saml2 3.1.2 → 3.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (100) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +6 -4
  3. data/exe/bulk_verify_responses +94 -0
  4. data/lib/saml2/assertion.rb +7 -7
  5. data/lib/saml2/attribute/x500.rb +31 -28
  6. data/lib/saml2/attribute.rb +53 -49
  7. data/lib/saml2/attribute_consuming_service.rb +29 -31
  8. data/lib/saml2/authn_request.rb +54 -47
  9. data/lib/saml2/authn_statement.rb +31 -20
  10. data/lib/saml2/base.rb +72 -63
  11. data/lib/saml2/bindings/http_post.rb +7 -7
  12. data/lib/saml2/bindings/http_redirect.rb +37 -33
  13. data/lib/saml2/bindings.rb +1 -1
  14. data/lib/saml2/conditions.rb +19 -16
  15. data/lib/saml2/contact.rb +19 -18
  16. data/lib/saml2/endpoint.rb +14 -11
  17. data/lib/saml2/entity.rb +27 -27
  18. data/lib/saml2/identity_provider.rb +13 -10
  19. data/lib/saml2/indexed_object.rb +15 -12
  20. data/lib/saml2/key.rb +43 -34
  21. data/lib/saml2/localized_name.rb +11 -10
  22. data/lib/saml2/logout_request.rb +8 -8
  23. data/lib/saml2/logout_response.rb +4 -4
  24. data/lib/saml2/message.rb +24 -20
  25. data/lib/saml2/name_id.rb +45 -41
  26. data/lib/saml2/namespaces.rb +8 -8
  27. data/lib/saml2/organization.rb +11 -10
  28. data/lib/saml2/organization_and_contacts.rb +5 -5
  29. data/lib/saml2/request.rb +3 -3
  30. data/lib/saml2/requested_authn_context.rb +4 -4
  31. data/lib/saml2/response.rb +45 -33
  32. data/lib/saml2/role.rb +11 -11
  33. data/lib/saml2/schemas.rb +13 -10
  34. data/lib/saml2/service_provider.rb +11 -12
  35. data/lib/saml2/signable.rb +23 -18
  36. data/lib/saml2/sso.rb +5 -5
  37. data/lib/saml2/status.rb +9 -7
  38. data/lib/saml2/status_response.rb +5 -5
  39. data/lib/saml2/subject.rb +28 -28
  40. data/lib/saml2/version.rb +1 -1
  41. data/lib/saml2.rb +7 -7
  42. metadata +78 -137
  43. data/schemas/MetadataExchange.xsd +0 -112
  44. data/schemas/metadata_combined.xsd +0 -13
  45. data/schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd +0 -195
  46. data/schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd +0 -108
  47. data/schemas/saml-schema-assertion-2.0.xsd +0 -283
  48. data/schemas/saml-schema-metadata-2.0.xsd +0 -339
  49. data/schemas/saml-schema-protocol-2.0.xsd +0 -302
  50. data/schemas/sstc-saml-metadata-ext-query.xsd +0 -66
  51. data/schemas/ws-addr.xsd +0 -137
  52. data/schemas/ws-authorization.xsd +0 -145
  53. data/schemas/ws-federation.xsd +0 -471
  54. data/schemas/ws-securitypolicy-1.2.xsd +0 -1205
  55. data/schemas/xenc-schema.xsd +0 -136
  56. data/schemas/xml.xsd +0 -287
  57. data/schemas/xmldsig-core-schema.xsd +0 -309
  58. data/spec/fixtures/FederationMetadata.xml +0 -670
  59. data/spec/fixtures/authnrequest.xml +0 -12
  60. data/spec/fixtures/certificate.pem +0 -24
  61. data/spec/fixtures/entities.xml +0 -13
  62. data/spec/fixtures/external-uri-reference-response.xml +0 -48
  63. data/spec/fixtures/identity_provider.xml +0 -46
  64. data/spec/fixtures/noconditions_response.xml +0 -1
  65. data/spec/fixtures/othercertificate.pem +0 -25
  66. data/spec/fixtures/privatekey.key +0 -27
  67. data/spec/fixtures/response_assertion_signed_reffed_from_response.xml +0 -6
  68. data/spec/fixtures/response_signed.xml +0 -46
  69. data/spec/fixtures/response_tampered_certificate.xml +0 -25
  70. data/spec/fixtures/response_tampered_signature.xml +0 -46
  71. data/spec/fixtures/response_with_attribute_signed.xml +0 -46
  72. data/spec/fixtures/response_with_encrypted_assertion.xml +0 -58
  73. data/spec/fixtures/response_with_rsa_key_value.xml +0 -1
  74. data/spec/fixtures/response_with_signed_assertion_and_encrypted_subject.xml +0 -116
  75. data/spec/fixtures/response_without_keyinfo.xml +0 -1
  76. data/spec/fixtures/service_provider.xml +0 -79
  77. data/spec/fixtures/test3-response.xml +0 -9
  78. data/spec/fixtures/test6-response.xml +0 -10
  79. data/spec/fixtures/test7-response.xml +0 -10
  80. data/spec/fixtures/xml_missigned_assertion.xml +0 -84
  81. data/spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml +0 -11
  82. data/spec/fixtures/xml_signature_wrapping_attack_response_attributes.xml +0 -45
  83. data/spec/fixtures/xml_signature_wrapping_attack_response_nameid.xml +0 -44
  84. data/spec/fixtures/xslt-transform-response.xml +0 -57
  85. data/spec/lib/attribute_consuming_service_spec.rb +0 -129
  86. data/spec/lib/attribute_spec.rb +0 -149
  87. data/spec/lib/authn_request_spec.rb +0 -52
  88. data/spec/lib/bindings/http_redirect_spec.rb +0 -183
  89. data/spec/lib/conditions_spec.rb +0 -74
  90. data/spec/lib/entity_spec.rb +0 -58
  91. data/spec/lib/identity_provider_spec.rb +0 -43
  92. data/spec/lib/indexed_object_spec.rb +0 -71
  93. data/spec/lib/key_spec.rb +0 -23
  94. data/spec/lib/logout_request_spec.rb +0 -33
  95. data/spec/lib/logout_response_spec.rb +0 -33
  96. data/spec/lib/message_spec.rb +0 -23
  97. data/spec/lib/response_spec.rb +0 -293
  98. data/spec/lib/service_provider_spec.rb +0 -76
  99. data/spec/lib/signable_spec.rb +0 -15
  100. data/spec/spec_helper.rb +0 -8
@@ -1,1205 +0,0 @@
1
- <?xml version="1.0" encoding="utf-8"?>
2
- <!--
3
- OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
4
- implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
5
- neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
6
- specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
7
- available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
8
- of this specification, can be obtained from the OASIS Executive Director.
9
- OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
10
- cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
11
- Copyright © OASIS Open 2002-2007. All Rights Reserved.
12
- This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
13
- in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
14
- above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
15
- in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
16
- in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
17
- it into languages other than English.
