359 lines
18 KiB
XML
359 lines
18 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<xs:schema xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:vswstep="http://schemas.verisign.com/pkiservices/2009/07/enrollment" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:xs="http://www.w3.org/2001/XMLSchema">
|
|
<xs:import schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
|
|
<xs:import schemaLocation="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" />
|
|
<xs:import schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd" namespace="http://schemas.xmlsoap.org/ws/2004/09/policy" />
|
|
<xs:import schemaLocation="http://www.w3.org/2006/03/addressing/ws-addr.xsd" namespace="http://www.w3.org/2005/08/addressing" />
|
|
<xs:import schemaLocation="VS_WSTEP.xsd" namespace="http://schemas.verisign.com/pkiservices/2009/07/enrollment" />
|
|
<xs:element name="RequestSecurityToken" type="wst:RequestSecurityTokenType" />
|
|
<xs:complexType name="RequestSecurityTokenType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
|
|
|
|
<xs:element ref='wst:TokenType' minOccurs='0' />
|
|
<xs:element ref='wst:RequestType' />
|
|
<xs:element ref='wsp:AppliesTo' minOccurs='0' />
|
|
<xs:element ref='wst:Claims' minOccurs='0' />
|
|
<xs:element ref='wst:Entropy' minOccurs='0' />
|
|
<xs:element ref='wst:Lifetime' minOccurs='0' />
|
|
<xs:element ref='wst:AllowPostdating' minOccurs='0' />
|
|
<xs:element ref='wst:Renewing' minOccurs='0' />
|
|
<xs:element ref='wst:OnBehalfOf' minOccurs='0' />
|
|
<xs:element ref='wst:Issuer' minOccurs='0' />
|
|
<xs:element ref='wst:AuthenticationType' minOccurs='0' />
|
|
<xs:element ref='wst:KeyType' minOccurs='0' />
|
|
<xs:element ref='wst:KeySize' minOccurs='0' />
|
|
<xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
|
|
<xs:element ref='wst:Encryption' minOccurs='0' />
|
|
<xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' />
|
|
<xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
|
|
<xs:element ref='wst:ProofEncryption' minOccurs='0' />
|
|
<xs:element ref='wst:UseKey' minOccurs='0' />
|
|
<xs:element ref='wst:SignWith' minOccurs='0' />
|
|
<xs:element ref='wst:EncryptWith' minOccurs='0' />
|
|
<xs:element ref='wst:DelegateTo' minOccurs='0' />
|
|
<xs:element ref='wst:Forwardable' minOccurs='0' />
|
|
<xs:element ref='wst:Delegatable' minOccurs='0' />
|
|
<xs:element ref='wsp:Policy' minOccurs='0' />
|
|
<xs:element ref='wsp:PolicyReference' minOccurs='0' />
|
|
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
|
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:choice>
|
|
<xs:element ref="vswstep:requestVSSecurityToken" />
|
|
</xs:choice>
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
<xs:attribute name="Context" type="xs:anyURI" use="optional" />
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:complexType>
|
|
<xs:element name="TokenType" type="xs:anyURI" />
|
|
<xs:element name="RequestType" type="wst:RequestTypeOpenEnum" />
|
|
<xs:simpleType name="RequestTypeOpenEnum">
|
|
<xs:union memberTypes="wst:RequestTypeEnum xs:anyURI" />
|
|
</xs:simpleType>
|
|
<xs:simpleType name="RequestTypeEnum">
|
|
<xs:restriction base="xs:anyURI">
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/STSCancel" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate" />
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
<xs:element name="RequestSecurityTokenResponse" type="wst:RequestSecurityTokenResponseType" />
|
|
<xs:complexType name="RequestSecurityTokenResponseType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
|
|
|
|
<xs:element ref='wst:TokenType' minOccurs='0' />
|
|
<xs:element ref='wst:RequestType' />
|
|
<xs:element ref='wst:RequestedSecurityToken' minOccurs='0' />
|
|
<xs:element ref='wsp:AppliesTo' minOccurs='0' />
|
|
