+ </xs:complexType>
130
+
131
+ <xs:element name="PseudonymServiceEndpoint" type="tns:EndpointType"/>
132
+ <!-- Defined above -->
133
+ <!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
134
+
135
+ <!-- Section 3.1.2.4 -->
136
+ <xs:complexType name="AttributeServiceType">
137
+ <xs:complexContent>
138
+ <xs:extension base="tns:WebServiceDescriptorType">
139
+ <xs:sequence>
140
+ <xs:element ref="tns:AttributeServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
141
+ <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
142
+ </xs:sequence>
143
+ </xs:extension>
144
+ </xs:complexContent>
145
+ </xs:complexType>
146
+ <xs:element name="AttributeServiceEndpoint" type="tns:EndpointType"/>
147
+ <!-- Defined above -->
148
+ <!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
149
+
150
+ <!-- Section 3.1.2.5 -->
151
+ <xs:complexType name="ApplicationServiceType">
152
+ <xs:complexContent>
153
+ <xs:extension base="tns:WebServiceDescriptorType">
154
+ <xs:sequence>
155
+ <xs:element ref="tns:ApplicationServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
156
+ <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
157
+ <xs:element ref="tns:PassiveRequestorEndpoint" minOccurs="0" maxOccurs="unbounded"/>
158
+ </xs:sequence>
159
+ </xs:extension>
160
+ </xs:complexContent>
161
+ </xs:complexType>
162
+ <xs:element name="ApplicationServiceEndpoint" type="tns:EndpointType"/>
163
+ <!-- Defined above -->
164
+ <!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
165
+ <!-- <xs:element name="PassiveRequestorEndpoint" type="tns:EndpointType"/> -->
166
+
167
+
168
+ <!-- Section 3.1.3 -->
169
+ <!-- Defined above -->
170
+ <!--<xs:element name='LogicalServiceNamesOffered' type='tns:LogicalServiceNamesOfferedType' />-->
171
+
172
+ <xs:complexType name='LogicalServiceNamesOfferedType' >
173
+ <xs:sequence>
174
+ <xs:element name='IssuerName' type='tns:IssuerNameType' minOccurs='1' maxOccurs='unbounded' />
175
+ </xs:sequence>
176
+ <xs:anyAttribute namespace='##other' processContents='lax' />
177
+ </xs:complexType>
178
+
179
+ <xs:complexType name='IssuerNameType' >
180
+ <xs:attribute name='Uri' type='xs:anyURI' use='required' />
181
+ <xs:anyAttribute namespace='##other' processContents='lax' />
182
+ </xs:complexType>
183
+
184
+ <!-- Section 3.1.4 -->
185
+ <xs:element name='PsuedonymServiceEndpoints' type='tns:EndpointType' />
186
+ <xs:complexType name='EndpointType' >
187
+ <xs:sequence>
188
+ <xs:element ref='wsa:EndpointReference' minOccurs='1' maxOccurs='unbounded'/>
189
+ </xs:sequence>
190
+ </xs:complexType>
191
+
192
+ <!-- Section 3.1.5 -->
193
+ <xs:element name='AttributeServiceEndpoints' type='tns:EndpointType' />
194
+
195
+ <!-- Section 3.1.6 -->
196
+ <xs:element name='SingleSignOutSubscriptionEndpoints' type='tns:EndpointType' />
197
+
198
+ <!-- Section 3.1.7 -->
199
+ <xs:element name='SingleSignOutNotificationEndpoints' type='tns:EndpointType' />
200
+
201
+ <!-- Section 3.1.8 -->
202
+ <!-- Defined above -->
203
+ <!--<xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />-->
204
+ <xs:complexType name='TokenTypesOfferedType' >
205
+ <xs:sequence>
206
+ <xs:element name='TokenType' type='tns:TokenType' minOccurs='1' maxOccurs='unbounded' />
207
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
208
+ </xs:sequence>
209
+ <xs:anyAttribute namespace='##other' processContents='lax' />
210
+ </xs:complexType>
211
+
212
+ <xs:complexType name='TokenType' >
213
+ <xs:sequence>
214
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
215
+ </xs:sequence>
216
