ruby-saml 0.8.18 → 0.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +1 -6
- data/Gemfile +2 -12
- data/README.md +363 -35
- data/Rakefile +14 -0
- data/changelog.md +22 -9
- data/lib/onelogin/ruby-saml/attribute_service.rb +34 -0
- data/lib/onelogin/ruby-saml/attributes.rb +26 -64
- data/lib/onelogin/ruby-saml/authrequest.rb +47 -93
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +87 -0
- data/lib/onelogin/ruby-saml/logoutrequest.rb +36 -100
- data/lib/onelogin/ruby-saml/logoutresponse.rb +25 -35
- data/lib/onelogin/ruby-saml/metadata.rb +46 -16
- data/lib/onelogin/ruby-saml/response.rb +63 -373
- data/lib/onelogin/ruby-saml/saml_message.rb +78 -0
- data/lib/onelogin/ruby-saml/settings.rb +54 -122
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +25 -71
- data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +37 -102
- data/lib/onelogin/ruby-saml/utils.rb +32 -199
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/ruby-saml.rb +5 -2
- data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} +283 -283
- data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
- data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
- data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
- data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} +302 -302
- data/lib/schemas/sstc-metadata-attr.xsd +35 -0
- data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
- data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
- data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
- data/lib/schemas/{xenc_schema.xsd → xenc-schema.xsd} +1 -11
- data/lib/schemas/xml.xsd +287 -0
- data/lib/schemas/{xmldsig_schema.xsd → xmldsig-core-schema.xsd} +0 -9
- data/lib/xml_security.rb +83 -235
- data/ruby-saml.gemspec +1 -0
- data/test/idp_metadata_parser_test.rb +54 -0
- data/test/logoutrequest_test.rb +68 -155
- data/test/logoutresponse_test.rb +43 -32
- data/test/metadata_test.rb +87 -0
- data/test/request_test.rb +102 -99
- data/test/response_test.rb +181 -495
- data/test/responses/idp_descriptor.xml +3 -0
- data/test/responses/logoutresponse_fixtures.rb +7 -8
- data/test/responses/response_no_cert_and_encrypted_attrs.xml +29 -0
- data/test/responses/response_with_multiple_attribute_values.xml +1 -1
- data/test/responses/slo_request.xml +4 -0
- data/test/settings_test.rb +25 -112
- data/test/slo_logoutrequest_test.rb +40 -50
- data/test/slo_logoutresponse_test.rb +86 -185
- data/test/test_helper.rb +27 -102
- data/test/xml_security_test.rb +114 -337
- metadata +30 -81
- data/lib/onelogin/ruby-saml/setting_error.rb +0 -6
- data/test/certificates/certificate.der +0 -0
- data/test/certificates/formatted_certificate +0 -14
- data/test/certificates/formatted_chained_certificate +0 -42
- data/test/certificates/formatted_private_key +0 -12
- data/test/certificates/formatted_rsa_private_key +0 -12
- data/test/certificates/invalid_certificate1 +0 -1
- data/test/certificates/invalid_certificate2 +0 -1
- data/test/certificates/invalid_certificate3 +0 -12
- data/test/certificates/invalid_chained_certificate1 +0 -1
- data/test/certificates/invalid_private_key1 +0 -1
- data/test/certificates/invalid_private_key2 +0 -1
- data/test/certificates/invalid_private_key3 +0 -10
- data/test/certificates/invalid_rsa_private_key1 +0 -1
- data/test/certificates/invalid_rsa_private_key2 +0 -1
- data/test/certificates/invalid_rsa_private_key3 +0 -10
- data/test/certificates/ruby-saml-2.crt +0 -15
- data/test/requests/logoutrequest_fixtures.rb +0 -47
- data/test/responses/encrypted_new_attack.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
- data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
- data/test/responses/invalids/no_signature.xml.base64 +0 -1
- data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
- data/test/responses/response_node_text_attack.xml.base64 +0 -1
- data/test/responses/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
- data/test/responses/response_with_signed_assertion_3.xml +0 -30
- data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
- data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
- data/test/responses/response_wrapped.xml.base64 +0 -150
- data/test/responses/valid_response.xml.base64 +0 -1
- data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
- data/test/utils_test.rb +0 -231
@@ -0,0 +1,821 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<xs:schema
|
3
|
+
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
4
|
+
elementFormDefault="qualified"
|
5
|
+
version="2.0">
|
6
|
+
|
7
|
+
<xs:annotation>
|
8
|
+
<xs:documentation>
|
9
|
+
Document identifier: saml-schema-authn-context-types-2.0
|
10
|
+
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
11
|
+
Revision history:
|
12
|
+
V2.0 (March, 2005):
|
13
|
+
New core authentication context schema types for SAML V2.0.
|
14
|
+
</xs:documentation>
|
15
|
+
</xs:annotation>
|
16
|
+
|
17
|
+
<xs:element name="AuthenticationContextDeclaration" type="AuthnContextDeclarationBaseType">
|
18
|
+
<xs:annotation>
|
19
|
+
<xs:documentation>
|
20
|
+
A particular assertion on an identity
|
21
|
+
provider's part with respect to the authentication
|
22
|
+
context associated with an authentication assertion.
|
23
|
+
</xs:documentation>
|
24
|
+
</xs:annotation>
|
25
|
+
</xs:element>
|
26
|
+
|
27
|
+
<xs:element name="Identification" type="IdentificationType">
|
28
|
+
<xs:annotation>
|
29
|
+
<xs:documentation>
|
30
|
+
Refers to those characteristics that describe the
|
31
|
+
processes and mechanisms
|
32
|
+
the Authentication Authority uses to initially create
|
33
|
+
an association between a Principal
|
34
|
+
and the identity (or name) by which the Principal will
|
35
|
+
be known
|
36
|
+
</xs:documentation>
|
37
|
+
</xs:annotation>
|
38
|
+
</xs:element>
|
39
|
+
|
40
|
+
<xs:element name="PhysicalVerification">
|
41
|
+
<xs:annotation>
|
42
|
+
<xs:documentation>
|
43
|
+
This element indicates that identification has been
|
44
|
+
performed in a physical
|
45
|
+
face-to-face meeting with the principal and not in an
|
46
|
+
online manner.