<xs:element ref='wst:RequestedAttachedReference' minOccurs='0' />
|
|
<xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' />
|
|
<xs:element ref='wst:RequestedProofToken' minOccurs='0' />
|
|
<xs:element ref='wst:Entropy' minOccurs='0' />
|
|
<xs:element ref='wst:Lifetime' minOccurs='0' />
|
|
<xs:element ref='wst:Status' minOccurs='0' />
|
|
<xs:element ref='wst:AllowPostdating' minOccurs='0' />
|
|
<xs:element ref='wst:Renewing' minOccurs='0' />
|
|
<xs:element ref='wst:OnBehalfOf' minOccurs='0' />
|
|
<xs:element ref='wst:Issuer' minOccurs='0' />
|
|
<xs:element ref='wst:AuthenticationType' minOccurs='0' />
|
|
<xs:element ref='wst:Authenticator' minOccurs='0' />
|
|
<xs:element ref='wst:KeyType' minOccurs='0' />
|
|
<xs:element ref='wst:KeySize' minOccurs='0' />
|
|
<xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
|
|
<xs:element ref='wst:Encryption' minOccurs='0' />
|
|
<xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' />
|
|
<xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
|
|
<xs:element ref='wst:ProofEncryption' minOccurs='0' />
|
|
<xs:element ref='wst:UseKey' minOccurs='0' />
|
|
<xs:element ref='wst:SignWith' minOccurs='0' />
|
|
<xs:element ref='wst:EncryptWith' minOccurs='0' />
|
|
<xs:element ref='wst:DelegateTo' minOccurs='0' />
|
|
<xs:element ref='wst:Forwardable' minOccurs='0' />
|
|
<xs:element ref='wst:Delegatable' minOccurs='0' />
|
|
<xs:element ref='wsp:Policy' minOccurs='0' />
|
|
<xs:element ref='wsp:PolicyReference' minOccurs='0' />
|
|
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
|
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:choice>
|
|
<xs:element ref="vswstep:RequestVSSecurityTokenResponse" />
|
|
</xs:choice>
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
<xs:attribute name="Context" type="xs:anyURI" use="optional" />
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:complexType>
|
|
<xs:element name="RequestedSecurityToken" type="wst:RequestedSecurityTokenType" />
|
|
<xs:complexType name="RequestedSecurityTokenType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="BinarySecret" type="wst:BinarySecretType" />
|
|
<xs:complexType name="BinarySecretType">
|
|
<xs:simpleContent>
|
|
<xs:extension base="xs:base64Binary">
|
|
<xs:attribute name="Type" type="wst:BinarySecretTypeOpenEnum" use="optional" />
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:extension>
|
|
</xs:simpleContent>
|
|
</xs:complexType>
|
|
<xs:simpleType name="BinarySecretTypeEnum">
|
|
<xs:restriction base="xs:anyURI">
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/AsymmetricKey" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce" />
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
<xs:simpleType name="BinarySecretTypeOpenEnum">
|
|
<xs:union memberTypes="wst:BinarySecretTypeEnum xs:anyURI" />
|
|
</xs:simpleType>
|
|
<xs:element name="Claims" type="wst:ClaimsType" />
|
|
<xs:complexType name="ClaimsType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
<xs:attribute name="Dialect" type="xs:anyURI" use="optional" />
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:complexType>
|
|
<xs:element name="Entropy" type="wst:EntropyType" />
|
|
<xs:complexType name="EntropyType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:complexType>
|
|
<xs:element name="Lifetime" type="wst:LifetimeType" />
|
|
<xs:complexType name="LifetimeType">
|
|
<xs:sequence>
|
|
<xs:element minOccurs="0" ref="wsu:Created" />
|
|
<xs:element minOccurs="0" ref="wsu:Expires" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="RequestSecurityTokenCollection" type="wst:RequestSecurityTokenCollectionType" />
|
|
<xs:complexType name="RequestSecurityTokenCollectionType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The RequestSecurityTokenCollection (RSTC) element is used to provide multiple RST requests.
