saml2 3.1.2 → 3.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (100) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +6 -4
  3. data/exe/bulk_verify_responses +94 -0
  4. data/lib/saml2/assertion.rb +7 -7
  5. data/lib/saml2/attribute/x500.rb +31 -28
  6. data/lib/saml2/attribute.rb +53 -49
  7. data/lib/saml2/attribute_consuming_service.rb +29 -31
  8. data/lib/saml2/authn_request.rb +54 -47
  9. data/lib/saml2/authn_statement.rb +31 -20
  10. data/lib/saml2/base.rb +72 -63
  11. data/lib/saml2/bindings/http_post.rb +7 -7
  12. data/lib/saml2/bindings/http_redirect.rb +37 -33
  13. data/lib/saml2/bindings.rb +1 -1
  14. data/lib/saml2/conditions.rb +19 -16
  15. data/lib/saml2/contact.rb +19 -18
  16. data/lib/saml2/endpoint.rb +14 -11
  17. data/lib/saml2/entity.rb +27 -27
  18. data/lib/saml2/identity_provider.rb +13 -10
  19. data/lib/saml2/indexed_object.rb +15 -12
  20. data/lib/saml2/key.rb +43 -34
  21. data/lib/saml2/localized_name.rb +11 -10
  22. data/lib/saml2/logout_request.rb +8 -8
  23. data/lib/saml2/logout_response.rb +4 -4
  24. data/lib/saml2/message.rb +24 -20
  25. data/lib/saml2/name_id.rb +45 -41
  26. data/lib/saml2/namespaces.rb +8 -8
  27. data/lib/saml2/organization.rb +11 -10
  28. data/lib/saml2/organization_and_contacts.rb +5 -5
  29. data/lib/saml2/request.rb +3 -3
  30. data/lib/saml2/requested_authn_context.rb +4 -4
  31. data/lib/saml2/response.rb +45 -33
  32. data/lib/saml2/role.rb +11 -11
  33. data/lib/saml2/schemas.rb +13 -10
  34. data/lib/saml2/service_provider.rb +11 -12
  35. data/lib/saml2/signable.rb +23 -18
  36. data/lib/saml2/sso.rb +5 -5
  37. data/lib/saml2/status.rb +9 -7
  38. data/lib/saml2/status_response.rb +5 -5
  39. data/lib/saml2/subject.rb +28 -28
  40. data/lib/saml2/version.rb +1 -1
  41. data/lib/saml2.rb +7 -7
  42. metadata +78 -137
  43. data/schemas/MetadataExchange.xsd +0 -112
  44. data/schemas/metadata_combined.xsd +0 -13
  45. data/schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd +0 -195
  46. data/schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd +0 -108
  47. data/schemas/saml-schema-assertion-2.0.xsd +0 -283
  48. data/schemas/saml-schema-metadata-2.0.xsd +0 -339
  49. data/schemas/saml-schema-protocol-2.0.xsd +0 -302
  50. data/schemas/sstc-saml-metadata-ext-query.xsd +0 -66
  51. data/schemas/ws-addr.xsd +0 -137
  52. data/schemas/ws-authorization.xsd +0 -145
  53. data/schemas/ws-federation.xsd +0 -471
  54. data/schemas/ws-securitypolicy-1.2.xsd +0 -1205
  55. data/schemas/xenc-schema.xsd +0 -136
  56. data/schemas/xml.xsd +0 -287
  57. data/schemas/xmldsig-core-schema.xsd +0 -309
  58. data/spec/fixtures/FederationMetadata.xml +0 -670
  59. data/spec/fixtures/authnrequest.xml +0 -12
  60. data/spec/fixtures/certificate.pem +0 -24
  61. data/spec/fixtures/entities.xml +0 -13
  62. data/spec/fixtures/external-uri-reference-response.xml +0 -48
  63. data/spec/fixtures/identity_provider.xml +0 -46
  64. data/spec/fixtures/noconditions_response.xml +0 -1
  65. data/spec/fixtures/othercertificate.pem +0 -25
  66. data/spec/fixtures/privatekey.key +0 -27
  67. data/spec/fixtures/response_assertion_signed_reffed_from_response.xml +0 -6
  68. data/spec/fixtures/response_signed.xml +0 -46
  69. data/spec/fixtures/response_tampered_certificate.xml +0 -25
  70. data/spec/fixtures/response_tampered_signature.xml +0 -46
  71. data/spec/fixtures/response_with_attribute_signed.xml +0 -46
  72. data/spec/fixtures/response_with_encrypted_assertion.xml +0 -58
  73. data/spec/fixtures/response_with_rsa_key_value.xml +0 -1
  74. data/spec/fixtures/response_with_signed_assertion_and_encrypted_subject.xml +0 -116
  75. data/spec/fixtures/response_without_keyinfo.xml +0 -1