|
47
|
+
</xs:documentation>
|
48
|
+
</xs:annotation>
|
49
|
+
<xs:complexType>
|
50
|
+
<xs:attribute name="credentialLevel">
|
51
|
+
<xs:simpleType>
|
52
|
+
<xs:restriction base="xs:NMTOKEN">
|
53
|
+
<xs:enumeration value="primary"/>
|
54
|
+
<xs:enumeration value="secondary"/>
|
55
|
+
</xs:restriction>
|
56
|
+
</xs:simpleType>
|
57
|
+
</xs:attribute>
|
58
|
+
</xs:complexType>
|
59
|
+
</xs:element>
|
60
|
+
|
61
|
+
<xs:element name="WrittenConsent" type="ExtensionOnlyType"/>
|
62
|
+
|
63
|
+
<xs:element name="TechnicalProtection" type="TechnicalProtectionBaseType">
|
64
|
+
<xs:annotation>
|
65
|
+
<xs:documentation>
|
66
|
+
Refers to those characterstics that describe how the
|
67
|
+
'secret' (the knowledge or possession
|
68
|
+
of which allows the Principal to authenticate to the
|
69
|
+
Authentication Authority) is kept secure
|
70
|
+
</xs:documentation>
|
71
|
+
</xs:annotation>
|
72
|
+
</xs:element>
|
73
|
+
|
74
|
+
<xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
|
75
|
+
<xs:annotation>
|
76
|
+
<xs:documentation>
|
77
|
+
This element indicates the types and strengths of
|
78
|
+
facilities
|
79
|
+
of a UA used to protect a shared secret key from
|
80
|
+
unauthorized access and/or use.
|
81
|
+
</xs:documentation>
|
82
|
+
</xs:annotation>
|
83
|
+
</xs:element>
|
84
|
+
|
85
|
+
<xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
|
86
|
+
<xs:annotation>
|
87
|
+
<xs:documentation>
|
88
|
+
This element indicates the types and strengths of
|
89
|
+
facilities
|
90
|
+
of a UA used to protect a private key from
|
91
|
+
unauthorized access and/or use.
|
92
|
+
</xs:documentation>
|
93
|
+
</xs:annotation>
|
94
|
+
</xs:element>
|
95
|
+
|
96
|
+
<xs:element name="KeyActivation" type="KeyActivationType">
|
97
|
+
<xs:annotation>
|
98
|
+
<xs:documentation>The actions that must be performed
|
99
|
+
before the private key can be used. </xs:documentation>
|
100
|
+
</xs:annotation>
|
101
|
+
</xs:element>
|
102
|
+
|
103
|
+
<xs:element name="KeySharing" type="KeySharingType">
|
104
|
+
<xs:annotation>
|
105
|
+
<xs:documentation>Whether or not the private key is shared
|
106
|
+
with the certificate authority.</xs:documentation>
|
107
|
+
</xs:annotation>
|
108
|
+
</xs:element>
|
109
|
+
|
110
|
+
<xs:element name="KeyStorage" type="KeyStorageType">
|
111
|
+
<xs:annotation>
|
112
|
+
<xs:documentation>
|
113
|
+
In which medium is the key stored.
|
114
|
+
memory - the key is stored in memory.
|
115
|
+
smartcard - the key is stored in a smartcard.
|
116
|
+
token - the key is stored in a hardware token.
|
117
|
+
MobileDevice - the key is stored in a mobile device.
|
118
|
+
MobileAuthCard - the key is stored in a mobile
|
119
|
+
authentication card.
|
120
|
+
</xs:documentation>
|
121
|
+
</xs:annotation>
|
122
|
+
</xs:element>
|
123
|
+
|
124
|
+
<xs:element name="SubscriberLineNumber" type="ExtensionOnlyType"/>
|
125
|
+
<xs:element name="UserSuffix" type="ExtensionOnlyType"/>
|
126
|
+
|
127
|
+
<xs:element name="Password" type="PasswordType">
|
128
|
+
<xs:annotation>
|
129
|
+
<xs:documentation>
|
130
|
+
This element indicates that a password (or passphrase)
|
131
|
+
has been used to
|
132
|
+
authenticate the Principal to a remote system.
|
133
|
+
</xs:documentation>
|
134
|
+
</xs:annotation>
|
135
|
+
</xs:element>
|
136
|
+
|
137
|
+
<xs:element name="ActivationPin" type="ActivationPinType">
|
138
|
+
<xs:annotation>
|
139
|
+
<xs:documentation>
|
140
|
+
This element indicates that a Pin (Personal
|
141
|
+
Identification Number) has been used to authenticate the Principal to
|
142
|
+
some local system in order to activate a key.
|
143
|
+
</xs:documentation>
|
144
|
+
</xs:annotation>
|
145
|
+
</xs:element>
|
146
|
+
|
147
|
+
<xs:element name="Token" type="TokenType">
|
148
|
+
<xs:annotation>
|
149
|
+
<xs:documentation>
|
150
|
+
This element indicates that a hardware or software
|
151
|
+
token is used
|
152
|
+
as a method of identifying the Principal.