|
|
One or more RSTR elements in an RSTRC element are returned in the response to the RequestSecurityTokenCollection.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element minOccurs="2" maxOccurs="unbounded" name="RequestSecurityToken" type="wst:RequestSecurityTokenType" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="RequestSecurityTokenResponseCollection" type="wst:RequestSecurityTokenResponseCollectionType" />
|
|
<xs:complexType name="RequestSecurityTokenResponseCollectionType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The <wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST be used to return a security token or
|
|
response to a security token request on the final response.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element minOccurs="1" maxOccurs="unbounded" ref="wst:RequestSecurityTokenResponse" />
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:complexType>
|
|
<xs:element name="ComputedKey" type="wst:ComputedKeyOpenEnum" />
|
|
<xs:simpleType name="ComputedKeyEnum">
|
|
<xs:restriction base="xs:anyURI">
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/HASH" />
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
<xs:simpleType name="ComputedKeyOpenEnum">
|
|
<xs:union memberTypes="wst:ComputedKeyEnum xs:anyURI" />
|
|
</xs:simpleType>
|
|
<xs:element name="RequestedAttachedReference" type="wst:RequestedReferenceType" />
|
|
<xs:element name="RequestedUnattachedReference" type="wst:RequestedReferenceType" />
|
|
<xs:complexType name="RequestedReferenceType">
|
|
<xs:sequence>
|
|
<xs:element ref="wsse:SecurityTokenReference" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="RequestedProofToken" type="wst:RequestedProofTokenType" />
|
|
<xs:complexType name="RequestedProofTokenType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="IssuedTokens" type="wst:RequestSecurityTokenResponseCollectionType" />
|
|
<xs:element name="RenewTarget" type="wst:RenewTargetType" />
|
|
<xs:complexType name="RenewTargetType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="1" maxOccurs="1" namespace="##other" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="AllowPostdating" type="wst:AllowPostdatingType" />
|
|
<xs:complexType name="AllowPostdatingType" />
|
|
<xs:element name="Renewing" type="wst:RenewingType" />
|
|
<xs:complexType name="RenewingType">
|
|
<xs:attribute name="Allow" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="OK" type="xs:boolean" use="optional" />
|
|
</xs:complexType>
|
|
<xs:element name="CancelTarget" type="wst:CancelTargetType" />
|
|
<xs:complexType name="CancelTargetType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="1" maxOccurs="1" namespace="##other" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="RequestedTokenCancelled" type="wst:RequestedTokenCancelledType" />
|
|
<xs:complexType name="RequestedTokenCancelledType" />
|
|
<xs:element name="ValidateTarget" type="wst:ValidateTargetType" />
|
|
<xs:complexType name="ValidateTargetType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="1" maxOccurs="1" namespace="##other" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="Status" type="wst:StatusType" />
|
|
<xs:complexType name="StatusType">
|
|
<xs:sequence>
|
|
<xs:element name="Code" type="wst:StatusCodeOpenEnum" />
|
|
<xs:element minOccurs="0" name="Reason" type="xs:string" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:simpleType name="StatusCodeEnum">
|
|
<xs:restriction base="xs:anyURI">
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/invalid" />
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
<xs:simpleType name="StatusCodeOpenEnum">
|
|
<xs:union memberTypes="wst:StatusCodeEnum xs:anyURI" />
|
|
</xs:simpleType>
|
|
<xs:element name="SignChallenge" type="wst:SignChallengeType" />
|
|
<xs:element name="SignChallengeResponse" type="wst:SignChallengeType" />
