2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The contents of this file are subject to the terms
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk of the Common Development and Distribution License
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk (the License). You may not use this file except in
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk compliance with the License.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk You can obtain a copy of the License at
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk https://opensso.dev.java.net/public/CDDLv1.0.html or
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk See the License for the specific language governing
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk permission and limitations under the License.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk When distributing Covered Code, include this CDDL
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Header Notice in each file and include the License file
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk If applicable, add the following below the CDDL Header,
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk with the fields enclosed by brackets [] replaced by
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk your own identifying information:
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk "Portions Copyrighted [year] [name of copyright owner]"
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk $Id: lib-arch-authentication-context.xsd,v 1.2 2008/06/25 05:48:40 qcheng Exp $
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk<xs:schema targetNamespace="urn:liberty:ac:2003-08"
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk xmlns="urn:liberty:ac:2003-08">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <!-- added to get the Extension element -->
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:include schemaLocation="lib-arch-utility.xsd"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The source code in this XSD file was excerpted verbatim from:
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Liberty Authentication Context Specification
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk 12 November 2003
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Copyright (c) 2003 Liberty Alliance participants, see
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk http://www.projectliberty.org/specs/idff_copyrights.html
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="AuthenticationContextStatement" type="AuthenticationContextStatementType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk A particular assertion on an identity
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk provider's part with respect to the authentication
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk context associated with an authentication assertion.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="Identification" type="IdentificationType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Refers to those characteristics that describe the processes and mechanisms
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk the Authentication Authority uses to initially create an association between a Principal
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk and the identity (or name) by which the Principal will be known
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that identification has been performed in a physical
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk face-to-face meeting with the principal and not in an online manner.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="TechnicalProtection" type="TechnicalProtectionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Refers to those characterstics that describe how the 'secret' (the knowledge or possession
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk of which allows the Principal to authenticate to the Authentication Authority) is kept secure
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates the types and strengths of facilities
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk of a UA used to protect a shared secret key from unauthorized access and/or use.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates the types and strengths of facilities
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk of a UA used to protect a private key from unauthorized access and/or use.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="KeyActivation" type="KeyActivationType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:documentation>The actions that must be performed before the private key can be used. </xs:documentation>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="KeySharing" type="KeySharingType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:documentation>Whether or not the private key is shared with the certificate authority.</xs:documentation>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="KeyStorage" type="KeyStorageType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk In which medium is the key stored.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk memory - the key is stored in memory.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk smartcard - the key is stored in a smartcard.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk token - the key is stored in a hardware token.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk MobileDevice - the key is stored in a mobile device.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk MobileAuthCard - the key is stored in a mobile authentication card.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="Password" type="PasswordType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that a password (or passphrase) has been used to
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk authenticate the Principal to a remote system.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="ActivationPin" type="ActivationPinType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that a Pin (Personal Identification Number) has been used to authenticate the Principal to some local system in order to activate a key.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that a hardware or software token is used
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk as a method of identifying the Principal.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="TimeSyncToken" type="TimeSyncTokenType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that a time synchronization
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk token is used to identify the Principal. hardware - the time synchonization
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk token has been implemented in hardware. software - the time synchronization
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk token has been implemented in software. SeedLength - the length, in bits, of the
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk random seed used in the time synchronization token.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that a smartcard is used to identity the Principal.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates the minimum and/or maximum ASCII length of the password which is enforced (by the UA or the IdP). In other words, this is the minimum and/or maximum number of ASCII characters required to represent a valid password.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk min - the minimum number of ASCII characters required in a valid password, as enforced by the UA or the IdP.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk max - the maximum number of ASCII characters required in a valid password, as enforced by the UA or the IdP.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="ActivationLimit" type="ActivationLimitType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates the length of time for which an PIN-based authentication is valid.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Indicates whether the password was chosen by the Principal or auto-supplied by the Authentication Authority.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk principalchosen - the Principal is allowed to choose the value of the password. This is true even if
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk the initial password is chosen at random by the UA or the IdP and the Principal is then free to change
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk the password.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk automatic - the password is chosen by the UA or the IdP to be cryptographically strong in some sense,
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk or to satisfy certain password rules, and that the Principal is not free to change it or to choose a new password.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="AuthenticationMethod" type="AuthenticationMethodType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Refers to those characteristics that define the mechanisms by which the Principal authenticates to the Authentication Authority.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The method that a Principal employs to perform authentication to local system components.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="Authenticator" type="AuthenticatorType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The method applied to validate a principal's authentication across a network
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Indicates that the Principal has been strongly authenticated in a previous session during which the IdP has set a cookie in the UA. During the present session the Principal has only been authenticated by the UA returning the cookie to the IdP.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Rather like PreviousSession but using stronger security. A secret that was established in a previous session with the Authentication Authority has been cached by the local system and is now re-used (e.g. a Master Secret is used to derive new session keys in TLS, SSL, WTLS).