18
- The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
19
- This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
20
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
21
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
22
- -->
23
- <xs:schema
24
- targetNamespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
25
- xmlns:tns='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
26
- xmlns:wsa="http://www.w3.org/2005/08/addressing"
27
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
28
- elementFormDefault="qualified"
29
- blockDefault="#all" >
30
-
31
- <xs:import namespace="http://www.w3.org/2005/08/addressing"
32
- schemaLocation="ws-addr.xsd" />
33
-
34
- <!--
35
- 4. Protection Assertions
36
- -->
37
- <xs:element name="SignedParts" type="tns:SePartsType">
38
- <xs:annotation>
39
- <xs:documentation xml:lang="en">
40
- 4.1.1 SignedParts Assertion
41
- </xs:documentation>
42
- </xs:annotation>
43
- </xs:element>
44
- <xs:element name="EncryptedParts" type="tns:SePartsType" >
45
- <xs:annotation>
46
- <xs:documentation xml:lang="en">
47
- 4.2.1 EncryptedParts Assertion
48
- </xs:documentation>
49
- </xs:annotation>
50
- </xs:element>
51
- <xs:complexType name="SePartsType">
52
- <xs:sequence>
53
- <xs:element name="Body" type="tns:EmptyType" minOccurs="0" />
54
- <xs:element name="Header" type="tns:HeaderType" minOccurs="0" maxOccurs="unbounded" />
55
- <xs:element name="Attachments" type="tns:EmptyType" minOccurs="0" />
56
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
57
- </xs:sequence>
58
- <xs:anyAttribute namespace="##any" processContents="lax" />
59
- </xs:complexType>
60
- <xs:complexType name="EmptyType" />
61
- <xs:complexType name="HeaderType" >
62
- <xs:attribute name="Name" type="xs:QName" use="optional" />
63
- <xs:attribute name="Namespace" type="xs:anyURI" use="required" />
64
- <xs:anyAttribute namespace="##any" processContents="lax" />
65
- </xs:complexType>
66
-
67
- <xs:element name="SignedElements" type="tns:SerElementsType" >
68
- <xs:annotation>
69
- <xs:documentation xml:lang="en" >
70
- 4.1.2 SignedElements Assertion
71
- </xs:documentation>
72
- </xs:annotation>
73
- </xs:element>
74
- <xs:element name="EncryptedElements" type="tns:SerElementsType" >
75
- <xs:annotation>
76
- <xs:documentation xml:lang="en">
77
- 4.2.2 EncryptedElements Assertion
78
- </xs:documentation>
79
- </xs:annotation>
80
- </xs:element>
81
- <xs:element name="RequiredElements" type="tns:SerElementsType" >
82
- <xs:annotation>
83
- <xs:documentation xml:lang="en" >
84
- 4.3.1 RequiredElements Assertion
85
- </xs:documentation>
86
- </xs:annotation>
87
- </xs:element>
88
- <xs:complexType name="SerElementsType">
89
- <xs:sequence>
90
- <xs:element name="XPath" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
91
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
92
- </xs:sequence>
93
- <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" />
94
- <xs:anyAttribute namespace="##any" processContents="lax" />
95
- </xs:complexType>
96
-
97
- <!--
98
- 5. Token Assertions
99
- -->
100
- <xs:attribute name="IncludeToken" type="tns:IncludeTokenOpenType" >
101
- <xs:annotation>
102
- <xs:documentation xml:lang="en">
103
- 5.1 Token Inclusion
104
- </xs:documentation>
105
- </xs:annotation>
106
- </xs:attribute>
107
- <xs:simpleType name="IncludeTokenOpenType">
108
- <xs:union memberTypes="tns:IncludeTokenType xs:anyURI" />
109
- </xs:simpleType>
110
- <xs:simpleType name="IncludeTokenType">
111
- <xs:restriction base="xs:anyURI" >
112
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/Never" />
113
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/Once" />
114
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/AlwaysToRecipient" />
115
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/AlwaysToInitiator" />
116
- <xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200702/ws-securitypolicy/IncludeToken/Always" />
117
- </xs:restriction>
118
- </xs:simpleType>
119
-
120
- <xs:element name="UsernameToken" type="tns:TokenAssertionType" >
121
- <xs:annotation>
122
- <xs:documentation xml:lang="en" >
123
- 5.4.1 UsernameToken Assertion
124
- </xs:documentation>
125
- </xs:annotation>
126
- </xs:element>
127
- <xs:complexType name="TokenAssertionType">
128
- <xs:sequence>
129
- <xs:choice minOccurs="0">
130
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
131
- <xs:element name="IssuerName" type="xs:anyURI" />
132
- </xs:choice>
133
- <!--
134
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
135
- <xs:element ref="wsp:Policy" minOccurs="0" />
136
- -->
137
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
138
- </xs:sequence>
139
- <xs:attribute ref="tns:IncludeToken" use="optional" />
140
- <xs:anyAttribute namespace="##any" processContents="lax" />
141
- </xs:complexType>
142
-
143
- <xs:element name="NoPassword" type="tns:QNameAssertionType" >
144
- <xs:annotation>
145
- <xs:documentation xml:lang="en">
146
- 5.4.1 UsernameToken Assertion
147
- </xs:documentation>
148
- </xs:annotation>
149
- </xs:element>
150
- <xs:element name="HashPassword" type="tns:QNameAssertionType" >
151
- <xs:annotation>
152
- <xs:documentation xml:lang="en">
153
- 5.4.1 UsernameToken Assertion
154
- </xs:documentation>
155
- </xs:annotation>
156
- </xs:element>
157
- <xs:element name="WssUsernameToken10" type="tns:QNameAssertionType" >
158
- <xs:annotation>
159
- <xs:documentation xml:lang="en">
160
- 5.4.1 UsernameToken Assertion
161
- </xs:documentation>
162
- </xs:annotation>
163
- </xs:element>
164
- <xs:element name="WssUsernameToken11" type="tns:QNameAssertionType" >
165
- <xs:annotation>
166
- <xs:documentation xml:lang="en">
167
- 5.4.1 UsernameToken Assertion
168
- </xs:documentation>
169
- </xs:annotation>
170
- </xs:element>
171
- <!-- RequireDerivedKeys defined below. -->
172
- <!-- RequireImpliedDerivedKeys defined below. -->
173
- <!-- RequireExplicitDerivedKeys defined below. -->
174
-
175