|
|
<xs:complexType name="SignChallengeType">
|
|
<xs:sequence>
|
|
<xs:element ref="wst:Challenge" />
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##any" processContents="lax" />
|
|
</xs:complexType>
|
|
<xs:element name="Challenge" type="xs:string" />
|
|
<xs:element name="BinaryExchange" type="wst:BinaryExchangeType" />
|
|
<xs:complexType name="BinaryExchangeType">
|
|
<xs:simpleContent>
|
|
<xs:extension base="xs:string">
|
|
<xs:attribute name="ValueType" type="xs:anyURI" use="required" />
|
|
<xs:attribute name="EncodingType" type="xs:anyURI" use="required" />
|
|
<xs:anyAttribute namespace="##other" processContents="lax" />
|
|
</xs:extension>
|
|
</xs:simpleContent>
|
|
</xs:complexType>
|
|
<xs:element name="RequestKET" type="wst:RequestKETType" />
|
|
<xs:complexType name="RequestKETType" />
|
|
<xs:element name="KeyExchangeToken" type="wst:KeyExchangeTokenType" />
|
|
<xs:complexType name="KeyExchangeTokenType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="Authenticator" type="wst:AuthenticatorType" />
|
|
<xs:complexType name="AuthenticatorType">
|
|
<xs:sequence>
|
|
<xs:element minOccurs="0" ref="wst:CombinedHash" />
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="CombinedHash" type="xs:base64Binary" />
|
|
<xs:element name="OnBehalfOf" type="wst:OnBehalfOfType" />
|
|
<xs:complexType name="OnBehalfOfType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="Issuer" type="wsa:EndpointReferenceType" />
|
|
<xs:element name="AuthenticationType" type="xs:anyURI" />
|
|
<xs:element name="KeyType" type="wst:KeyTypeOpenEnum" />
|
|
<xs:simpleType name="KeyTypeEnum">
|
|
<xs:restriction base="xs:anyURI">
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey" />
|
|
<xs:enumeration value="http://docs.oasis-open.org/wssx/wstrust/200512/Bearer" />
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
<xs:simpleType name="KeyTypeOpenEnum">
|
|
<xs:union memberTypes="wst:KeyTypeEnum xs:anyURI" />
|
|
</xs:simpleType>
|
|
<xs:element name="KeySize" type="xs:unsignedInt" />
|
|
<xs:element name="SignatureAlgorithm" type="xs:anyURI" />
|
|
<xs:element name="EncryptionAlgorithm" type="xs:anyURI" />
|
|
<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" />
|
|
<xs:element name="ComputedKeyAlgorithm" type="xs:anyURI" />
|
|
<xs:element name="Encryption" type="wst:EncryptionType" />
|
|
<xs:complexType name="EncryptionType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="ProofEncryption" type="wst:ProofEncryptionType" />
|
|
<xs:complexType name="ProofEncryptionType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="UseKey" type="wst:UseKeyType" />
|
|
<xs:complexType name="UseKeyType">
|
|
<xs:sequence>
|
|
<xs:any minOccurs="0" namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
<xs:attribute name="Sig" type="xs:anyURI" use="optional" />
|
|
</xs:complexType>
|
|
<xs:element name="KeyWrapAlgorithm" type="xs:anyURI" />
|
|
<xs:element name="SignWith" type="xs:anyURI" />
|
|
<xs:element name="EncryptWith" type="xs:anyURI" />
|
|
<xs:element name="DelegateTo" type="wst:DelegateToType" />
|
|
<xs:complexType name="DelegateToType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:element name="Forwardable" type="xs:boolean" />
|
|
<xs:element name="Delegatable" type="xs:boolean" />
|
|
<xs:element name="Participants" type="wst:ParticipantsType" />
|
|
<xs:complexType name="ParticipantsType">
|
|
<xs:sequence>
|
|
<xs:element minOccurs="0" name="Primary" type="wst:ParticipantType" />
|
|
<xs:element minOccurs="0" maxOccurs="unbounded" name="Participant" type="wst:ParticipantType" />
|
|
<xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
<xs:complexType name="ParticipantType">
|
|
<xs:sequence>
|
|
<xs:any namespace="##any" processContents="lax" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:schema> |