|
153
|
+
</xs:documentation>
|
154
|
+
</xs:annotation>
|
155
|
+
</xs:element>
|
156
|
+
|
157
|
+
<xs:element name="TimeSyncToken" type="TimeSyncTokenType">
|
158
|
+
<xs:annotation>
|
159
|
+
<xs:documentation>
|
160
|
+
This element indicates that a time synchronization
|
161
|
+
token is used to identify the Principal. hardware -
|
162
|
+
the time synchonization
|
163
|
+
token has been implemented in hardware. software - the
|
164
|
+
time synchronization
|
165
|
+
token has been implemented in software. SeedLength -
|
166
|
+
the length, in bits, of the
|
167
|
+
random seed used in the time synchronization token.
|
168
|
+
</xs:documentation>
|
169
|
+
</xs:annotation>
|
170
|
+
</xs:element>
|
171
|
+
|
172
|
+
<xs:element name="Smartcard" type="ExtensionOnlyType">
|
173
|
+
<xs:annotation>
|
174
|
+
<xs:documentation>
|
175
|
+
This element indicates that a smartcard is used to
|
176
|
+
identity the Principal.
|
177
|
+
</xs:documentation>
|
178
|
+
</xs:annotation>
|
179
|
+
</xs:element>
|
180
|
+
|
181
|
+
<xs:element name="Length" type="LengthType">
|
182
|
+
<xs:annotation>
|
183
|
+
<xs:documentation>
|
184
|
+
This element indicates the minimum and/or maximum
|
185
|
+
ASCII length of the password which is enforced (by the UA or the
|
186
|
+
IdP). In other words, this is the minimum and/or maximum number of
|
187
|
+
ASCII characters required to represent a valid password.
|
188
|
+
min - the minimum number of ASCII characters required
|
189
|
+
in a valid password, as enforced by the UA or the IdP.
|
190
|
+
max - the maximum number of ASCII characters required
|
191
|
+
in a valid password, as enforced by the UA or the IdP.
|
192
|
+
</xs:documentation>
|
193
|
+
</xs:annotation>
|
194
|
+
</xs:element>
|
195
|
+
|
196
|
+
<xs:element name="ActivationLimit" type="ActivationLimitType">
|
197
|
+
<xs:annotation>
|
198
|
+
<xs:documentation>
|
199
|
+
This element indicates the length of time for which an
|
200
|
+
PIN-based authentication is valid.
|
201
|
+
</xs:documentation>
|
202
|
+
</xs:annotation>
|
203
|
+
</xs:element>
|
204
|
+
|
205
|
+
<xs:element name="Generation">
|
206
|
+
<xs:annotation>
|
207
|
+
<xs:documentation>
|
208
|
+
Indicates whether the password was chosen by the
|
209
|
+
Principal or auto-supplied by the Authentication Authority.
|
210
|
+
principalchosen - the Principal is allowed to choose
|
211
|
+
the value of the password. This is true even if
|
212
|
+
the initial password is chosen at random by the UA or
|
213
|
+
the IdP and the Principal is then free to change
|
214
|
+
the password.
|
215
|
+
automatic - the password is chosen by the UA or the
|
216
|
+
IdP to be cryptographically strong in some sense,
|
217
|
+
or to satisfy certain password rules, and that the
|
218
|
+
Principal is not free to change it or to choose a new password.
|
219
|
+
</xs:documentation>
|
220
|
+
</xs:annotation>
|
221
|
+
|
222
|
+
<xs:complexType>
|
223
|
+
<xs:attribute name="mechanism" use="required">
|
224
|
+
<xs:simpleType>
|
225
|
+
<xs:restriction base="xs:NMTOKEN">
|
226
|
+
<xs:enumeration value="principalchosen"/>
|
227
|
+
<xs:enumeration value="automatic"/>
|
228
|
+
</xs:restriction>
|
229
|
+
</xs:simpleType>
|
230
|
+
</xs:attribute>
|
231
|
+
</xs:complexType>
|
232
|
+
</xs:element>
|
233
|
+
|
234
|
+
<xs:element name="AuthnMethod" type="AuthnMethodBaseType">
|
235
|
+
<xs:annotation>
|
236
|
+
<xs:documentation>
|
237
|
+
Refers to those characteristics that define the
|
238
|
+
mechanisms by which the Principal authenticates to the Authentication
|
239
|
+
Authority.
|
240
|
+
</xs:documentation>
|
241
|
+
</xs:annotation>
|
242
|
+
</xs:element>
|
243
|
+
|
244
|
+
<xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
|
245
|
+
<xs:annotation>
|
246
|
+
<xs:documentation>
|
247
|
+
The method that a Principal employs to perform
|
248
|
+
authentication to local system components.
|
249
|
+
</xs:documentation>
|
250
|
+
</xs:annotation>
|
251
|
+
</xs:element>
|
252
|
+
|
253
|
+
<xs:element name="Authenticator" type="AuthenticatorBaseType">
|
254
|
+
<xs:annotation>
|
255
|
+
<xs:documentation>
|
256
|
+
The method applied to validate a principal's
|
257
|
+
authentication across a network
|
258
|
+
</xs:documentation>
|
259
|
+
</xs:annotation>
|
260
|
+
</xs:element>
|
261
|
+
|
262
|
+
<xs:element name="ComplexAuthenticator" type="ComplexAuthenticatorType">
|
263
|
+
<xs:annotation>
|
264
|
+
<xs:documentation>
|
265
|
+
Supports Authenticators with nested combinations of
|
266
|
+
additional complexity.
|
267
|
+
</xs:documentation>
|
268
|
+
</xs:annotation>
|
269
|
+
</xs:element>
|
270
|
+
|
271
|
+
<xs:element name="PreviousSession" type="ExtensionOnlyType">
|
272
|
+
<xs:annotation>
|
273
|
+
<xs:documentation>
|
274
|
+
Indicates that the Principal has been strongly
|
275
|
+
authenticated in a previous session during which the IdP has set a
|
276
|
+
cookie in the UA. During the present session the Principal has only
|
277
|
+
been authenticated by the UA returning the cookie to the IdP.