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Principal has been authenticated by a zero knowledge technique as specified in ISO/IEC 9798-5.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="SharedSecretChallengeResponse">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Principal has been authenticated by a challenge-response protocol utilizing shared secret keys and symmetric cryptography.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Principal has been authenticated by a mechanism which involves the Principal computing a digital signature over at least challenge data provided by the IdP.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Principal has been authenticated through connection from a particular IP address.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The local system has a private key but it is used in decryption mode, rather than signature mode. For example, the Authentication Authority generates a secret and encrypts it using the local system's public key: the local system then proves it has decrypted the secret.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The local system has a private key and uses it for shared secret key agreement with the Authentication Authority (e.g. via Diffie Helman).
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="SharedSecretDynamicPlaintext">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The local system and Authentication Authority share a secret key. The local system uses this to encrypt a randomised string to pass to the Authentication Authority.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="AuthenticatorTransportProtocol" type="AuthenticatorTransportProtocolType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The protocol across which Authenticator information is transferred to an Authentication Authority verifier.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Authenticator has been transmitted using bare HTTP utilizing no additional security protocols.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Authenticator has been transmitted using a transport mechanism protected by an IPSEC session.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Authenticator has been transmitted using a transport mechanism protected by a WTLS session.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Authenticator has been transmitted solely across a mobile network using no additional security mechanism.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="MobileNetworkRadioEncryption">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="MobileNetworkEndToEndEncryption">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Authenticator has been transmitted using a transport mechnanism protected by an SSL or TLS session.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="OperationalProtection" type="OperationalProtectionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Refers to those characteristics that describe procedural security controls employed by the Authentication Authority.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="SecurityAudit" type="SecurityAuditType"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="GoverningAgreements" type="GoverningAgreementsType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk Provides a mechanism for linking to external (likely human readable) documents in which additional business agreements,(e.g. liability constraints, obligations, etc) can be placed.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="GoverningAgreementRef" type="GoverningAgreementRefType"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="AuthenticatingAuthority" type="AuthenticatingAuthorityType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk The Authority that originally authenticated the Principal.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="PhysicalVerification" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="WrittenConsent" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This attribute indicates whether or not the Identification mechanisms allow the actions of the Principal to be linked to an actual end user.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="GoverningAgreementRef" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="GoverningAgreementRefType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="governingAgreementRef" type="xs:anyURI" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="AuthenticatingAuthorityType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="ID" type="xs:anyURI" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="AuthenticatorTransportProtocolType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="MobileNetworkRadioEncryption"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="MobileNetworkEndToEndEncryption"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="PrincipalAuthenticationMechanismType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="AuthenticationMethodType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="AuthenticationContextStatementType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Identification" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="TechnicalProtection" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="OperationalProtection" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="AuthenticationMethod" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="GoverningAgreements" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="AuthenticatingAuthority" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="PrivateKeyProtection" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="SecretKeyProtection" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="OperationalProtectionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="DeactivationCallCenter" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="SharedSecretChallengeResponse"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="SharedSecretDynamicPlaintext"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="sharing" type="xs:boolean" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="PrivateKeyProtectionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="ActivationLimit" minOccurs="0"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="Alphabet" type="AlphabetType"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="requiredChars" type="xs:string" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="excludedChars" type="xs:string" use="optional"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="case" type="xs:string" use="optional"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="SeedLength" type="xs:integer" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="DeviceInHand" use="required">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="ActivationLimitDuration" type="ActivationLimitDurationType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Key Activation Limit is defined as a specific duration of time.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="ActivationLimitUsages" type="ActivationLimitUsagesType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Key Activation Limit is defined as a number of usages.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element name="ActivationLimitSession" type="ActivationLimitSessionType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk This element indicates that the Key Activation Limit is the session.
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="ActivationLimitDurationType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="duration" type="xs:duration" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="ActivationLimitUsagesType">
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="number" type="xs:integer" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:complexType name="ActivationLimitSessionType"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="min" type="xs:integer" use="required"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:attribute name="max" type="xs:integer" use="optional"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" maxOccurs="unbounded"/>
2a9ee4116a7df31d9482821f64c837315c8e2aa0jeff.schenk <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>