- <xs:complexType name="QNameAssertionType">
176
- <xs:anyAttribute namespace="##any" processContents="lax" />
177
- </xs:complexType>
178
-
179
- <xs:element name="IssuedToken" type="tns:IssuedTokenType">
180
- <xs:annotation>
181
- <xs:documentation xml:lang="en">
182
- 5.4.2 IssuedToken Assertion
183
- </xs:documentation>
184
- </xs:annotation>
185
- </xs:element>
186
- <xs:complexType name="IssuedTokenType">
187
- <xs:sequence>
188
- <xs:choice minOccurs="0">
189
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
190
- <xs:element name="IssuerName" type="xs:anyURI" />
191
- </xs:choice>
192
- <xs:element name="RequestSecurityTokenTemplate" type="tns:RequestSecurityTokenTemplateType" />
193
- <!--
194
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
195
- <xs:element ref="wsp:Policy" minOccurs="0" />
196
- -->
197
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
198
- </xs:sequence>
199
- <xs:attribute ref="tns:IncludeToken" use="optional" />
200
- <xs:anyAttribute namespace="##any" processContents="lax" />
201
- </xs:complexType>
202
- <xs:complexType name="RequestSecurityTokenTemplateType">
203
- <xs:sequence>
204
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
205
- </xs:sequence>
206
- <xs:attribute name="TrustVersion" type="xs:anyURI" use="optional" />
207
- <xs:anyAttribute namespace="##any" processContents="lax" />
208
- </xs:complexType>
209
-
210
- <xs:element name="RequireDerivedKeys" type="tns:QNameAssertionType" >
211
- <xs:annotation>
212
- <xs:documentation xml:lang="en">
213
- 5.4.2 IssuedToken Assertion
214
- </xs:documentation>
215
- </xs:annotation>
216
- </xs:element>
217
- <xs:element name="RequireImpliedDerivedKeys" type="tns:QNameAssertionType" >
218
- <xs:annotation>
219
- <xs:documentation xml:lang="en">
220
- 5.4.2 IssuedToken Assertion
221
- </xs:documentation>
222
- </xs:annotation>
223
- </xs:element>
224
- <xs:element name="RequireExplicitDerivedKeys" type="tns:QNameAssertionType" >
225
- <xs:annotation>
226
- <xs:documentation xml:lang="en">
227
- 5.4.2 IssuedToken Assertion
228
- </xs:documentation>
229
- </xs:annotation>
230
- </xs:element>
231
- <xs:element name="RequireExternalReference" type="tns:QNameAssertionType" >
232
- <xs:annotation>
233
- <xs:documentation xml:lang="en">
234
- 5.4.2 IssuedToken Assertion
235
- </xs:documentation>
236
- </xs:annotation>
237
- </xs:element>
238
- <xs:element name="RequireInternalReference" type="tns:QNameAssertionType" >
239
- <xs:annotation>
240
- <xs:documentation xml:lang="en">
241
- 5.4.2 IssuedToken Assertion
242
- </xs:documentation>
243
- </xs:annotation>
244
- </xs:element>
245
-
246
- <xs:element name="X509Token" type="tns:TokenAssertionType" >
247
- <xs:annotation>
248
- <xs:documentation xml:lang="en">
249
- 5.4.3 X509Token Assertion
250
- </xs:documentation>
251
- </xs:annotation>
252
- </xs:element>
253
- <!-- RequireDerivedKeys defined above. -->
254
- <!-- RequireImpliedDerivedKeys defined above. -->
255
- <!-- RequireExplicitDerivedKeys defined above. -->
256
-
257
- <xs:element name="RequireKeyIdentifierReference" type="tns:QNameAssertionType" >
258
- <xs:annotation>
259
- <xs:documentation xml:lang="en">
260
- 5.4.3 X509Token Assertion
261
- </xs:documentation>
262
- </xs:annotation>
263
- </xs:element>
264
- <xs:element name="RequireIssuerSerialReference" type="tns:QNameAssertionType" >
265
- <xs:annotation>
266
- <xs:documentation xml:lang="en">
267
- 5.4.3 X509Token Assertion
268
- </xs:documentation>
269
- </xs:annotation>
270
- </xs:element>
271
- <xs:element name="RequireEmbeddedTokenReference" type="tns:QNameAssertionType" >
272
- <xs:annotation>
273
- <xs:documentation xml:lang="en">
274
- 5.4.3 X509Token Assertion
275
- </xs:documentation>
276
- </xs:annotation>
277
- </xs:element>
278
- <xs:element name="RequireThumbprintReference" type="tns:QNameAssertionType" >
279
- <xs:annotation>
280
- <xs:documentation xml:lang="en">
281
- 5.4.3 X509Token Assertion
282
- </xs:documentation>
283
- </xs:annotation>
284
- </xs:element>
285
- <xs:element name="WssX509V3Token10" type="tns:QNameAssertionType" >
286
- <xs:annotation>
287
- <xs:documentation xml:lang="en">
288
- 5.4.3 X509Token Assertion
289
- </xs:documentation>
290
- </xs:annotation>
291
- </xs:element>
292
- <xs:element name="WssX509Pkcs7Token10" type="tns:QNameAssertionType" >
293
- <xs:annotation>
294
- <xs:documentation xml:lang="en">
295
- 5.4.3 X509Token Assertion
296
- </xs:documentation>
297
- </xs:annotation>
298
- </xs:element>
299
- <xs:element name="WssX509PkiPathV1Token10" type="tns:QNameAssertionType" >
300
- <xs:annotation>
301
- <xs:documentation xml:lang="en">
302
- 5.4.3 X509Token Assertion
303
- </xs:documentation>
304
- </xs:annotation>
305
- </xs:element>
306
- <xs:element name="WssX509V1Token11" type="tns:QNameAssertionType" >
307
- <xs:annotation>
308
- <xs:documentation xml:lang="en">
309
- 5.4.3 X509Token Assertion
310
- </xs:documentation>
311
- </xs:annotation>
312
- </xs:element>
313
- <xs:element name="WssX509V3Token11" type="tns:QNameAssertionType" >
314
- <xs:annotation>
315
- <xs:documentation xml:lang="en">
316
- 5.4.3 X509Token Assertion
317
- </xs:documentation>
318
- </xs:annotation>
319
- </xs:element>
320
- <xs:element name="WssX509Pkcs7Token11" type="tns:QNameAssertionType" >
321
- <xs:annotation>
322
- <xs:documentation xml:lang="en">
323
- 5.4.3 X509Token Assertion
324
- </xs:documentation>
325
- </xs:annotation>
326
- </xs:element>
327
- <xs:element name="WssX509PkiPathV1Token11" type="tns:QNameAssertionType" >
328
- <xs:annotation>
329
- <xs:documentation xml:lang="en">
330
- 5.4.3 X509Token Assertion
331
- </xs:documentation>
332
- </xs:annotation>
333
- </xs:element>
334
-
335
- <xs:element name="KerberosToken" type="tns:TokenAssertionType" >
336
- <xs:annotation>
337
- <xs:documentation xml:lang="en">
338
- 5.4.4 KerberosToken Assertion
339
- </xs:documentation>
340
- </xs:annotation>
341
- </xs:element>
342