  76. data/spec/fixtures/service_provider.xml +0 -79
  77. data/spec/fixtures/test3-response.xml +0 -9
  78. data/spec/fixtures/test6-response.xml +0 -10
  79. data/spec/fixtures/test7-response.xml +0 -10
  80. data/spec/fixtures/xml_missigned_assertion.xml +0 -84
  81. data/spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml +0 -11
  82. data/spec/fixtures/xml_signature_wrapping_attack_response_attributes.xml +0 -45
  83. data/spec/fixtures/xml_signature_wrapping_attack_response_nameid.xml +0 -44
  84. data/spec/fixtures/xslt-transform-response.xml +0 -57
  85. data/spec/lib/attribute_consuming_service_spec.rb +0 -129
  86. data/spec/lib/attribute_spec.rb +0 -149
  87. data/spec/lib/authn_request_spec.rb +0 -52
  88. data/spec/lib/bindings/http_redirect_spec.rb +0 -183
  89. data/spec/lib/conditions_spec.rb +0 -74
  90. data/spec/lib/entity_spec.rb +0 -58
  91. data/spec/lib/identity_provider_spec.rb +0 -43
  92. data/spec/lib/indexed_object_spec.rb +0 -71
  93. data/spec/lib/key_spec.rb +0 -23
  94. data/spec/lib/logout_request_spec.rb +0 -33
  95. data/spec/lib/logout_response_spec.rb +0 -33
  96. data/spec/lib/message_spec.rb +0 -23
  97. data/spec/lib/response_spec.rb +0 -293
  98. data/spec/lib/service_provider_spec.rb +0 -76
  99. data/spec/lib/signable_spec.rb +0 -15
  100. data/spec/spec_helper.rb +0 -8
@@ -1,471 +0,0 @@
1
- <?xml version="1.0" encoding="UTF-8" ?>
2
- <!--
3
- OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
4
- implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
5
- neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
6
- specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
7
- available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
8
- of this specification, can be obtained from the OASIS Executive Director.
9
- OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
10
- cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
11
- Copyright © OASIS Open 2002-2007. All Rights Reserved.
12
- This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
13
- in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
14
- above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
15
- in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
16
- in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
17
- it into languages other than English.
18
- The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
19
- This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
20
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
21
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
22
- -->
23
- <xs:schema xmlns:xs='http://www.w3.org/2001/XMLSchema'
24
- xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
25
- xmlns:tns='http://docs.oasis-open.org/wsfed/federation/200706'
26
- xmlns:wsa='http://www.w3.org/2005/08/addressing'
27
- xmlns:mex='http://schemas.xmlsoap.org/ws/2004/09/mex'
28
- xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
29
- xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
30
- xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'
31
- xmlns:auth='http://docs.oasis-open.org/wsfed/authorization/200706'
32
- targetNamespace='http://docs.oasis-open.org/wsfed/federation/200706'
33
- elementFormDefault='qualified' >
34
-
35
- <xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
36
- schemaLocation='oasis-200401-wss-wssecurity-secext-1.0.xsd' />
37
- <xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
38
- schemaLocation='oasis-200401-wss-wssecurity-utility-1.0.xsd' />
39
- <xs:import namespace='http://www.w3.org/2005/08/addressing'
40
- schemaLocation='ws-addr.xsd' />
41
- <xs:import namespace='http://schemas.xmlsoap.org/ws/2004/09/mex'
42