+ <xs:attribute name='Uri' type='xs:anyURI' />
217
+ <xs:anyAttribute namespace='##other' processContents='lax' />
218
+ </xs:complexType>
219
+
220
+ <!-- Section 3.1.9 -->
221
+ <!-- Defined above -->
222
+ <!-- <xs:element name='ClaimTypesOffered' type='tns:ClaimTypesOfferedType' /> -->
223
+ <xs:complexType name='ClaimTypesOfferedType'>
224
+ <xs:sequence>
225
+ <xs:element ref='auth:ClaimType' minOccurs='1' maxOccurs='unbounded' />
226
+ </xs:sequence>
227
+ <xs:anyAttribute namespace='##other' processContents='lax' />
228
+ </xs:complexType>
229
+
230
+ <!-- Section 3.1.10 -->
231
+ <!-- Defined above -->
232
+ <!-- <xs:element name='ClaimTypesRequested' ype='tns:ClaimTypesRequestedType' /> -->
233
+ <xs:complexType name='ClaimTypesRequestedType'>
234
+ <xs:sequence>
235
+ <xs:element ref='auth:ClaimType' minOccurs='1' maxOccurs='unbounded' />
236
+ </xs:sequence>
237
+ <xs:anyAttribute namespace='##other' processContents='lax' />
238
+ </xs:complexType>
239
+
240
+ <!-- Section 3.1.11 -->
241
+ <!-- Defined above -->
242
+ <!--<xs:element name='ClaimDialectsOffered' type='tns:ClaimDialectsOfferedType' />-->
243
+ <xs:complexType name='ClaimDialectsOfferedType'>
244
+ <xs:sequence>
245
+ <xs:element name='ClaimDialect' type='tns:ClaimDialectType' minOccurs='1' maxOccurs='unbounded' />
246
+ </xs:sequence>
247
+ <xs:anyAttribute namespace='##other' processContents='lax' />
248
+ </xs:complexType>
249
+
250
+ <xs:complexType name='ClaimDialectType' >
251
+ <xs:sequence>
252
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
253
+ </xs:sequence>
254
+ <xs:attribute name='Uri' type='xs:anyURI' />
255
+ <xs:anyAttribute namespace='##other' processContents='lax' />
256
+ </xs:complexType>
257
+
258
+ <!-- Section 3.1.12 -->
259
+ <!-- Defined above -->
260
+ <!-- <xs:element name='AutomaticPseudonyms' type='xs:boolean' /> -->
261
+
262
+ <!-- Section 3.1.13 -->
263
+ <xs:element name='PassiveRequestorEnpoints' type='tns:EndpointType'/>
264
+
265
+ <!-- Section 3.1.14 -->
266
+ <!-- Defined above -->
267
+ <!--<xs:element name='TargetScopes' type='tns:EndpointType'/>-->
268
+
269
+ <!-- Section 3.2.4 -->
270
+ <xs:element name='FederationMetadataHandler' type='tns:FederationMetadataHandlerType' />
271
+ <xs:complexType name='FederationMetadataHandlerType' >
272
+ <xs:anyAttribute namespace='##other' processContents='lax' />
273
+ </xs:complexType>
274
+
275
+ <!-- Section 4.1 -->
276
+ <xs:element name='SignOut' type='tns:SignOutType' />
277
+ <xs:complexType name='SignOutType' >
278
+ <xs:sequence>
279
+ <xs:element ref='tns:Realm' minOccurs='0' />
280
+ <xs:element name='SignOutBasis' type='tns:SignOutBasisType' minOccurs='1' maxOccurs='1' />
281
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
282
+ </xs:sequence>
283
+ <xs:attribute ref='wsu:Id' use='optional' />
284
+ <xs:anyAttribute namespace='##other' processContents='lax' />
285
+ </xs:complexType>
286
+
287
+ <xs:complexType name='SignOutBasisType' >
288
+ <xs:sequence>
289
+ <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='unbounded' />
290
+ </xs:sequence>
291
+ <xs:anyAttribute namespace='##other' processContents='lax' />
292
+ </xs:complexType>
293
+
294
+ <!-- Section 4.2 -->
295
+ <xs:element name='Realm' type='xs:anyURI' />
296
+
297
+ <!-- Section 6.1 -->
298
+ <xs:element name='FilterPseudonyms' type='tns:FilterPseudonymsType' />
299
+ <xs:complexType name='FilterPseudonymsType' >
300
+ <xs:sequence>
301
+ <xs:element ref='tns:PseudonymBasis' minOccurs='0' maxOccurs='1' />
302
+ <xs:element ref='tns:RelativeTo' minOccurs='0' maxOccurs='1' />