- <!-- RequireDerivedKeys defined above. -->
343
- <!-- RequireImpliedDerivedKeys defined above. -->
344
- <!-- RequireExplicitDerivedKeys defined above. -->
345
- <!-- RequireKeyIdentifierReference defined above. -->
346
-
347
- <xs:element name="WssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
348
- <xs:annotation>
349
- <xs:documentation xml:lang="en">
350
- 5.4.4 KerberosToken Assertion
351
- </xs:documentation>
352
- </xs:annotation>
353
- </xs:element>
354
- <xs:element name="WssGssKerberosV5ApReqToken11" type="tns:QNameAssertionType" >
355
- <xs:annotation>
356
- <xs:documentation xml:lang="en">
357
- 5.4.4 KerberosToken Assertion
358
- </xs:documentation>
359
- </xs:annotation>
360
- </xs:element>
361
-
362
- <xs:element name="SpnegoContextToken" type="tns:SpnegoContextTokenType" >
363
- <xs:annotation>
364
- <xs:documentation xml:lang="en" >
365
- 5.4.5 SpnegoContextToken Assertion
366
- </xs:documentation>
367
- </xs:annotation>
368
- </xs:element>
369
- <xs:complexType name="SpnegoContextTokenType">
370
- <xs:sequence>
371
- <xs:choice minOccurs="0">
372
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
373
- <xs:element name="IssuerName" type="xs:anyURI" />
374
- </xs:choice>
375
- <!--
376
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
377
- <xs:element ref="wsp:Policy" minOccurs="0" />
378
- -->
379
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
380
- </xs:sequence>
381
- <xs:attribute ref="tns:IncludeToken" use="optional" />
382
- <xs:anyAttribute namespace="##any" processContents="lax" />
383
- </xs:complexType>
384
- <!-- RequireDerivedKeys defined above. -->
385
- <!-- RequireImpliedDerivedKeys defined above. -->
386
- <!-- RequireExplicitDerivedKeys defined above. -->
387
- <xs:element name="MustNotSendCancel" type="tns:QNameAssertionType" >
388
- <xs:annotation>
389
- <xs:documentation xml:lang="en">
390
- 5.4.5 SpnegoContextToken Assertion
391
- </xs:documentation>
392
- </xs:annotation>
393
- </xs:element>
394
- <xs:element name="MustNotSendAmend" type="tns:QNameAssertionType" >
395
- <xs:annotation>
396
- <xs:documentation xml:lang="en">
397
- 5.4.5 SpnegoContextToken Assertion
398
- </xs:documentation>
399
- </xs:annotation>
400
- </xs:element>
401
- <xs:element name="MustNotSendRenew" type="tns:QNameAssertionType" >
402
- <xs:annotation>
403
- <xs:documentation xml:lang="en">
404
- 5.4.5 SpnegoContextToken Assertion
405
- </xs:documentation>
406
- </xs:annotation>
407
- </xs:element>
408
-
409
- <xs:element name="SecurityContextToken" type="tns:TokenAssertionType">
410
- <xs:annotation>
411
- <xs:documentation xml:lang="en">
412
- 5.4.6 SecurityContextToken Assertion
413
- </xs:documentation>
414
- </xs:annotation>
415
- </xs:element>
416
- <!-- RequireDerivedKeys defined above. -->
417
- <!-- RequireImpliedDerivedKeys defined above. -->
418
- <!-- RequireExplicitDerivedKeys defined above. -->
419
-
420
- <xs:element name="RequireExternalUriReference" type="tns:QNameAssertionType">
421
- <xs:annotation>
422
- <xs:documentation xml:lang="en">
423
- 5.4.6 SecurityContextToken Assertion
424
- </xs:documentation>
425
- </xs:annotation>
426
- </xs:element>
427
- <xs:element name="SC13SecurityContextToken" type="tns:QNameAssertionType">
428
- <xs:annotation>
429
- <xs:documentation xml:lang="en">
430
- 5.4.6 SecurityContextToken Assertion
431
- </xs:documentation>
432
- </xs:annotation>
433
- </xs:element>
434
-
435
- <xs:element name="SecureConversationToken" type="tns:SecureConversationTokenType" >
436
- <xs:annotation>
437
- <xs:documentation xml:lang="en">
438
- 5.4.7 SecureConversationToken Assertion
439
- </xs:documentation>
440
- </xs:annotation>
441
- </xs:element>
442
- <xs:complexType name="SecureConversationTokenType">
443
- <xs:sequence>
444
- <xs:choice minOccurs="0">
445
- <xs:element name="Issuer" type="wsa:EndpointReferenceType" />
446
- <xs:element name="IssuerName" type="xs:anyURI" />
447
- </xs:choice>
448
- <!--
449
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
450
- <xs:element ref="wsp:Policy" minOccurs="0" />
451
- -->
452
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
453
- </xs:sequence>
454
- <xs:attribute ref="tns:IncludeToken" use="optional" />
455
- <xs:anyAttribute namespace="##any" processContents="lax" />
456
- </xs:complexType>
457
- <!-- RequireDerivedKeys defined above. -->
458
- <!-- RequireImpliedDerivedKeys defined above. -->
459
- <!-- RequireExplicitDerivedKeys defined above. -->
460
- <!-- RequireExternalUriReference defined above. -->
461
- <!-- SC13SecurityContextToken defined above. -->
462
- <!-- MustNotSendCancel defined above. -->
463
- <!-- MustNotSendAmend defined above. -->
464
- <!-- MustNotSendRenew defined above. -->
465
-
466
- <xs:element name="BootstrapPolicy" type="tns:NestedPolicyType">
467
- <xs:annotation>
468
- <xs:documentation xml:lang="en">
469
- 5.4.7 SecureConversationToken Assertion
470
- </xs:documentation>
471
- </xs:annotation>
472
- </xs:element>
473
-
474
- <xs:element name="SamlToken" type="tns:TokenAssertionType">
475
- <xs:annotation>
476
- <xs:documentation xml:lang="en" >
477
- 5.4.8 SamlToken Assertion
478
- </xs:documentation>
479
- </xs:annotation>
480
- </xs:element>
481
- <!-- RequireDerivedKeys defined above. -->
482
- <!-- RequireImpliedDerivedKeys defined above. -->
483
- <!-- RequireExplicitDerivedKeys defined above. -->
484
- <!-- RequireKeyIdentifierReference defined above. -->
485
-
486
- <xs:element name="WssSamlV11Token10" type="tns:QNameAssertionType">
487
- <xs:annotation>
488
- <xs:documentation xml:lang="en">
489
- 5.4.8 SamlToken Assertion
490
- </xs:documentation>
491
- </xs:annotation>
492
- </xs:element>
493
- <xs:element name="WssSamlV11Token11" type="tns:QNameAssertionType">
494
- <xs:annotation>
495
- <xs:documentation xml:lang="en">
496
- 5.4.8 SamlToken Assertion
497
- </xs:documentation>
498
- </xs:annotation>
499
- </xs:element>
500
- <xs:element name="WssSamlV20Token11" type="tns:QNameAssertionType">