|
278
|
+
</xs:documentation>
|
279
|
+
</xs:annotation>
|
280
|
+
</xs:element>
|
281
|
+
|
282
|
+
<xs:element name="ResumeSession" type="ExtensionOnlyType">
|
283
|
+
<xs:annotation>
|
284
|
+
<xs:documentation>
|
285
|
+
Rather like PreviousSession but using stronger
|
286
|
+
security. A secret that was established in a previous session with
|
287
|
+
the Authentication Authority has been cached by the local system and
|
288
|
+
is now re-used (e.g. a Master Secret is used to derive new session
|
289
|
+
keys in TLS, SSL, WTLS).
|
290
|
+
</xs:documentation>
|
291
|
+
</xs:annotation>
|
292
|
+
</xs:element>
|
293
|
+
|
294
|
+
<xs:element name="ZeroKnowledge" type="ExtensionOnlyType">
|
295
|
+
<xs:annotation>
|
296
|
+
<xs:documentation>
|
297
|
+
This element indicates that the Principal has been
|
298
|
+
authenticated by a zero knowledge technique as specified in ISO/IEC
|
299
|
+
9798-5.
|
300
|
+
</xs:documentation>
|
301
|
+
</xs:annotation>
|
302
|
+
</xs:element>
|
303
|
+
|
304
|
+
<xs:element name="SharedSecretChallengeResponse" type="SharedSecretChallengeResponseType"/>
|
305
|
+
|
306
|
+
<xs:complexType name="SharedSecretChallengeResponseType">
|
307
|
+
<xs:annotation>
|
308
|
+
<xs:documentation>
|
309
|
+
This element indicates that the Principal has been
|
310
|
+
authenticated by a challenge-response protocol utilizing shared secret
|
311
|
+
keys and symmetric cryptography.
|
312
|
+
</xs:documentation>
|
313
|
+
</xs:annotation>
|
314
|
+
<xs:sequence>
|
315
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
316
|
+
</xs:sequence>
|
317
|
+
<xs:attribute name="method" type="xs:anyURI" use="optional"/>
|
318
|
+
</xs:complexType>
|
319
|
+
|
320
|
+
<xs:element name="DigSig" type="PublicKeyType">
|
321
|
+
<xs:annotation>
|
322
|
+
<xs:documentation>
|
323
|
+
This element indicates that the Principal has been
|
324
|
+
authenticated by a mechanism which involves the Principal computing a
|
325
|
+
digital signature over at least challenge data provided by the IdP.
|
326
|
+
</xs:documentation>
|
327
|
+
</xs:annotation>
|
328
|
+
</xs:element>
|
329
|
+
|
330
|
+
<xs:element name="AsymmetricDecryption" type="PublicKeyType">
|
331
|
+
<xs:annotation>
|
332
|
+
<xs:documentation>
|
333
|
+
The local system has a private key but it is used
|
334
|
+
in decryption mode, rather than signature mode. For example, the
|
335
|
+
Authentication Authority generates a secret and encrypts it using the
|
336
|
+
local system's public key: the local system then proves it has
|
337
|
+
decrypted the secret.
|
338
|
+
</xs:documentation>
|
339
|
+
</xs:annotation>
|
340
|
+
</xs:element>
|
341
|
+
|
342
|
+
<xs:element name="AsymmetricKeyAgreement" type="PublicKeyType">
|
343
|
+
<xs:annotation>
|
344
|
+
<xs:documentation>
|
345
|
+
The local system has a private key and uses it for
|
346
|
+
shared secret key agreement with the Authentication Authority (e.g.
|
347
|
+
via Diffie Helman).
|
348
|
+
</xs:documentation>
|
349
|
+
</xs:annotation>
|
350
|
+
</xs:element>
|
351
|
+
|
352
|
+
<xs:complexType name="PublicKeyType">
|
353
|
+
<xs:sequence>
|
354
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
355
|
+
</xs:sequence>
|
356
|
+
<xs:attribute name="keyValidation" use="optional"/>
|
357
|
+
</xs:complexType>
|
358
|
+
|
359
|
+
<xs:element name="IPAddress" type="ExtensionOnlyType">
|
360
|
+
<xs:annotation>
|
361
|
+
<xs:documentation>
|
362
|
+
This element indicates that the Principal has been
|
363
|
+
authenticated through connection from a particular IP address.
|
364
|
+
</xs:documentation>
|
365
|
+
</xs:annotation>
|
366
|
+
</xs:element>
|
367
|
+
|
368
|
+
<xs:element name="SharedSecretDynamicPlaintext" type="ExtensionOnlyType">
|
369
|
+
<xs:annotation>
|
370
|
+
<xs:documentation>
|
371
|
+
The local system and Authentication Authority
|
372
|
+
share a secret key. The local system uses this to encrypt a
|
373
|
+
randomised string to pass to the Authentication Authority.
|
374
|
+
</xs:documentation>
|
375
|
+
</xs:annotation>
|
376
|
+
</xs:element>
|
377
|
+
|
378
|
+
<xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">
|
379
|
+
<xs:annotation>
|
380
|
+
<xs:documentation>
|
381
|
+
The protocol across which Authenticator information is
|
382
|
+
transferred to an Authentication Authority verifier.
|
383
|
+
</xs:documentation>
|
384
|
+
</xs:annotation>
|
385
|
+
</xs:element>
|
386
|
+
|
387
|
+
<xs:element name="HTTP" type="ExtensionOnlyType">
|
388
|
+
<xs:annotation>
|
389
|
+
<xs:documentation>
|
390
|
+
This element indicates that the Authenticator has been
|
391
|
+
transmitted using bare HTTP utilizing no additional security
|
392
|
+
protocols.