303
+ <xs:any namespace='##other' minOccurs='0' maxOccurs='unbounded' />
304
+ </xs:sequence>
305
+ <xs:anyAttribute namespace='##other' processContents='lax' />
306
+ </xs:complexType>
307
+
308
+ <xs:element name='PseudonymBasis' type='tns:PseudonymBasisType' />
309
+ <xs:complexType name='PseudonymBasisType' >
310
+ <xs:sequence>
311
+ <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
312
+ </xs:sequence>
313
+ <xs:anyAttribute namespace='##other' processContents='lax' />
314
+ </xs:complexType>
315
+
316
+ <xs:element name='RelativeTo' type='tns:RelativeToType' />
317
+ <xs:complexType name='RelativeToType' >
318
+ <xs:sequence>
319
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
320
+ </xs:sequence>
321
+ <xs:anyAttribute namespace='##other' processContents='lax' />
322
+ </xs:complexType>
323
+
324
+ <!-- Section 6.2 -->
325
+ <xs:element name='Pseudonym' type='tns:PseudonymType' />
326
+
327
+ <xs:complexType name='PseudonymType' >
328
+ <xs:sequence>
329
+ <!--
330
+ *** Accurate content model is nondeterministic ***
331
+ <xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
332
+ <xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
333
+ <xs:element ref='wsu:Expires' minOccurs='0' maxOccurs='1' />
334
+ <xs:element ref='tns:SecurityToken' minOccurs='0' maxOccurs='unbounded' />
335
+ <xs:element ref='tns:ProofToken' minOccurs='0' maxOccurs='unbounded' />
336
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
337
+ -->
338
+
339
+ <xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
340
+ <xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
341
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
342
+ </xs:sequence>
343
+ <xs:anyAttribute namespace='##other' processContents='lax' />
344
+ </xs:complexType>
345
+
346
+ <xs:element name='SecurityToken' type='tns:SecurityTokenType' />
347
+ <xs:complexType name='SecurityTokenType' >
348
+ <xs:sequence>
349
+ <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
350
+ </xs:sequence>
351
+ <xs:anyAttribute namespace='##other' processContents='lax' />
352
+ </xs:complexType>
353
+
354
+ <xs:element name='ProofToken' type='tns:ProofTokenType' />
355
+ <xs:complexType name='ProofTokenType' >
356
+ <xs:sequence>
357
+ <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
358
+ </xs:sequence>
359
+ <xs:anyAttribute namespace='##other' processContents='lax' />
360
+ </xs:complexType>
361
+
362
+ <!-- Section 7.1 -->
363
+ <xs:element name='RequestPseudonym' type='tns:RequestPseudonymType' />
364
+ <xs:complexType name='RequestPseudonymType' >
365
+ <xs:sequence>
366
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
367
+ </xs:sequence>
368
+ <xs:attribute name='SingleUse' type='xs:boolean' use='optional' />
369
+ <xs:attribute name='Lookup' type='xs:boolean' use='optional' />
370
+ <xs:anyAttribute namespace='##other' processContents='lax' />
371
+ </xs:complexType>
372
+
373
+ <!-- Section 8.1 -->
374
+ <xs:element name='ReferenceToken' type='tns:ReferenceTokenType' />
375
+ <xs:complexType name='ReferenceTokenType'>
376
+ <xs:sequence>
377
+ <xs:element name='ReferenceEPR' type='wsa:EndpointReferenceType' minOccurs='1' maxOccurs='unbounded' />
378
+ <xs:element name='ReferenceDigest' type='tns:ReferenceDigestType' minOccurs='0' maxOccurs='1' />
379
+ <xs:element name='ReferenceType' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
380
+ <xs:element name='SerialNo' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
381
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
382
+ </xs:sequence>