501
- <xs:annotation>
502
- <xs:documentation xml:lang="en">
503
- 5.4.8 SamlToken Assertion
504
- </xs:documentation>
505
- </xs:annotation>
506
- </xs:element>
507
-
508
- <xs:element name="RelToken" type="tns:TokenAssertionType">
509
- <xs:annotation>
510
- <xs:documentation xml:lang="en">
511
- 5.4.9 RelToken Assertion
512
- </xs:documentation>
513
- </xs:annotation>
514
- </xs:element>
515
- <!-- RequireDerivedKeys defined above. -->
516
- <!-- RequireImpliedDerivedKeys defined above. -->
517
- <!-- RequireExplicitDerivedKeys defined above. -->
518
- <!-- RequireKeyIdentifierReference defined above. -->
519
-
520
- <xs:element name="WssRelV10Token10" type="tns:QNameAssertionType">
521
- <xs:annotation>
522
- <xs:documentation xml:lang="en">
523
- 5.4.9 RelToken Assertion
524
- </xs:documentation>
525
- </xs:annotation>
526
- </xs:element>
527
- <xs:element name="WssRelV20Token10" type="tns:QNameAssertionType">
528
- <xs:annotation>
529
- <xs:documentation xml:lang="en">
530
- 5.4.9 RelToken Assertion
531
- </xs:documentation>
532
- </xs:annotation>
533
- </xs:element>
534
- <xs:element name="WssRelV10Token11" type="tns:QNameAssertionType">
535
- <xs:annotation>
536
- <xs:documentation xml:lang="en">
537
- 5.4.9 RelToken Assertion
538
- </xs:documentation>
539
- </xs:annotation>
540
- </xs:element>
541
- <xs:element name="WssRelV20Token11" type="tns:QNameAssertionType">
542
- <xs:annotation>
543
- <xs:documentation xml:lang="en">
544
- 5.4.9 RelToken Assertion
545
- </xs:documentation>
546
- </xs:annotation>
547
- </xs:element>
548
-
549
- <xs:element name="HttpsToken" type="tns:TokenAssertionType">
550
- <xs:annotation>
551
- <xs:documentation xml:lang="en">
552
- 5.4.10 HttpsToken Assertion
553
- </xs:documentation>
554
- </xs:annotation>
555
- </xs:element>
556
- <xs:element name="HttpBasicAuthentication" type="tns:QNameAssertionType">
557
- <xs:annotation>
558
- <xs:documentation xml:lang="en">
559
- 5.4.10 HttpsToken Assertion
560
- </xs:documentation>
561
- </xs:annotation>
562
- </xs:element>
563
- <xs:element name="HttpDigestAuthentication" type="tns:QNameAssertionType">
564
- <xs:annotation>
565
- <xs:documentation xml:lang="en">
566
- 5.4.10 HttpsToken Assertion
567
- </xs:documentation>
568
- </xs:annotation>
569
- </xs:element>
570
- <xs:element name="RequireClientCertificate" type="tns:QNameAssertionType">
571
- <xs:annotation>
572
- <xs:documentation xml:lang="en">
573
- 5.4.10 HttpsToken Assertion
574
- </xs:documentation>
575
- </xs:annotation>
576
- </xs:element>
577
-
578
- <xs:element name="KeyValueToken" type="tns:KeyValueTokenType">
579
- <xs:annotation>
580
- <xs:documentation xml:lang="en">
581
- 5.4.11 KeyValueToken Assertion
582
- </xs:documentation>
583
- </xs:annotation>
584
- </xs:element>
585
- <xs:complexType name="KeyValueTokenType">
586
- <xs:sequence>
587
- <!--
588
- Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
589
- <xs:element ref="wsp:Policy" minOccurs="0" />
590
- -->
591
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
592
- </xs:sequence>
593
- <xs:attribute ref="tns:IncludeToken" use="optional" />
594
- <xs:anyAttribute namespace="##any" processContents="lax" />
595
- </xs:complexType>
596
- <xs:element name="RsaKeyValue" type="tns:QNameAssertionType">
597
- <xs:annotation>
598
- <xs:documentation xml:lang="en">
599
- 5.4.11 KeyValueToken Assertion
600
- </xs:documentation>
601
- </xs:annotation>
602
- </xs:element>
603
-
604
- <!--
605
- 7. Security Binding Assertions
606
- -->
607
- <xs:element name="AlgorithmSuite" type="tns:NestedPolicyType" >
608
- <xs:annotation>
609
- <xs:documentation xml:lang="en">
610
- 7.1 AlgorithmSuite Assertion
611
- </xs:documentation>
612
- </xs:annotation>
613
- </xs:element>
614
- <xs:complexType name="NestedPolicyType">
615
- <xs:sequence>
616
- <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>
617
- </xs:sequence>
618
- <xs:anyAttribute namespace="##any" processContents="lax" />
619
- </xs:complexType>
620
-
621
- <xs:element name="Basic256" type="tns:QNameAssertionType">
622
- <xs:annotation>
623
- <xs:documentation xml:lang="en">
624
- 7.1 AlgorithmSuite Assertion
625
- </xs:documentation>
626
- </xs:annotation>
627
- </xs:element>
628
- <xs:element name="Basic192" type="tns:QNameAssertionType">
629
- <xs:annotation>
630
- <xs:documentation xml:lang="en">
631
- 7.1 AlgorithmSuite Assertion
632
- </xs:documentation>
633
- </xs:annotation>
634
- </xs:element>
635
- <xs:element name="Basic128" type="tns:QNameAssertionType">
636
- <xs:annotation>
637
- <xs:documentation xml:lang="en">
638
- 7.1 AlgorithmSuite Assertion
639
- </xs:documentation>
640
- </xs:annotation>
641
- </xs:element>
642
- <xs:element name="TripleDes" type="tns:QNameAssertionType">
643
- <xs:annotation>
644
- <xs:documentation xml:lang="en">
645
- 7.1 AlgorithmSuite Assertion
646
- </xs:documentation>
647
- </xs:annotation>
648
- </xs:element>
649
- <xs:element name="Basic256Rsa15" type="tns:QNameAssertionType">
650
- <xs:annotation>
651
- <xs:documentation xml:lang="en">
652
- 7.1 AlgorithmSuite Assertion
653
- </xs:documentation>
654
- </xs:annotation>
655
- </xs:element>
656
- <xs:element name="Basic192Rsa15" type="tns:QNameAssertionType">
657
- <xs:annotation>
658
- <xs:documentation xml:lang="en">
659
- 7.1 AlgorithmSuite Assertion
660
- </xs:documentation>
661
- </xs:annotation>
662
- </xs:element>
663
- <xs:element name="Basic128Rsa15" type="tns:QNameAssertionType">
664
- <xs:annotation>
665
- <xs:documentation xml:lang="en">
666
- 7.1 AlgorithmSuite Assertion
667
- </xs:documentation>
668
- </xs:annotation>
669
- </xs:element>
670
- <xs:element name="TripleDesRsa15" type="tns:QNameAssertionType">
671
- <xs:annotation>
672
- <xs:documentation xml:lang="en">
673
- 7.1 AlgorithmSuite Assertion
674
- </xs:documentation>
675
- </xs:annotation>
676
- </xs:element>
677
- <xs:element name="Basic256Sha256" type="tns:QNameAssertionType">
678
- <xs:annotation>
679
- <xs:documentation xml:lang="en">