|
393
|
+
</xs:documentation>
|
394
|
+
</xs:annotation>
|
395
|
+
</xs:element>
|
396
|
+
|
397
|
+
<xs:element name="IPSec" type="ExtensionOnlyType">
|
398
|
+
<xs:annotation>
|
399
|
+
<xs:documentation>
|
400
|
+
This element indicates that the Authenticator has been
|
401
|
+
transmitted using a transport mechanism protected by an IPSEC session.
|
402
|
+
</xs:documentation>
|
403
|
+
</xs:annotation>
|
404
|
+
</xs:element>
|
405
|
+
|
406
|
+
<xs:element name="WTLS" type="ExtensionOnlyType">
|
407
|
+
<xs:annotation>
|
408
|
+
<xs:documentation>
|
409
|
+
This element indicates that the Authenticator has been
|
410
|
+
transmitted using a transport mechanism protected by a WTLS session.
|
411
|
+
</xs:documentation>
|
412
|
+
</xs:annotation>
|
413
|
+
</xs:element>
|
414
|
+
|
415
|
+
<xs:element name="MobileNetworkNoEncryption" type="ExtensionOnlyType">
|
416
|
+
<xs:annotation>
|
417
|
+
<xs:documentation>
|
418
|
+
This element indicates that the Authenticator has been
|
419
|
+
transmitted solely across a mobile network using no additional
|
420
|
+
security mechanism.
|
421
|
+
</xs:documentation>
|
422
|
+
</xs:annotation>
|
423
|
+
</xs:element>
|
424
|
+
|
425
|
+
<xs:element name="MobileNetworkRadioEncryption" type="ExtensionOnlyType"/>
|
426
|
+
<xs:element name="MobileNetworkEndToEndEncryption" type="ExtensionOnlyType"/>
|
427
|
+
|
428
|
+
<xs:element name="SSL" type="ExtensionOnlyType">
|
429
|
+
<xs:annotation>
|
430
|
+
<xs:documentation>
|
431
|
+
This element indicates that the Authenticator has been
|
432
|
+
transmitted using a transport mechnanism protected by an SSL or TLS
|
433
|
+
session.
|
434
|
+
</xs:documentation>
|
435
|
+
</xs:annotation>
|
436
|
+
</xs:element>
|
437
|
+
|
438
|
+
<xs:element name="PSTN" type="ExtensionOnlyType"/>
|
439
|
+
<xs:element name="ISDN" type="ExtensionOnlyType"/>
|
440
|
+
<xs:element name="ADSL" type="ExtensionOnlyType"/>
|
441
|
+
|
442
|
+
<xs:element name="OperationalProtection" type="OperationalProtectionType">
|
443
|
+
<xs:annotation>
|
444
|
+
<xs:documentation>
|
445
|
+
Refers to those characteristics that describe
|
446
|
+
procedural security controls employed by the Authentication Authority.
|
447
|
+
</xs:documentation>
|
448
|
+
</xs:annotation>
|
449
|
+
</xs:element>
|
450
|
+
|
451
|
+
<xs:element name="SecurityAudit" type="SecurityAuditType"/>
|
452
|
+
<xs:element name="SwitchAudit" type="ExtensionOnlyType"/>
|
453
|
+
<xs:element name="DeactivationCallCenter" type="ExtensionOnlyType"/>
|
454
|
+
|
455
|
+
<xs:element name="GoverningAgreements" type="GoverningAgreementsType">
|
456
|
+
<xs:annotation>
|
457
|
+
<xs:documentation>
|
458
|
+
Provides a mechanism for linking to external (likely
|
459
|
+
human readable) documents in which additional business agreements,
|
460
|
+
(e.g. liability constraints, obligations, etc) can be placed.
|
461
|
+
</xs:documentation>
|
462
|
+
</xs:annotation>
|
463
|
+
</xs:element>
|
464
|
+
|
465
|
+
<xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>
|
466
|
+
|
467
|
+
<xs:simpleType name="nymType">
|
468
|
+
<xs:restriction base="xs:NMTOKEN">
|
469
|
+
<xs:enumeration value="anonymity"/>
|
470
|
+
<xs:enumeration value="verinymity"/>
|
471
|
+
<xs:enumeration value="pseudonymity"/>
|
472
|
+
</xs:restriction>
|
473
|
+
</xs:simpleType>
|
474
|
+
|
475
|
+
<xs:complexType name="AuthnContextDeclarationBaseType">
|
476
|
+
<xs:sequence>
|
477
|
+
<xs:element ref="Identification" minOccurs="0"/>
|
478
|
+
<xs:element ref="TechnicalProtection" minOccurs="0"/>
|
479
|
+
<xs:element ref="OperationalProtection" minOccurs="0"/>
|
480
|
+
<xs:element ref="AuthnMethod" minOccurs="0"/>
|
481
|
+
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
482
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
483
|
+
</xs:sequence>
|
484
|
+
<xs:attribute name="ID" type="xs:ID" use="optional"/>
|
485
|
+
</xs:complexType>
|
486
|
+
|
487
|
+
<xs:complexType name="IdentificationType">
|
488
|
+
<xs:sequence>
|
489
|
+
<xs:element ref="PhysicalVerification" minOccurs="0"/>
|
490
|
+
<xs:element ref="WrittenConsent" minOccurs="0"/>
|
491
|
+
<xs:element ref="GoverningAgreements" minOccurs="0"/>
|
492
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
493
|
+
</xs:sequence>
|
494
|
+
<xs:attribute name="nym" type="nymType">
|
495
|
+
<xs:annotation>
|
496
|
+
<xs:documentation>
|
497
|
+
This attribute indicates whether or not the
|
498
|
+
Identification mechanisms allow the actions of the Principal to be
|
499
|
+
linked to an actual end user.