- schemaLocation='MetadataExchange.xsd' />
43
- <xs:import namespace='urn:oasis:names:tc:SAML:2.0:metadata'
44
- schemaLocation='saml-schema-metadata-2.0.xsd' />
45
- <xs:import namespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
46
- schemaLocation='ws-securitypolicy-1.2.xsd'/>
47
- <xs:import namespace='http://docs.oasis-open.org/wsfed/authorization/200706'
48
- schemaLocation='ws-authorization.xsd'/>
49
-
50
- <!-- Section 3.1 -->
51
- <!-- Note: Use of this root element is discouraged in favor of use of md:EntitiesDescriptor or md EntityDescriptor -->
52
- <xs:element name='FederationMetadata' type='tns:FederationMetadataType' />
53
-
54
- <xs:complexType name='FederationMetadataType' >
55
- <xs:sequence>
56
- <!--
57
- *** Accurate content model is nondeterministic ***
58
- <xs:element name='Federation' type='tns:FederationType' minOccurs='1' maxOccurs='unbounded' />
59
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
60
- -->
61
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
62
- </xs:sequence>
63
- <xs:anyAttribute namespace='##other' processContents='lax' />
64
- </xs:complexType>
65
-
66
- <xs:complexType name='FederationType' >
67
- <xs:sequence>
68
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
69
- </xs:sequence>
70
- <xs:attribute name='FederationID' type='xs:anyURI' />
71
- <xs:anyAttribute namespace='##other' processContents='lax' />
72
- </xs:complexType>
73
-
74
- <!-- Section 3.1.2.1 -->
75
- <xs:complexType name="WebServiceDescriptorType" abstract="true">
76
- <xs:complexContent>
77
- <xs:extension base="md:RoleDescriptorType">
78
- <xs:sequence>
79
- <xs:element ref="tns:LogicalServiceNamesOffered" minOccurs="0" maxOccurs="1" />
80
- <xs:element ref="tns:TokenTypesOffered" minOccurs="0" maxOccurs="1" />
81
- <xs:element ref="tns:ClaimDialectsOffered" minOccurs="0" maxOccurs="1" />
82
- <xs:element ref="tns:ClaimTypesOffered" minOccurs="0" maxOccurs="1" />
83
- <xs:element ref="tns:ClaimTypesRequested" minOccurs="0" maxOccurs="1" />
84
- <xs:element ref="tns:AutomaticPseudonyms" minOccurs="0" maxOccurs="1"/>
85
- <xs:element ref="tns:TargetScopes" minOccurs="0" maxOccurs="1"/>
86
- </xs:sequence>
87
- <xs:attribute name="ServiceDisplayName" type="xs:string" use="optional"/>
88
- <xs:attribute name="ServiceDescription" type="xs:string" use="optional"/>
89
- </xs:extension>
90
- </xs:complexContent>
91
- </xs:complexType>
92
-
93
- <xs:element name='LogicalServiceNamesOffered' type='tns:LogicalServiceNamesOfferedType' />
94
- <xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />
95
- <xs:element name='ClaimDialectsOffered' type='tns:ClaimDialectsOfferedType' />
96
- <xs:element name='ClaimTypesOffered' type='tns:ClaimTypesOfferedType' />
97
- <xs:element name='ClaimTypesRequested' type='tns:ClaimTypesRequestedType' />
98
- <xs:element name="AutomaticPseudonyms" type="xs:boolean"/>
99
- <xs:element name='TargetScopes' type='tns:EndpointType'/>
100
-
101
- <!-- Section 3.1.2.2 -->
102
- <xs:complexType name="SecurityTokenServiceType">
103
- <xs:complexContent>
104
- <xs:extension base="tns:WebServiceDescriptorType">
105
- <xs:sequence>
106
- <xs:element ref="tns:SecurityTokenServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
107
- <xs:element ref="tns:SingleSignOutSubscriptionEndpoint" minOccurs="0" maxOccurs="unbounded"/>
108
- <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
109
- <xs:element ref="tns:PassiveRequestorEndpoint" minOccurs="0" maxOccurs="unbounded"/>
110
- </xs:sequence>
111
- </xs:extension>
112
- </xs:complexContent>
113
- </xs:complexType>
114
- <xs:element name="SecurityTokenServiceEndpoint" type="tns:EndpointType"/>
115
- <xs:element name="SingleSignOutSubscriptionEndpoint" type="tns:EndpointType"/>