680
- 7.1 AlgorithmSuite Assertion
681
- </xs:documentation>
682
- </xs:annotation>
683
- </xs:element>
684
- <xs:element name="Basic192Sha256" type="tns:QNameAssertionType">
685
- <xs:annotation>
686
- <xs:documentation xml:lang="en">
687
- 7.1 AlgorithmSuite Assertion
688
- </xs:documentation>
689
- </xs:annotation>
690
- </xs:element>
691
- <xs:element name="Basic128Sha256" type="tns:QNameAssertionType">
692
- <xs:annotation>
693
- <xs:documentation xml:lang="en">
694
- 7.1 AlgorithmSuite Assertion
695
- </xs:documentation>
696
- </xs:annotation>
697
- </xs:element>
698
- <xs:element name="TripleDesSha256" type="tns:QNameAssertionType">
699
- <xs:annotation>
700
- <xs:documentation xml:lang="en">
701
- 7.1 AlgorithmSuite Assertion
702
- </xs:documentation>
703
- </xs:annotation>
704
- </xs:element>
705
- <xs:element name="Basic256Sha256Rsa15" type="tns:QNameAssertionType">
706
- <xs:annotation>
707
- <xs:documentation xml:lang="en">
708
- 7.1 AlgorithmSuite Assertion
709
- </xs:documentation>
710
- </xs:annotation>
711
- </xs:element>
712
- <xs:element name="Basic192Sha256Rsa15" type="tns:QNameAssertionType">
713
- <xs:annotation>
714
- <xs:documentation xml:lang="en">
715
- 7.1 AlgorithmSuite Assertion
716
- </xs:documentation>
717
- </xs:annotation>
718
- </xs:element>
719
- <xs:element name="Basic128Sha256Rsa15" type="tns:QNameAssertionType">
720
- <xs:annotation>
721
- <xs:documentation xml:lang="en">
722
- 7.1 AlgorithmSuite Assertion
723
- </xs:documentation>
724
- </xs:annotation>
725
- </xs:element>
726
- <xs:element name="TripleDesSha256Rsa15" type="tns:QNameAssertionType">
727
- <xs:annotation>
728
- <xs:documentation xml:lang="en">
729
- 7.1 AlgorithmSuite Assertion
730
- </xs:documentation>
731
- </xs:annotation>
732
- </xs:element>
733
- <xs:element name="InclusiveC14N" type="tns:QNameAssertionType">
734
- <xs:annotation>
735
- <xs:documentation xml:lang="en">
736
- 7.1 AlgorithmSuite Assertion
737
- </xs:documentation>
738
- </xs:annotation>
739
- </xs:element>
740
- <xs:element name="SOAPNormalization10" type="tns:QNameAssertionType">
741
- <xs:annotation>
742
- <xs:documentation xml:lang="en">
743
- 7.1 AlgorithmSuite Assertion
744
- </xs:documentation>
745
- </xs:annotation>
746
- </xs:element>
747
- <xs:element name="STRTransform10" type="tns:QNameAssertionType">
748
- <xs:annotation>
749
- <xs:documentation xml:lang="en">
750
- 7.1 AlgorithmSuite Assertion
751
- </xs:documentation>
752
- </xs:annotation>
753
- </xs:element>
754
- <xs:element name="XPath10" type="tns:QNameAssertionType">
755
- <xs:annotation>
756
- <xs:documentation xml:lang="en">
757
- 7.1 AlgorithmSuite Assertion
758
- </xs:documentation>
759
- </xs:annotation>
760
- </xs:element>
761
- <xs:element name="XPathFilter20" type="tns:QNameAssertionType">
762
- <xs:annotation>
763
- <xs:documentation xml:lang="en">
764
- 7.1 AlgorithmSuite Assertion
765
- </xs:documentation>
766
- </xs:annotation>
767
- </xs:element>
768
- <xs:element name="AbsXPath" type="tns:QNameAssertionType">
769
- <xs:annotation>
770
- <xs:documentation xml:lang="en">
771
- 7.1 AlgorithmSuite Assertion
772
- </xs:documentation>
773
- </xs:annotation>
774
- </xs:element>
775
-
776
- <xs:element name="Layout" type="tns:NestedPolicyType">
777
- <xs:annotation>
778
- <xs:documentation xml:lang="en">
779
- 7.2 Layout Assertion
780
- </xs:documentation>
781
- </xs:annotation>
782
- </xs:element>
783
-
784
- <xs:element name="Strict" type="tns:QNameAssertionType">
785
- <xs:annotation>
786
- <xs:documentation xml:lang="en">
787
- 7.2 Layout Assertion
788
- </xs:documentation>
789
- </xs:annotation>
790
- </xs:element>
791
- <xs:element name="Lax" type="tns:QNameAssertionType">
792
- <xs:annotation>
793
- <xs:documentation xml:lang="en">
794
- 7.2 Layout Assertion
795
- </xs:documentation>
796
- </xs:annotation>
797
- </xs:element>
798
- <xs:element name="LaxTsFirst" type="tns:QNameAssertionType">
799
- <xs:annotation>
800
- <xs:documentation xml:lang="en">
801
- 7.2 Layout Assertion
802
- </xs:documentation>
803
- </xs:annotation>
804
- </xs:element>
805
- <xs:element name="LaxTsLast" type="tns:QNameAssertionType">
806
- <xs:annotation>
807
- <xs:documentation xml:lang="en">
808
- 7.2 Layout Assertion
809
- </xs:documentation>
810
- </xs:annotation>
811
- </xs:element>
812
-
813
- <xs:element name="TransportBinding" type="tns:NestedPolicyType">
814
- <xs:annotation>
815
- <xs:documentation xml:lang="en">
816
- 7.3 TransportBinding Assertion
817
- </xs:documentation>
818
- </xs:annotation>
819
- </xs:element>
820
-
821
- <xs:element name="TransportToken" type="tns:NestedPolicyType">
822
- <xs:annotation>
823
- <xs:documentation xml:lang="en">
824
- 7.3 TransportBinding Assertion
825
- </xs:documentation>
826
- </xs:annotation>
827
- </xs:element>
828
- <!-- AlgorithmSuite defined above. -->
829
- <!-- Layout defined above. -->
830
-
831
- <xs:element name="IncludeTimestamp" type="tns:QNameAssertionType">
832
- <xs:annotation>
833
- <xs:documentation xml:lang="en">
834
- 7.3 TransportBinding Assertion
835
- </xs:documentation>
836
- </xs:annotation>
837
- </xs:element>
838
-
839
- <xs:element name="SymmetricBinding" type="tns:NestedPolicyType">
840
- <xs:annotation>
841
- <xs:documentation xml:lang="en">
842
- 7.4 SymmetricBinding Assertion
843
- </xs:documentation>
844
- </xs:annotation>
845
- </xs:element>
846
- <xs:element name="EncryptionToken" type="tns:NestedPolicyType">
847
- <xs:annotation>
848
- <xs:documentation xml:lang="en">
849
- 7.4 SymmetricBinding Assertion
850
- </xs:documentation>
851
- </xs:annotation>
852
- </xs:element>
853
- <xs:element name="SignatureToken" type="tns:NestedPolicyType">
854
- <xs:annotation>
855
- <xs:documentation xml:lang="en">
856
- 8=7.4 SymmetricBinding Assertion
857
- </xs:documentation>
858
- </xs:annotation>
859
- </xs:element>
860
- <xs:element name="ProtectionToken" type="tns:NestedPolicyType">
861
- <xs:annotation>
862