|
500
|
+
</xs:documentation>
|
501
|
+
</xs:annotation>
|
502
|
+
</xs:attribute>
|
503
|
+
</xs:complexType>
|
504
|
+
|
505
|
+
<xs:complexType name="TechnicalProtectionBaseType">
|
506
|
+
<xs:sequence>
|
507
|
+
<xs:choice minOccurs="0">
|
508
|
+
<xs:element ref="PrivateKeyProtection"/>
|
509
|
+
<xs:element ref="SecretKeyProtection"/>
|
510
|
+
</xs:choice>
|
511
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
512
|
+
</xs:sequence>
|
513
|
+
</xs:complexType>
|
514
|
+
|
515
|
+
<xs:complexType name="OperationalProtectionType">
|
516
|
+
<xs:sequence>
|
517
|
+
<xs:element ref="SecurityAudit" minOccurs="0"/>
|
518
|
+
<xs:element ref="DeactivationCallCenter" minOccurs="0"/>
|
519
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
520
|
+
</xs:sequence>
|
521
|
+
</xs:complexType>
|
522
|
+
|
523
|
+
<xs:complexType name="AuthnMethodBaseType">
|
524
|
+
<xs:sequence>
|
525
|
+
<xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
|
526
|
+
<xs:element ref="Authenticator" minOccurs="0"/>
|
527
|
+
<xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
|
528
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
529
|
+
</xs:sequence>
|
530
|
+
</xs:complexType>
|
531
|
+
|
532
|
+
<xs:complexType name="GoverningAgreementsType">
|
533
|
+
<xs:sequence>
|
534
|
+
<xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>
|
535
|
+
</xs:sequence>
|
536
|
+
</xs:complexType>
|
537
|
+
|
538
|
+
<xs:complexType name="GoverningAgreementRefType">
|
539
|
+
<xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>
|
540
|
+
</xs:complexType>
|
541
|
+
|
542
|
+
<xs:complexType name="PrincipalAuthenticationMechanismType">
|
543
|
+
<xs:sequence>
|
544
|
+
<xs:element ref="Password" minOccurs="0"/>
|
545
|
+
<xs:element ref="RestrictedPassword" minOccurs="0"/>
|
546
|
+
<xs:element ref="Token" minOccurs="0"/>
|
547
|
+
<xs:element ref="Smartcard" minOccurs="0"/>
|
548
|
+
<xs:element ref="ActivationPin" minOccurs="0"/>
|
549
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
550
|
+
</xs:sequence>
|
551
|
+
<xs:attribute name="preauth" type="xs:integer" use="optional"/>
|
552
|
+
</xs:complexType>
|
553
|
+
|
554
|
+
<xs:group name="AuthenticatorChoiceGroup">
|
555
|
+
<xs:choice>
|
556
|
+
<xs:element ref="PreviousSession"/>
|
557
|
+
<xs:element ref="ResumeSession"/>
|
558
|
+
<xs:element ref="DigSig"/>
|
559
|
+
<xs:element ref="Password"/>
|
560
|
+
<xs:element ref="RestrictedPassword"/>
|
561
|
+
<xs:element ref="ZeroKnowledge"/>
|
562
|
+
<xs:element ref="SharedSecretChallengeResponse"/>
|
563
|
+
<xs:element ref="SharedSecretDynamicPlaintext"/>
|
564
|
+
<xs:element ref="IPAddress"/>
|
565
|
+
<xs:element ref="AsymmetricDecryption"/>
|
566
|
+
<xs:element ref="AsymmetricKeyAgreement"/>
|
567
|
+
<xs:element ref="SubscriberLineNumber"/>
|
568
|
+
<xs:element ref="UserSuffix"/>
|
569
|
+
<xs:element ref="ComplexAuthenticator"/>
|
570
|
+
</xs:choice>
|
571
|
+
</xs:group>
|
572
|
+
|
573
|
+
<xs:group name="AuthenticatorSequenceGroup">
|
574
|
+
<xs:sequence>
|
575
|
+
<xs:element ref="PreviousSession" minOccurs="0"/>
|
576
|
+
<xs:element ref="ResumeSession" minOccurs="0"/>
|
577
|
+
<xs:element ref="DigSig" minOccurs="0"/>
|
578
|
+
<xs:element ref="Password" minOccurs="0"/>
|
579
|
+
<xs:element ref="RestrictedPassword" minOccurs="0"/>
|
580
|
+
<xs:element ref="ZeroKnowledge" minOccurs="0"/>
|
581
|
+
<xs:element ref="SharedSecretChallengeResponse" minOccurs="0"/>
|
582
|
+
<xs:element ref="SharedSecretDynamicPlaintext" minOccurs="0"/>
|
583
|
+
<xs:element ref="IPAddress" minOccurs="0"/>
|
584
|
+
<xs:element ref="AsymmetricDecryption" minOccurs="0"/>
|
585
|
+
<xs:element ref="AsymmetricKeyAgreement" minOccurs="0"/>
|
586
|
+
<xs:element ref="SubscriberLineNumber" minOccurs="0"/>
|
587
|
+
<xs:element ref="UserSuffix" minOccurs="0"/>
|
588
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
589
|
+
</xs:sequence>
|
590
|
+
</xs:group>
|
591
|
+
|
592
|
+
<xs:complexType name="AuthenticatorBaseType">
|
593
|
+
<xs:sequence>
|
594
|
+
<xs:group ref="AuthenticatorChoiceGroup"/>
|
595
|
+
<xs:group ref="AuthenticatorSequenceGroup"/>
|
596
|
+
</xs:sequence>
|
597
|
+
</xs:complexType>
|
598
|
+
|
599
|
+
<xs:complexType name="ComplexAuthenticatorType">
|
600
|
+
<xs:sequence>
|
601
|