116
- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/>
117
- <xs:element name="PassiveRequestorEndpoint" type="tns:EndpointType"/>
118
-
119
- <!-- Section 3.1.2.3 -->
120
- <xs:complexType name="PseudonymServiceType">
121
- <xs:complexContent>
122
- <xs:extension base="tns:WebServiceDescriptorType">
123
- <xs:sequence>
124
- <xs:element ref="tns:PseudonymServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
125
- <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
126
- </xs:sequence>
127
- </xs:extension>
128
- </xs:complexContent>
129
- </xs:complexType>
130
-
131
- <xs:element name="PseudonymServiceEndpoint" type="tns:EndpointType"/>
132
- <!-- Defined above -->
133
- <!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
134
-
135
- <!-- Section 3.1.2.4 -->
136
- <xs:complexType name="AttributeServiceType">
137
- <xs:complexContent>
138
- <xs:extension base="tns:WebServiceDescriptorType">
139
- <xs:sequence>
140
- <xs:element ref="tns:AttributeServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
141
- <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
142
- </xs:sequence>
143
- </xs:extension>
144
- </xs:complexContent>
145
- </xs:complexType>
146
- <xs:element name="AttributeServiceEndpoint" type="tns:EndpointType"/>
147
- <!-- Defined above -->
148
- <!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
149
-
150
- <!-- Section 3.1.2.5 -->
151
- <xs:complexType name="ApplicationServiceType">
152
- <xs:complexContent>
153
- <xs:extension base="tns:WebServiceDescriptorType">
154
- <xs:sequence>
155
- <xs:element ref="tns:ApplicationServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
156
- <xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
157
- <xs:element ref="tns:PassiveRequestorEndpoint" minOccurs="0" maxOccurs="unbounded"/>
158
- </xs:sequence>
159
- </xs:extension>
160
- </xs:complexContent>
161
- </xs:complexType>
162
- <xs:element name="ApplicationServiceEndpoint" type="tns:EndpointType"/>
163
- <!-- Defined above -->
164
- <!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
165
- <!-- <xs:element name="PassiveRequestorEndpoint" type="tns:EndpointType"/> -->
166
-
167
-
168
- <!-- Section 3.1.3 -->
169
- <!-- Defined above -->
170
- <!--<xs:element name='LogicalServiceNamesOffered' type='tns:LogicalServiceNamesOfferedType' />-->
171
-
172
- <xs:complexType name='LogicalServiceNamesOfferedType' >
173
- <xs:sequence>
174
- <xs:element name='IssuerName' type='tns:IssuerNameType' minOccurs='1' maxOccurs='unbounded' />
175
- </xs:sequence>
176
- <xs:anyAttribute namespace='##other' processContents='lax' />
177
- </xs:complexType>
178
-
179
- <xs:complexType name='IssuerNameType' >
180
- <xs:attribute name='Uri' type='xs:anyURI' use='required' />
181
- <xs:anyAttribute namespace='##other' processContents='lax' />
182
- </xs:complexType>
183
-
184
- <!-- Section 3.1.4 -->
185
- <xs:element name='PsuedonymServiceEndpoints' type='tns:EndpointType' />
186
- <xs:complexType name='EndpointType' >
187
- <xs:sequence>
188
- <xs:element ref='wsa:EndpointReference' minOccurs='1' maxOccurs='unbounded'/>
189
- </xs:sequence>
190
- </xs:complexType>
191
-
192
- <!-- Section 3.1.5 -->
193
- <xs:element name='AttributeServiceEndpoints' type='tns:EndpointType' />
194
-
195
- <!-- Section 3.1.6 -->
196
- <xs:element name='SingleSignOutSubscriptionEndpoints' type='tns:EndpointType' />
197
-
198
- <!-- Section 3.1.7 -->
199
- <xs:element name='SingleSignOutNotificationEndpoints' type='tns:EndpointType' />
200
-
201
- <!-- Section 3.1.8 -->
202
- <!-- Defined above -->
203
- <!--<xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />-->
204
- <xs:complexType name='TokenTypesOfferedType' >