- <xs:documentation xml:lang="en">
863
- 7.4 SymmetricBinding Assertion
864
- </xs:documentation>
865
- </xs:annotation>
866
- </xs:element>
867
- <!-- AlgorithmSuite defined above. -->
868
- <!-- Layout defined above. -->
869
- <!-- IncludeTimestamp defined above. -->
870
-
871
- <xs:element name="EncryptBeforeSigning" type="tns:QNameAssertionType">
872
- <xs:annotation>
873
- <xs:documentation xml:lang="en">
874
- 7.4 SymmetricBinding Assertion
875
- </xs:documentation>
876
- </xs:annotation>
877
- </xs:element>
878
- <xs:element name="EncryptSignature" type="tns:QNameAssertionType">
879
- <xs:annotation>
880
- <xs:documentation xml:lang="en">
881
- 7.4 SymmetricBinding Assertion
882
- </xs:documentation>
883
- </xs:annotation>
884
- </xs:element>
885
- <xs:element name="ProtectTokens" type="tns:QNameAssertionType">
886
- <xs:annotation>
887
- <xs:documentation xml:lang="en">
888
- 7.4 SymmetricBinding Assertion
889
- </xs:documentation>
890
- </xs:annotation>
891
- </xs:element>
892
- <xs:element name="OnlySignEntireHeadersAndBody" type="tns:QNameAssertionType">
893
- <xs:annotation>
894
- <xs:documentation xml:lang="en">
895
- 7.4 SymmetricBinding Assertion
896
- </xs:documentation>
897
- </xs:annotation>
898
- </xs:element>
899
-
900
- <xs:element name="AsymmetricBinding" type="tns:NestedPolicyType">
901
- <xs:annotation>
902
- <xs:documentation xml:lang="en">
903
- 7.5 AsymmetricBinding Assertion
904
- </xs:documentation>
905
- </xs:annotation>
906
- </xs:element>
907
-
908
- <xs:element name="InitiatorToken" type="tns:NestedPolicyType">
909
- <xs:annotation>
910
- <xs:documentation xml:lang="en">
911
- 7.5 AsymmetricBinding Assertion
912
- </xs:documentation>
913
- </xs:annotation>
914
- </xs:element>
915
-
916
- <xs:element name="InitiatorSignatureToken" type="tns:NestedPolicyType">
917
- <xs:annotation>
918
- <xs:documentation xml:lang="en">
919
- 7.5 AsymmetricBinding Assertion
920
- </xs:documentation>
921
- </xs:annotation>
922
- </xs:element>
923
-
924
- <xs:element name="InitiatorEncryptionToken" type="tns:NestedPolicyType">
925
- <xs:annotation>
926
- <xs:documentation xml:lang="en">
927
- 7.5 AsymmetricBinding Assertion
928
- </xs:documentation>
929
- </xs:annotation>
930
- </xs:element>
931
-
932
- <xs:element name="RecipientToken" type="tns:NestedPolicyType">
933
- <xs:annotation>
934
- <xs:documentation xml:lang="en">
935
- 7.5 AsymmetricBinding Assertion
936
- </xs:documentation>
937
- </xs:annotation>
938
- </xs:element>
939
-
940
- <xs:element name="RecipientSignatureToken" type="tns:NestedPolicyType">
941
- <xs:annotation>
942
- <xs:documentation xml:lang="en">
943
- 7.5 AsymmetricBinding Assertion
944
- </xs:documentation>
945
- </xs:annotation>
946
- </xs:element>
947
-
948
- <xs:element name="RecipientEncryptionToken" type="tns:NestedPolicyType">
949
- <xs:annotation>
950
- <xs:documentation xml:lang="en">
951
- 7.5 AsymmetricBinding Assertion
952
- </xs:documentation>
953
- </xs:annotation>
954
- </xs:element>
955
- <!-- AlgorithmSuite defined above. -->
956
- <!-- Layout defined above. -->
957
- <!-- IncludeTimestamp defined above. -->
958
- <!-- EncryptBeforeSigning defined above. -->
959
- <!-- EncryptSignature defined above. -->
960
- <!-- ProtectTokens defined above. -->
961
- <!-- OnlySignEntireHeadersAndBody defined above. -->
962
-
963
- <!--
964
- 8. Supporting Tokens
965
- -->
966
- <xs:element name="SupportingTokens" type="tns:NestedPolicyType">
967
- <xs:annotation>
968
- <xs:documentation xml:lang="en">
969
- 8.1 SupportingTokens Assertion
970
- </xs:documentation>
971
- </xs:annotation>
972
- </xs:element>
973
- <!-- AlgorithmSuite defined above. -->
974
- <!-- SignedParts defined above. -->
975
- <!-- SignedElements defined above. -->
976
- <!-- EncryptedParts defined above. -->
977
- <!-- EncryptedElements defined above. -->
978
-
979
- <xs:element name="SignedSupportingTokens" type="tns:NestedPolicyType">
980
- <xs:annotation>
981
- <xs:documentation xml:lang="en">
982
- 8.2 SignedSupportingTokens Assertion
983
- </xs:documentation>
984
- </xs:annotation>
985
- </xs:element>
986
- <!-- AlgorithmSuite defined above. -->
987
- <!-- SignedParts defined above. -->
988
- <!-- SignedElements defined above. -->
989
- <!-- EncryptedParts defined above. -->
990
- <!-- EncryptedElements defined above. -->
991
-
992
- <xs:element name="EndorsingSupportingTokens" type="tns:NestedPolicyType">
993
- <xs:annotation>
994
- <xs:documentation xml:lang="en">
995
- 8.3 EndorsingSupportingTokens Assertion
996
- </xs:documentation>
997
- </xs:annotation>
998
- </xs:element>
999
- <!-- AlgorithmSuite defined above. -->
1000
- <!-- SignedParts defined above. -->
1001
- <!-- SignedElements defined above. -->
1002
- <!-- EncryptedParts defined above. -->
1003
- <!-- EncryptedElements defined above. -->
1004
-
1005
- <xs:element name="SignedEndorsingSupportingTokens" type="tns:NestedPolicyType">
1006
- <xs:annotation>
1007
- <xs:documentation xml:lang="en">
1008
- 8.4 SignedEndorsingSupportingTokens Assertion
1009
- </xs:documentation>
1010
- </xs:annotation>
1011
- </xs:element>
1012
- <!-- AlgorithmSuite defined above. -->
1013
- <!-- SignedParts defined above. -->
1014
- <!-- SignedElements defined above. -->
1015
- <!-- EncryptedParts defined above. -->
1016
- <!-- EncryptedElements defined above. -->
1017
-
1018
- <xs:element name="SignedEncryptedSupportingTokens" type="tns:NestedPolicyType">
1019
- <xs:annotation>
1020
- <xs:documentation xml:lang="en">
1021
- 8.5 SignedEncryptedSupportingTokens Assertion
1022
- </xs:documentation>
1023
- </xs:annotation>
1024
- </xs:element>
1025
- <!-- AlgorithmSuite defined above. -->
1026
- <!-- SignedParts defined above. -->
1027
- <!-- SignedElements defined above. -->
1028
- <!-- EncryptedParts defined above. -->
1029
- <!-- EncryptedElements defined above. -->
1030
-
1031
- <xs:element name="EncryptedSupportingTokens" type="tns:NestedPolicyType">
1032
- <xs:annotation>
1033
- <xs:documentation xml:lang="en">