+
<xs:group ref="AuthenticatorChoiceGroup"/>
|
602
|
+
<xs:group ref="AuthenticatorSequenceGroup"/>
|
603
|
+
</xs:sequence>
|
604
|
+
</xs:complexType>
|
605
|
+
|
606
|
+
<xs:complexType name="AuthenticatorTransportProtocolType">
|
607
|
+
<xs:sequence>
|
608
|
+
<xs:choice minOccurs="0">
|
609
|
+
<xs:element ref="HTTP"/>
|
610
|
+
<xs:element ref="SSL"/>
|
611
|
+
<xs:element ref="MobileNetworkNoEncryption"/>
|
612
|
+
<xs:element ref="MobileNetworkRadioEncryption"/>
|
613
|
+
<xs:element ref="MobileNetworkEndToEndEncryption"/>
|
614
|
+
<xs:element ref="WTLS"/>
|
615
|
+
<xs:element ref="IPSec"/>
|
616
|
+
<xs:element ref="PSTN"/>
|
617
|
+
<xs:element ref="ISDN"/>
|
618
|
+
<xs:element ref="ADSL"/>
|
619
|
+
</xs:choice>
|
620
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
621
|
+
</xs:sequence>
|
622
|
+
</xs:complexType>
|
623
|
+
|
624
|
+
<xs:complexType name="KeyActivationType">
|
625
|
+
<xs:sequence>
|
626
|
+
<xs:element ref="ActivationPin" minOccurs="0"/>
|
627
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
628
|
+
</xs:sequence>
|
629
|
+
</xs:complexType>
|
630
|
+
|
631
|
+
<xs:complexType name="KeySharingType">
|
632
|
+
<xs:attribute name="sharing" type="xs:boolean" use="required"/>
|
633
|
+
</xs:complexType>
|
634
|
+
|
635
|
+
<xs:complexType name="PrivateKeyProtectionType">
|
636
|
+
<xs:sequence>
|
637
|
+
<xs:element ref="KeyActivation" minOccurs="0"/>
|
638
|
+
<xs:element ref="KeyStorage" minOccurs="0"/>
|
639
|
+
<xs:element ref="KeySharing" minOccurs="0"/>
|
640
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
641
|
+
</xs:sequence>
|
642
|
+
</xs:complexType>
|
643
|
+
|
644
|
+
<xs:complexType name="PasswordType">
|
645
|
+
<xs:sequence>
|
646
|
+
<xs:element ref="Length" minOccurs="0"/>
|
647
|
+
<xs:element ref="Alphabet" minOccurs="0"/>
|
648
|
+
<xs:element ref="Generation" minOccurs="0"/>
|
649
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
650
|
+
</xs:sequence>
|
651
|
+
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
|
652
|
+
</xs:complexType>
|
653
|
+
|
654
|
+
<xs:element name="RestrictedPassword" type="RestrictedPasswordType"/>
|
655
|
+
|
656
|
+
<xs:complexType name="RestrictedPasswordType">
|
657
|
+
<xs:complexContent>
|
658
|
+
<xs:restriction base="PasswordType">
|
659
|
+
<xs:sequence>
|
660
|
+
<xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>
|
661
|
+
<xs:element ref="Generation" minOccurs="0"/>
|
662
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
663
|
+
</xs:sequence>
|
664
|
+
<xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>
|
665
|
+
</xs:restriction>
|
666
|
+
</xs:complexContent>
|
667
|
+
</xs:complexType>
|
668
|
+
|
669
|
+
<xs:complexType name="RestrictedLengthType">
|
670
|
+
<xs:complexContent>
|
671
|
+
<xs:restriction base="LengthType">
|
672
|
+
<xs:attribute name="min" use="required">
|
673
|
+
<xs:simpleType>
|
674
|
+
<xs:restriction base="xs:integer">
|
675
|
+
<xs:minInclusive value="3"/>
|
676
|
+
</xs:restriction>
|
677
|
+
</xs:simpleType>
|
678
|
+
</xs:attribute>
|
679
|
+
<xs:attribute name="max" type="xs:integer" use="optional"/>
|
680
|
+
</xs:restriction>
|
681
|
+
</xs:complexContent>
|
682
|
+
</xs:complexType>
|
683
|
+
|
684
|
+
<xs:complexType name="ActivationPinType">
|
685
|
+
<xs:sequence>
|
686
|
+
<xs:element ref="Length" minOccurs="0"/>
|
687
|
+
<xs:element ref="Alphabet" minOccurs="0"/>
|
688
|
+
<xs:element ref="Generation" minOccurs="0"/>
|
689
|
+
<xs:element ref="ActivationLimit" minOccurs="0"/>
|
690
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
691
|
+
</xs:sequence>
|
692
|
+
</xs:complexType>
|
693
|
+
|
694
|
+
<xs:element name="Alphabet" type="AlphabetType"/>
|
695
|
+
<xs:complexType name="AlphabetType">
|
696
|
+
<xs:attribute name="requiredChars" type="xs:string" use="required"/>
|
697
|
+
<xs:attribute name="excludedChars" type="xs:string" use="optional"/>
|
698
|
+
<xs:attribute name="case" type="xs:string" use="optional"/>
|
699
|
+
</xs:complexType>
|
700
|
+
|
701
|
+
<xs:complexType name="TokenType">
|
702
|
+
<xs:sequence>
|
703
|
+
<xs:element ref="TimeSyncToken"/>
|
704
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
705
|
+
</xs:sequence>
|
706
|
+
</xs:complexType>
|
707
|
+
|
708
|
+
<xs:simpleType name="DeviceTypeType">