205
- <xs:sequence>
206
- <xs:element name='TokenType' type='tns:TokenType' minOccurs='1' maxOccurs='unbounded' />
207
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
208
- </xs:sequence>
209
- <xs:anyAttribute namespace='##other' processContents='lax' />
210
- </xs:complexType>
211
-
212
- <xs:complexType name='TokenType' >
213
- <xs:sequence>
214
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
215
- </xs:sequence>
216
- <xs:attribute name='Uri' type='xs:anyURI' />
217
- <xs:anyAttribute namespace='##other' processContents='lax' />
218
- </xs:complexType>
219
-
220
- <!-- Section 3.1.9 -->
221
- <!-- Defined above -->
222
- <!-- <xs:element name='ClaimTypesOffered' type='tns:ClaimTypesOfferedType' /> -->
223
- <xs:complexType name='ClaimTypesOfferedType'>
224
- <xs:sequence>
225
- <xs:element ref='auth:ClaimType' minOccurs='1' maxOccurs='unbounded' />
226
- </xs:sequence>
227
- <xs:anyAttribute namespace='##other' processContents='lax' />
228
- </xs:complexType>
229
-
230
- <!-- Section 3.1.10 -->
231
- <!-- Defined above -->
232
- <!-- <xs:element name='ClaimTypesRequested' ype='tns:ClaimTypesRequestedType' /> -->
233
- <xs:complexType name='ClaimTypesRequestedType'>
234
- <xs:sequence>
235
- <xs:element ref='auth:ClaimType' minOccurs='1' maxOccurs='unbounded' />
236
- </xs:sequence>
237
- <xs:anyAttribute namespace='##other' processContents='lax' />
238
- </xs:complexType>
239
-
240
- <!-- Section 3.1.11 -->
241
- <!-- Defined above -->
242
- <!--<xs:element name='ClaimDialectsOffered' type='tns:ClaimDialectsOfferedType' />-->
243
- <xs:complexType name='ClaimDialectsOfferedType'>
244
- <xs:sequence>
245
- <xs:element name='ClaimDialect' type='tns:ClaimDialectType' minOccurs='1' maxOccurs='unbounded' />
246
- </xs:sequence>
247
- <xs:anyAttribute namespace='##other' processContents='lax' />
248
- </xs:complexType>
249
-
250
- <xs:complexType name='ClaimDialectType' >
251
- <xs:sequence>
252
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
253
- </xs:sequence>
254
- <xs:attribute name='Uri' type='xs:anyURI' />
255
- <xs:anyAttribute namespace='##other' processContents='lax' />
256
- </xs:complexType>
257
-
258
- <!-- Section 3.1.12 -->
259
- <!-- Defined above -->
260
- <!-- <xs:element name='AutomaticPseudonyms' type='xs:boolean' /> -->
261
-
262
- <!-- Section 3.1.13 -->
263
- <xs:element name='PassiveRequestorEnpoints' type='tns:EndpointType'/>
264
-
265
- <!-- Section 3.1.14 -->
266
- <!-- Defined above -->
267
- <!--<xs:element name='TargetScopes' type='tns:EndpointType'/>-->
268
-
269
- <!-- Section 3.2.4 -->
270
- <xs:element name='FederationMetadataHandler' type='tns:FederationMetadataHandlerType' />
271
- <xs:complexType name='FederationMetadataHandlerType' >
272
- <xs:anyAttribute namespace='##other' processContents='lax' />
273
- </xs:complexType>
274
-
275
- <!-- Section 4.1 -->
276
- <xs:element name='SignOut' type='tns:SignOutType' />
277
- <xs:complexType name='SignOutType' >
278
- <xs:sequence>
279
- <xs:element ref='tns:Realm' minOccurs='0' />
280
- <xs:element name='SignOutBasis' type='tns:SignOutBasisType' minOccurs='1' maxOccurs='1' />
281
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
282
- </xs:sequence>
283
- <xs:attribute ref='wsu:Id' use='optional' />
284
- <xs:anyAttribute namespace='##other' processContents='lax' />
285
- </xs:complexType>
286
-
287
- <xs:complexType name='SignOutBasisType' >
288
- <xs:sequence>
289
- <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='unbounded' />
290
- </xs:sequence>
291
- <xs:anyAttribute namespace='##other' processContents='lax' />
292
- </xs:complexType>
293
-
294
- <!-- Section 4.2 -->
295
- <xs:element name='Realm' type='xs:anyURI' />
296
-
297