1034
- 8.6 EncryptedSupportingTokens Assertion
1035
- </xs:documentation>
1036
- </xs:annotation>
1037
- </xs:element>
1038
- <!-- AlgorithmSuite defined above. -->
1039
- <!-- SignedParts defined above. -->
1040
- <!-- SignedElements defined above. -->
1041
- <!-- EncryptedParts defined above. -->
1042
- <!-- EncryptedElements defined above. -->
1043
-
1044
- <xs:element name="EndorsingEncryptedSupportingTokens" type="tns:NestedPolicyType">
1045
- <xs:annotation>
1046
- <xs:documentation xml:lang="en">
1047
- 8.7 EndorsingEncryptedSupportingTokens Assertion
1048
- </xs:documentation>
1049
- </xs:annotation>
1050
- </xs:element>
1051
- <!-- AlgorithmSuite defined above. -->
1052
- <!-- SignedParts defined above. -->
1053
- <!-- SignedElements defined above. -->
1054
- <!-- EncryptedParts defined above. -->
1055
- <!-- EncryptedElements defined above. -->
1056
-
1057
- <xs:element name="SignedEndorsingEncryptedSupportingTokens" type="tns:NestedPolicyType">
1058
- <xs:annotation>
1059
- <xs:documentation xml:lang="en">
1060
- 8.8 SignedEndorsingEncryptedSupportingTokens Assertion
1061
- </xs:documentation>
1062
- </xs:annotation>
1063
- </xs:element>
1064
- <!-- AlgorithmSuite defined above. -->
1065
- <!-- SignedParts defined above. -->
1066
- <!-- SignedElements defined above. -->
1067
- <!-- EncryptedParts defined above. -->
1068
- <!-- EncryptedElements defined above. -->
1069
-
1070
- <!--
1071
- 9. WSS: SOAP Message Security Options
1072
- -->
1073
- <xs:element name="Wss10" type="tns:NestedPolicyType">
1074
- <xs:annotation>
1075
- <xs:documentation xml:lang="en">
1076
- 9.1 Wss10 Assertion
1077
- </xs:documentation>
1078
- </xs:annotation>
1079
- </xs:element>
1080
-
1081
- <xs:element name="MustSupportRefKeyIdentifier" type="tns:QNameAssertionType">
1082
- <xs:annotation>
1083
- <xs:documentation xml:lang="en">
1084
- 9.1 Wss10 Assertion
1085
- </xs:documentation>
1086
- </xs:annotation>
1087
- </xs:element>
1088
- <xs:element name="MustSupportRefIssuerSerial" type="tns:QNameAssertionType">
1089
- <xs:annotation>
1090
- <xs:documentation xml:lang="en">
1091
- 9.1 Wss10 Assertion
1092
- </xs:documentation>
1093
- </xs:annotation>
1094
- </xs:element>
1095
- <xs:element name="MustSupportRefExternalURI" type="tns:QNameAssertionType">
1096
- <xs:annotation>
1097
- <xs:documentation xml:lang="en">
1098
- 9.1 Wss10 Assertion
1099
- </xs:documentation>
1100
- </xs:annotation>
1101
- </xs:element>
1102
- <xs:element name="MustSupportRefEmbeddedToken" type="tns:QNameAssertionType">
1103
- <xs:annotation>
1104
- <xs:documentation xml:lang="en">
1105
- 9.1 Wss10 Assertion
1106
- </xs:documentation>
1107
- </xs:annotation>
1108
- </xs:element>
1109
-
1110
- <xs:element name="Wss11" type="tns:NestedPolicyType">
1111
- <xs:annotation>
1112
- <xs:documentation xml:lang="en">
1113
- 9.2 Wss11 Assertion
1114
- </xs:documentation>
1115
- </xs:annotation>
1116
- </xs:element>
1117
- <!-- MustSupportRefKeyIdentifier defined above. -->
1118
- <!-- MustSupportRefIssuerSerial defined above. -->
1119
- <!-- MustSupportRefExternalURI defined above. -->
1120
- <!-- MustSupportRefEmbeddedToken defined above. -->
1121
-
1122
- <xs:element name="MustSupportRefThumbprint" type="tns:QNameAssertionType">
1123
- <xs:annotation>
1124
- <xs:documentation xml:lang="en">
1125
- 9.2 Wss11 Assertion
1126
- </xs:documentation>
1127
- </xs:annotation>
1128
- </xs:element>
1129
- <xs:element name="MustSupportRefEncryptedKey" type="tns:QNameAssertionType">
1130
- <xs:annotation>
1131
- <xs:documentation xml:lang="en">
1132
- 9.2 Wss11 Assertion
1133
- </xs:documentation>
1134
- </xs:annotation>
1135
- </xs:element>
1136
- <xs:element name="RequireSignatureConfirmation" type="tns:QNameAssertionType">
1137
- <xs:annotation>
1138
- <xs:documentation xml:lang="en">
1139
- 9.2 Wss11 Assertion
1140
- </xs:documentation>
1141
- </xs:annotation>
1142
- </xs:element>
1143
-
1144
- <!--
1145
- 10. WS-Trust Options
1146
- -->
1147
- <xs:element name="Trust13" type="tns:NestedPolicyType">
1148
- <xs:annotation>
1149
- <xs:documentation xml:lang="en">
1150
- 10.1 Trust13 Assertion
1151
- </xs:documentation>
1152
- </xs:annotation>
1153
- </xs:element>
1154
-
1155
- <xs:element name="MustSupportClientChallenge" type="tns:QNameAssertionType">
1156
- <xs:annotation>
1157
- <xs:documentation xml:lang="en">
1158
- 10.1 Trust13 Assertion
1159
- </xs:documentation>
1160
- </xs:annotation>
1161
- </xs:element>
1162
- <xs:element name="MustSupportServerChallenge" type="tns:QNameAssertionType">
1163
- <xs:annotation>
1164
- <xs:documentation xml:lang="en">
1165
- 10.1 Trust13 Assertion
1166
- </xs:documentation>
1167
- </xs:annotation>
1168
- </xs:element>
1169
- <xs:element name="RequireClientEntropy" type="tns:QNameAssertionType">
1170
- <xs:annotation>
1171
- <xs:documentation xml:lang="en">
1172
- 10.1 Trust13 Assertion
1173
- </xs:documentation>
1174
- </xs:annotation>
1175
- </xs:element>
1176
- <xs:element name="RequireServerEntropy" type="tns:QNameAssertionType">
1177
- <xs:annotation>
1178
- <xs:documentation xml:lang="en">
1179
- 10.1 Trust13 Assertion
1180
- </xs:documentation>
1181
- </xs:annotation>
1182
- </xs:element>
1183
- <xs:element name="MustSupportIssuedTokens" type="tns:QNameAssertionType">
1184
- <xs:annotation>
1185
- <xs:documentation xml:lang="en">
1186
- 10.1 Trust13 Assertion
1187
- </xs:documentation>
1188
- </xs:annotation>
1189
- </xs:element>
1190
- <xs:element name="RequireRequestSecurityTokenCollection" type="tns:QNameAssertionType">
1191
- <xs:annotation>
1192
- <xs:documentation xml:lang="en">
1193
- 10.1 Trust13 Assertion
1194
- </xs:documentation>
1195
- </xs:annotation>
1196
- </xs:element>
1197
- <xs:element name="RequireAppiesTo" type="tns:QNameAssertionType">
1198
- <xs:annotation>
1199
- <xs:documentation xml:lang="en">
1200
- 10.1 Trust13 Assertion
1201
- </xs:documentation>
1202
- </xs:annotation>
1203
- </xs:element>
1204
-
1205
- </xs:schema>