383
+ <xs:anyAttribute namespace='##other' processContents='lax' />
384
+ </xs:complexType>
385
+
386
+ <xs:complexType name='ReferenceDigestType' >
387
+ <xs:simpleContent>
388
+ <xs:extension base='xs:base64Binary' >
389
+ <xs:anyAttribute namespace='##other' processContents='lax' />
390
+ </xs:extension>
391
+ </xs:simpleContent>
392
+ </xs:complexType>
393
+ <xs:complexType name='AttributeExtensibleURI' >
394
+ <xs:simpleContent>
395
+ <xs:extension base='xs:anyURI' >
396
+ <xs:anyAttribute namespace='##other' processContents='lax' />
397
+ </xs:extension>
398
+ </xs:simpleContent>
399
+ </xs:complexType>
400
+
401
+ <!-- Section 8.2 -->
402
+ <xs:element name='FederationID' type='tns:AttributeExtensibleURI' />
403
+
404
+ <!-- Section 8.3 -->
405
+ <xs:element name='RequestProofToken' type='tns:RequestProofTokenType' />
406
+ <xs:complexType name='RequestProofTokenType' >
407
+ <xs:sequence>
408
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
409
+ </xs:sequence>
410
+ <xs:anyAttribute namespace='##other' processContents='lax' />
411
+ </xs:complexType>
412
+
413
+ <!-- Section 8.4 -->
414
+ <xs:element name='ClientPseudonym' type='tns:ClientPseudonymType' />
415
+ <xs:complexType name='ClientPseudonymType' >
416
+ <xs:sequence>
417
+ <xs:element name='PPID' type='tns:AttributeExtensibleString' minOccurs='0' />
418
+ <xs:element name='DisplayName' type='tns:AttributeExtensibleString' minOccurs='0' />
419
+ <xs:element name='EMail' type='tns:AttributeExtensibleString' minOccurs='0' />
420
+ <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
421
+ </xs:sequence>
422
+ <xs:anyAttribute namespace='##other' processContents='lax' />
423
+ </xs:complexType>
424
+
425
+ <xs:complexType name='AttributeExtensibleString' >
426
+ <xs:simpleContent>
427
+ <xs:extension base='xs:string' >
428
+ <xs:anyAttribute namespace='##other' processContents='lax' />
429
+ </xs:extension>
430
+ </xs:simpleContent>
431
+ </xs:complexType>
432
+
433
+ <!-- Section 8.5 -->
434
+ <xs:element name='Freshness' type='tns:Freshness' />
435
+ <xs:complexType name='Freshness'>
436
+ <xs:simpleContent>
437
+ <xs:extension base='xs:unsignedInt' >
438
+ <xs:attribute name='AllowCache' type='xs:boolean' use='optional' />
439
+ <xs:anyAttribute namespace='##other' processContents='lax' />
440
+ </xs:extension>
441
+ </xs:simpleContent>
442
+ </xs:complexType>
443
+
444
+ <!-- Section 14.1 -->
445
+ <xs:element name='RequireReferenceToken' type='sp:TokenAssertionType' />
446
+ <xs:element name='ReferenceToken11' type='tns:AssertionType' />
447
+
448
+ <xs:complexType name='AssertionType' >
449
+ <xs:sequence>
450
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
451
+ </xs:sequence>
452
+ <xs:anyAttribute namespace='##other' processContents='lax' />
453
+ </xs:complexType>
454
+
455
+ <!-- Section 14.2 -->
456
+ <xs:element name='WebBinding' type='sp:NestedPolicyType' />
457
+ <xs:element name='AuthenticationToken' type='sp:NestedPolicyType' />
458
+ <!-- ReferenceToken defined above -->
459
+ <xs:element name='RequireSignedTokens' type='tns:AssertionType' />
460
+ <xs:element name='RequireBearerTokens' type='tns:AssertionType' />
461
+ <xs:element name='RequireSharedCookies' type='tns:AssertionType' />
462
+
463
+
464
+ <!-- Section 14.3 -->
465
+ <xs:element name='RequiresGenericClaimDialect' type='tns:AssertionType' />
466
+ <xs:element name='IssuesSpecificPolicyFault' type='tns:AssertionType' />
467
+ <xs:element name='AdditionalContextProcessed' type='tns:AssertionType' />
468
+
469
+
470
+ </xs:schema>
471
+