- <!-- Section 6.1 -->
298
- <xs:element name='FilterPseudonyms' type='tns:FilterPseudonymsType' />
299
- <xs:complexType name='FilterPseudonymsType' >
300
- <xs:sequence>
301
- <xs:element ref='tns:PseudonymBasis' minOccurs='0' maxOccurs='1' />
302
- <xs:element ref='tns:RelativeTo' minOccurs='0' maxOccurs='1' />
303
- <xs:any namespace='##other' minOccurs='0' maxOccurs='unbounded' />
304
- </xs:sequence>
305
- <xs:anyAttribute namespace='##other' processContents='lax' />
306
- </xs:complexType>
307
-
308
- <xs:element name='PseudonymBasis' type='tns:PseudonymBasisType' />
309
- <xs:complexType name='PseudonymBasisType' >
310
- <xs:sequence>
311
- <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
312
- </xs:sequence>
313
- <xs:anyAttribute namespace='##other' processContents='lax' />
314
- </xs:complexType>
315
-
316
- <xs:element name='RelativeTo' type='tns:RelativeToType' />
317
- <xs:complexType name='RelativeToType' >
318
- <xs:sequence>
319
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
320
- </xs:sequence>
321
- <xs:anyAttribute namespace='##other' processContents='lax' />
322
- </xs:complexType>
323
-
324
- <!-- Section 6.2 -->
325
- <xs:element name='Pseudonym' type='tns:PseudonymType' />
326
-
327
- <xs:complexType name='PseudonymType' >
328
- <xs:sequence>
329
- <!--
330
- *** Accurate content model is nondeterministic ***
331
- <xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
332
- <xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
333
- <xs:element ref='wsu:Expires' minOccurs='0' maxOccurs='1' />
334
- <xs:element ref='tns:SecurityToken' minOccurs='0' maxOccurs='unbounded' />
335
- <xs:element ref='tns:ProofToken' minOccurs='0' maxOccurs='unbounded' />
336
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
337
- -->
338
-
339
- <xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
340
- <xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
341
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
342
- </xs:sequence>
343
- <xs:anyAttribute namespace='##other' processContents='lax' />
344
- </xs:complexType>
345
-
346
- <xs:element name='SecurityToken' type='tns:SecurityTokenType' />
347
- <xs:complexType name='SecurityTokenType' >
348
- <xs:sequence>
349
- <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
350
- </xs:sequence>
351
- <xs:anyAttribute namespace='##other' processContents='lax' />
352
- </xs:complexType>
353
-
354
- <xs:element name='ProofToken' type='tns:ProofTokenType' />
355
- <xs:complexType name='ProofTokenType' >
356
- <xs:sequence>
357
- <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
358
- </xs:sequence>
359
- <xs:anyAttribute namespace='##other' processContents='lax' />
360
- </xs:complexType>
361
-
362
- <!-- Section 7.1 -->
363
- <xs:element name='RequestPseudonym' type='tns:RequestPseudonymType' />
364
- <xs:complexType name='RequestPseudonymType' >
365
- <xs:sequence>
366
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
367
- </xs:sequence>
368
- <xs:attribute name='SingleUse' type='xs:boolean' use='optional' />
369
- <xs:attribute name='Lookup' type='xs:boolean' use='optional' />
370
- <xs:anyAttribute namespace='##other' processContents='lax' />
371
- </xs:complexType>
372
-
373
- <!-- Section 8.1 -->
374
- <xs:element name='ReferenceToken' type='tns:ReferenceTokenType' />
375
- <xs:complexType name='ReferenceTokenType'>
376
- <xs:sequence>
377
- <xs:element name='ReferenceEPR' type='wsa:EndpointReferenceType' minOccurs='1' maxOccurs='unbounded' />
378
- <xs:element name='ReferenceDigest' type='tns:ReferenceDigestType' minOccurs='0' maxOccurs='1' />
379
- <xs:element name='ReferenceType' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
380