|
709
|
+
<xs:restriction base="xs:NMTOKEN">
|
710
|
+
<xs:enumeration value="hardware"/>
|
711
|
+
<xs:enumeration value="software"/>
|
712
|
+
</xs:restriction>
|
713
|
+
</xs:simpleType>
|
714
|
+
|
715
|
+
<xs:simpleType name="booleanType">
|
716
|
+
<xs:restriction base="xs:NMTOKEN">
|
717
|
+
<xs:enumeration value="true"/>
|
718
|
+
<xs:enumeration value="false"/>
|
719
|
+
</xs:restriction>
|
720
|
+
</xs:simpleType>
|
721
|
+
|
722
|
+
<xs:complexType name="TimeSyncTokenType">
|
723
|
+
<xs:attribute name="DeviceType" type="DeviceTypeType" use="required"/>
|
724
|
+
<xs:attribute name="SeedLength" type="xs:integer" use="required"/>
|
725
|
+
<xs:attribute name="DeviceInHand" type="booleanType" use="required"/>
|
726
|
+
</xs:complexType>
|
727
|
+
|
728
|
+
<xs:complexType name="ActivationLimitType">
|
729
|
+
<xs:choice>
|
730
|
+
<xs:element ref="ActivationLimitDuration"/>
|
731
|
+
<xs:element ref="ActivationLimitUsages"/>
|
732
|
+
<xs:element ref="ActivationLimitSession"/>
|
733
|
+
</xs:choice>
|
734
|
+
</xs:complexType>
|
735
|
+
|
736
|
+
<xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">
|
737
|
+
<xs:annotation>
|
738
|
+
<xs:documentation>
|
739
|
+
This element indicates that the Key Activation Limit is
|
740
|
+
defined as a specific duration of time.
|
741
|
+
</xs:documentation>
|
742
|
+
</xs:annotation>
|
743
|
+
</xs:element>
|
744
|
+
|
745
|
+
<xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">
|
746
|
+
<xs:annotation>
|
747
|
+
<xs:documentation>
|
748
|
+
This element indicates that the Key Activation Limit is
|
749
|
+
defined as a number of usages.
|
750
|
+
</xs:documentation>
|
751
|
+
</xs:annotation>
|
752
|
+
</xs:element>
|
753
|
+
|
754
|
+
<xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">
|
755
|
+
<xs:annotation>
|
756
|
+
<xs:documentation>
|
757
|
+
This element indicates that the Key Activation Limit is
|
758
|
+
the session.
|
759
|
+
</xs:documentation>
|
760
|
+
</xs:annotation>
|
761
|
+
</xs:element>
|
762
|
+
|
763
|
+
<xs:complexType name="ActivationLimitDurationType">
|
764
|
+
<xs:attribute name="duration" type="xs:duration" use="required"/>
|
765
|
+
</xs:complexType>
|
766
|
+
|
767
|
+
<xs:complexType name="ActivationLimitUsagesType">
|
768
|
+
<xs:attribute name="number" type="xs:integer" use="required"/>
|
769
|
+
</xs:complexType>
|
770
|
+
|
771
|
+
<xs:complexType name="ActivationLimitSessionType"/>
|
772
|
+
|
773
|
+
<xs:complexType name="LengthType">
|
774
|
+
<xs:attribute name="min" type="xs:integer" use="required"/>
|
775
|
+
<xs:attribute name="max" type="xs:integer" use="optional"/>
|
776
|
+
</xs:complexType>
|
777
|
+
|
778
|
+
<xs:simpleType name="mediumType">
|
779
|
+
<xs:restriction base="xs:NMTOKEN">
|
780
|
+
<xs:enumeration value="memory"/>
|
781
|
+
<xs:enumeration value="smartcard"/>
|
782
|
+
<xs:enumeration value="token"/>
|
783
|
+
<xs:enumeration value="MobileDevice"/>
|
784
|
+
<xs:enumeration value="MobileAuthCard"/>
|
785
|
+
</xs:restriction>
|
786
|
+
</xs:simpleType>
|
787
|
+
|
788
|
+
<xs:complexType name="KeyStorageType">
|
789
|
+
<xs:attribute name="medium" type="mediumType" use="required"/>
|
790
|
+
</xs:complexType>
|
791
|
+
|
792
|
+
<xs:complexType name="SecretKeyProtectionType">
|
793
|
+
<xs:sequence>
|
794
|
+
<xs:element ref="KeyActivation" minOccurs="0"/>
|
795
|
+
<xs:element ref="KeyStorage" minOccurs="0"/>
|
796
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
797
|
+
</xs:sequence>
|
798
|
+
</xs:complexType>
|
799
|
+
|
800
|
+
<xs:complexType name="SecurityAuditType">
|
801
|
+
<xs:sequence>
|
802
|
+
<xs:element ref="SwitchAudit" minOccurs="0"/>
|
803
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
804
|
+
</xs:sequence>
|
805
|
+
</xs:complexType>
|
806
|
+
|
807
|
+
<xs:complexType name="ExtensionOnlyType">
|
808
|
+
<xs:sequence>
|
809
|
+
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
|
810
|
+
</xs:sequence>
|
811
|
+
</xs:complexType>
|
812
|
+
|
813
|
+
<xs:element name="Extension" type="ExtensionType"/>
|
814
|
+
|
815
|
+
<xs:complexType name="ExtensionType">
|
816
|
+
<xs:sequence>
|
817
|
+
<xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
818
|
+
</xs:sequence>
|
819
|
+
</xs:complexType>
|
820
|
+
|
821
|
+
</xs:schema>
|