<?xml version="1.0" encoding="UTF-8" ?>
<!--
Copyright Notice
(c) 2001-2006 BEA Systems, Inc., BMC Software, CA, Inc.,
International Business Machines Corporation, Layer 7 Technologies,
Microsoft Corporation, Inc., Novell, Inc. and VeriSign, Inc. All
rights reserved.
Permission to copy, display, perform, modify and distribute
WS-FEDERATION.XSD (the "Document"), and to authorize others
to do the foregoing, in any medium without fee or royalty is hereby
granted for the purpose of developing and evaluating the Document.
BEA Systems, BMC Software, CA Inc., IBM, Layer 7 Technologies,
Microsoft, Novell and VeriSign (collectively, the "Authors") each
agree to grant a license to third parties, under royalty-free and
otherwise reasonable, non-discriminatory terms and conditions, to
their respective essential patent claims that they deem necessary
to implement the Document.
THE DOCUMENT IS PROVIDED "AS IS," AND THE AUTHORS MAKE NO
REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS
OF THE DOCUMENT IS SUITABLE FOR ANY PURPOSE; NOR THAT THE
IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY
PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE
DOCUMENT OR THE PERFORMANCE OR IMPLEMENTATION OF THE CONTENTS
THEREOF.
You may remove these disclaimers from your modified versions of the
Document provided that you effectively disclaim all warranties and
liabilities on behalf of all copyright holders in the copies of any
such modified versions you distribute.
The name and trademarks of the Authors may NOT be used in any manner,
including advertising or publicity pertaining to the Document or its
contents without specific, written prior permission. Title to
copyright in the Document will at all times remain with the
Authors.
No other rights are granted by implication, estoppel or otherwise.
-->
<xs:schema xmlns:xs='http://www.w3.org/2001/XMLSchema'
xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512'
xmlns:tns='http://schemas.xmlsoap.org/ws/2006/12/federation'
xmlns:wsa='http://www.w3.org/2005/08/addressing'
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
targetNamespace='http://schemas.xmlsoap.org/ws/2006/12/federation'
elementFormDefault='qualified' >
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
schemaLocation='oasis-200401-wss-wssecurity-secext-1.0.xsd' />
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
schemaLocation='oasis-200401-wss-wssecurity-utility-1.0.xsd' />
<xs:import namespace='http://www.w3.org/2005/08/addressing'
schemaLocation='ws-addr.xsd' />
<xs:import namespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512'
schemaLocation='ws-securitypolicy-1.2.xsd'/>
<!-- Section 3.1 -->
<xs:element name='FederationMetadata' type='tns:FederationMetadataType' />
<xs:complexType name='FederationMetadataType' >
<xs:sequence>
<!--
*** Accurate content model is nondeterministic ***
<xs:element name='Federation' type='tns:FederationType' minOccurs='1' maxOccurs='unbounded' />
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
-->
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- PAT - as far as I can see, we need this! -->
<xs:element name='Federation' type='tns:FederationType' />
<xs:complexType name='FederationType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='FederationID' type='xs:anyURI' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 3.1.2 -->
<xs:element name='TokenSigningKeyInfo' type='tns:TokenKeyInfoType' />
<xs:complexType name='TokenKeyInfoType' >
<xs:sequence>
<xs:element ref='wsse:SecurityTokenReference' minOccurs='1' maxOccurs='1' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 3.1.3 -->
<xs:element name='TokenKeyTransferKeyInfo' type='tns:TokenKeyInfoType' />
<!-- Section 3.1.4 -->
<xs:element name='IssuerNamesOffered' type='tns:IssuerNamesOfferedType' />
<xs:complexType name='IssuerNamesOfferedType' >
<xs:sequence>
<xs:element name='IssuerName' type='tns:IssuerNameType' minOccurs='1' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='IssuerNameType' >
<xs:attribute name='Uri' type='xs:anyURI' use='required' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 3.1.5 -->
<xs:element name='TokenIssuerName' type='tns:AttributeExtensibleURI' />
<xs:complexType name='AttributeExtensibleURI' >
<xs:simpleContent>
<xs:extension base='xs:anyURI' >
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- Section 3.1.6 -->
<xs:element name='TokenIssuerEndpoint' type='wsa:EndpointReferenceType' />
<!-- Section 3.1.7 -->
<xs:element name='PsuedonymServiceEndpoint' type='wsa:EndpointReferenceType' />
<!-- Section 3.1.8 -->
<xs:element name='AttributeServiceEndpoint' type='wsa:EndpointReferenceType' />
<!-- Section 3.1.9 -->
<xs:element name='SingleSignOutSubscriptionEndpoint' type='wsa:EndpointReferenceType' />
<!-- Section 3.1.10 -->
<xs:element name='SingleSignOutNotificationEndpoint' type='wsa:EndpointReferenceType' />
<!-- Section 3.1.11 -->
<xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />
<xs:complexType name='TokenTypesOfferedType' >
<xs:sequence>
<xs:element name='TokenType' type='tns:TokenType' minOccurs='1' maxOccurs='unbounded' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='TokenType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='Uri' type='xs:anyURI' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 3.1.12 -->
<xs:element name='UriNamedClaimTypesOffered' type='tns:UriNamedClaimTypesOfferedType' />
<xs:complexType name='UriNamedClaimTypesOfferedType'>
<xs:sequence>
<xs:element name='ClaimType' type='tns:ClaimType' minOccurs='1' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='ClaimType' >
<xs:sequence>
<xs:element name='DisplayName' type='tns:DisplayNameType' minOccurs='0' maxOccurs='1' />
<xs:element name='Description' type='tns:DescriptionType' minOccurs='0' maxOccurs='1' />
<!-- Surely the 'any' here should be optional? -->