- <xs:element name='SerialNo' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
381
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
382
- </xs:sequence>
383
- <xs:anyAttribute namespace='##other' processContents='lax' />
384
- </xs:complexType>
385
-
386
- <xs:complexType name='ReferenceDigestType' >
387
- <xs:simpleContent>
388
- <xs:extension base='xs:base64Binary' >
389
- <xs:anyAttribute namespace='##other' processContents='lax' />
390
- </xs:extension>
391
- </xs:simpleContent>
392
- </xs:complexType>
393
- <xs:complexType name='AttributeExtensibleURI' >
394
- <xs:simpleContent>
395
- <xs:extension base='xs:anyURI' >
396
- <xs:anyAttribute namespace='##other' processContents='lax' />
397
- </xs:extension>
398
- </xs:simpleContent>
399
- </xs:complexType>
400
-
401
- <!-- Section 8.2 -->
402
- <xs:element name='FederationID' type='tns:AttributeExtensibleURI' />
403
-
404
- <!-- Section 8.3 -->
405
- <xs:element name='RequestProofToken' type='tns:RequestProofTokenType' />
406
- <xs:complexType name='RequestProofTokenType' >
407
- <xs:sequence>
408
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
409
- </xs:sequence>
410
- <xs:anyAttribute namespace='##other' processContents='lax' />
411
- </xs:complexType>
412
-
413
- <!-- Section 8.4 -->
414
- <xs:element name='ClientPseudonym' type='tns:ClientPseudonymType' />
415
- <xs:complexType name='ClientPseudonymType' >
416
- <xs:sequence>
417
- <xs:element name='PPID' type='tns:AttributeExtensibleString' minOccurs='0' />
418
- <xs:element name='DisplayName' type='tns:AttributeExtensibleString' minOccurs='0' />
419
- <xs:element name='EMail' type='tns:AttributeExtensibleString' minOccurs='0' />
420
- <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
421
- </xs:sequence>
422
- <xs:anyAttribute namespace='##other' processContents='lax' />
423
- </xs:complexType>
424
-
425
- <xs:complexType name='AttributeExtensibleString' >
426
- <xs:simpleContent>
427
- <xs:extension base='xs:string' >
428
- <xs:anyAttribute namespace='##other' processContents='lax' />
429
- </xs:extension>
430
- </xs:simpleContent>
431
- </xs:complexType>
432
-
433
- <!-- Section 8.5 -->
434
- <xs:element name='Freshness' type='tns:Freshness' />
435
- <xs:complexType name='Freshness'>
436
- <xs:simpleContent>
437
- <xs:extension base='xs:unsignedInt' >
438
- <xs:attribute name='AllowCache' type='xs:boolean' use='optional' />
439
- <xs:anyAttribute namespace='##other' processContents='lax' />
440
- </xs:extension>
441
- </xs:simpleContent>
442
- </xs:complexType>
443
-
444
- <!-- Section 14.1 -->
445
- <xs:element name='RequireReferenceToken' type='sp:TokenAssertionType' />
446
- <xs:element name='ReferenceToken11' type='tns:AssertionType' />
447
-
448
- <xs:complexType name='AssertionType' >
449
- <xs:sequence>
450
- <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
451
- </xs:sequence>
452
- <xs:anyAttribute namespace='##other' processContents='lax' />
453
- </xs:complexType>
454
-
455
- <!-- Section 14.2 -->
456
- <xs:element name='WebBinding' type='sp:NestedPolicyType' />
457
- <xs:element name='AuthenticationToken' type='sp:NestedPolicyType' />
458
- <!-- ReferenceToken defined above -->
459
- <xs:element name='RequireSignedTokens' type='tns:AssertionType' />
460
- <xs:element name='RequireBearerTokens' type='tns:AssertionType' />
461
- <xs:element name='RequireSharedCookies' type='tns:AssertionType' />
462
-
463
-
464
- <!-- Section 14.3 -->
465
- <xs:element name='RequiresGenericClaimDialect' type='tns:AssertionType' />
466
- <xs:element name='IssuesSpecificPolicyFault' type='tns:AssertionType' />
467
- <xs:element name='AdditionalContextProcessed' type='tns:AssertionType' />
468
-
469
-
470
- </xs:schema>
471
-