<!-- <xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='unbounded' /> -->
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='Uri' type='xs:anyURI' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='DisplayNameType' >
<xs:simpleContent>
<xs:extension base='xs:string' >
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name='DescriptionType' >
<xs:simpleContent>
<xs:extension base='xs:string' >
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- Section 3.1.13 -->
<xs:element name='AutomaticPseudonyms' type='xs:boolean' />
<!-- Section 3.2.4 -->
<xs:element name='FederationMetadataHandler' type='tns:FederationMetadataHandlerType' />
<xs:complexType name='FederationMetadataHandlerType' >
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 4.1 -->
<xs:element name='SignOut' type='tns:SignOutType' />
<xs:complexType name='SignOutType' >
<xs:sequence>
<xs:element ref='tns:Realm' minOccurs='0' />
<xs:element name='SignOutBasis' type='tns:SignOutBasisType' minOccurs='1' maxOccurs='1' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute ref='wsu:Id' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='SignOutBasisType' >
<xs:sequence>
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 4.2 -->
<xs:element name='Realm' type='xs:anyURI' />
<!-- Section 6.1 -->
<xs:element name='FilterPseudonyms' type='tns:FilterPseudonymsType' />
<xs:complexType name='FilterPseudonymsType' >
<xs:sequence>
<xs:element ref='tns:PseudonymBasis' minOccurs='0' maxOccurs='1' />
<xs:element ref='tns:RelativeTo' minOccurs='0' maxOccurs='1' />
<xs:any namespace='##other' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='PseudonymBasis' type='tns:PseudonymBasisType' />
<xs:complexType name='PseudonymBasisType' >
<xs:sequence>
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='RelativeTo' type='tns:RelativeToType' />
<xs:complexType name='RelativeToType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 6.2 -->
<xs:element name='Pseudonym' type='tns:PseudonymType' />
<xs:complexType name='PseudonymType' >
<xs:sequence>
<!--
*** Accurate content model is nondeterministic ***
<xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
<xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
<xs:element ref='wsu:Expires' minOccurs='0' maxOccurs='1' />
<xs:element ref='tns:SecurityToken' minOccurs='0' maxOccurs='unbounded' />
<xs:element ref='tns:ProofToken' minOccurs='0' maxOccurs='unbounded' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
-->
<xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
<xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='SecurityToken' type='tns:SecurityTokenType' />
<xs:complexType name='SecurityTokenType' >
<xs:sequence>
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='ProofToken' type='tns:ProofTokenType' />
<xs:complexType name='ProofTokenType' >
<xs:sequence>
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 7.1 -->
<xs:element name='RequestPseudonym' type='tns:RequestPseudonymType' />
<xs:complexType name='RequestPseudonymType' >
<xs:sequence>
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='SingleUse' type='xs:boolean' use='optional' />
<xs:attribute name='Lookup' type='xs:boolean' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 8.1 -->
<xs:element name='ReferenceToken' type='tns:ReferenceTokenType' />
<xs:complexType name='ReferenceTokenType'>
<xs:sequence>
<xs:element name='ReferenceEPR' type='wsa:EndpointReferenceType' minOccurs='1' maxOccurs='unbounded' />
<xs:element name='ReferenceDigest' type='tns:ReferenceDigestType' minOccurs='0' maxOccurs='1' />
<xs:element name='ReferenceType' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
<xs:element name='SerialNo' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='ReferenceDigestType' >
<xs:simpleContent>
<xs:extension base='xs:base64Binary' >
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- Section 8.2 -->
<xs:element name='FederationID' type='tns:AttributeExtensibleURI' />
<!-- Section 8.3 -->
<xs:element name='RequestProofToken' type='tns:RequestProofTokenType' />
<xs:complexType name='RequestProofTokenType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 8.4 -->
<xs:element name='ClientPseudonym' type='tns:ClientPseudonymType' />
<xs:complexType name='ClientPseudonymType' >
<xs:sequence>
<xs:element name='PPID' type='tns:AttributeExtensibleString' minOccurs='0' />
<xs:element name='DisplayName' type='tns:AttributeExtensibleString' minOccurs='0' />
<xs:element name='EMail' type='tns:AttributeExtensibleString' minOccurs='0' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:complexType name='AttributeExtensibleString' >
<xs:simpleContent>
<xs:extension base='xs:string' >
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- Section 8.5 -->
<xs:element name='Freshness' type='tns:Freshness' />
<xs:complexType name='Freshness'>
<xs:simpleContent>
<xs:extension base='xs:unsignedInt' >
<xs:attribute name='AllowCache' type='xs:boolean' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- Section 14.1 -->
<xs:element name='RequireReferenceToken' type='sp:TokenAssertionType' />
<xs:element name='ReferenceToken11' type='tns:AssertionType' />
<xs:complexType name='AssertionType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- Section 14.2 -->
<xs:element name='WebBinding' type='sp:NestedPolicyType' />
<xs:element name='AuthenticationToken' type='sp:NestedPolicyType' />
<!-- ReferenceToken defined above -->
<xs:element name='RequireSignedTokens' type='tns:AssertionType' />
<xs:element name='RequireBearerTokens' type='tns:AssertionType' />
<xs:element name='RequireSharedCookies' type='tns:AssertionType' />
<!-- Section 14.3 -->
<xs:element name='RequiresGenericClaimDialect' type='tns:AssertionType' />
<xs:element name='IssuesSpecificPolicyFault' type='tns:AssertionType' />
<xs:element name='AdditionalContextProcessed' type='tns:AssertionType' />
</xs:schema>