<?xml version="1.0" encoding="utf-8"?>
<!--
Copyright Notice
(c) 2001-2005 Actional Corporation, BEA Systems, Inc.,
Computer Associates International, Inc., International Business Machines Corporation,
Layer 7 Technologies, Microsoft Corporation, Netegrity, Inc., Oblix Inc.,
OpenNetwork Technologies Inc., Ping Identity Corporation, Reactivity Inc.,
RSA Security Inc., and VeriSign Inc.
All rights reserved.
Permission to copy and display the WS-Trust Specification (the "Specification", which
includes WSDL and schema documents), in any medium without fee or royalty
is hereby granted, provided that you include the following on ALL copies of the
Specification, that you make:
1. A link or URL to the Specification at one of the Authors' websites
2. The copyright notice as shown in the Specification.
IBM, Microsoft and Actional, BEA, Computer Associates, Layer 7, Netegrity, Oblix,
OpenNetwork, Ping Identity, Reactivity, and Verisign (collectively, the "Authors") each
agree to grant you a license, under royalty-free and otherwise reasonable,
non-discriminatory terms and conditions, to their respective essential patent claims
that they deem necessary to implement the Specification.
THE SPECIFICATION IS PROVIDED "AS IS," AND THE AUTHORS MAKE
NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF
THE SPECIFICATION ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE
IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY
PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO ANY
USE OR DISTRIBUTION OF THE SPECIFICATION.
The name and trademarks of the Authors may NOT be used in any manner,
including advertising or publicity pertaining to the Specification or
its contents without specific, written prior permission. Title to
copyright in the Specification will at all times remain with the Authors.
No other rights are granted by implication, estoppel or otherwise.
-->
xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'
xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/08/addressing'
xmlns:wst='http://schemas.xmlsoap.org/ws/2005/02/trust'
targetNamespace='http://schemas.xmlsoap.org/ws/2005/02/trust'
elementFormDefault='qualified' >
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
schemaLocation='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' />
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
schemaLocation='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' />
schemaLocation='http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd' />
schemaLocation='http://schemas.xmlsoap.org/ws/2004/08/addressing/' />
<!-- WS-Trust Section 5.1 -->
<xs:element name='RequestSecurityToken' type='wst:RequestSecurityTokenType' />
<xs:complexType name='RequestSecurityTokenType' >
<xs:annotation>
<xs:documentation>
Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
<xs:element ref='wst:TokenType' minOccurs='0' />
<xs:element ref='wst:RequestType' />
<xs:element ref='wsp:AppliesTo' minOccurs='0' />
<xs:element ref='wst:Claims' minOccurs='0' />
<xs:element ref='wst:Entropy' minOccurs='0' />
<xs:element ref='wst:Lifetime' minOccurs='0' />
<xs:element ref='wst:AllowPostdating' minOccurs='0' />
<xs:element ref='wst:Renewing' minOccurs='0' />
<xs:element ref='wst:OnBehalfOf' minOccurs='0' />
<xs:element ref='wst:Issuer' minOccurs='0' />
<xs:element ref='wst:AuthenticationType' minOccurs='0' />
<xs:element ref='wst:KeyType' minOccurs='0' />
<xs:element ref='wst:KeySize' minOccurs='0' />
<xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
<xs:element ref='wst:Encryption' minOccurs='0' />
<xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' />
<xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
<xs:element ref='wst:ProofEncryption' minOccurs='0' />
<xs:element ref='wst:UseKey' minOccurs='0' />
<xs:element ref='wst:SignWith' minOccurs='0' />
<xs:element ref='wst:EncryptWith' minOccurs='0' />
<xs:element ref='wst:DelegateTo' minOccurs='0' />
<xs:element ref='wst:Forwardable' minOccurs='0' />
<xs:element ref='wst:Delegatable' minOccurs='0' />
<xs:element ref='wsp:Policy' minOccurs='0' />
<xs:element ref='wsp:PolicyReference' minOccurs='0' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='Context' type='xs:anyURI' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='TokenType' type='xs:anyURI' />
<xs:element name='RequestType' type='wst:RequestTypeOpenEnum' />
<xs:simpleType name='RequestTypeOpenEnum' >
<xs:union memberTypes='wst:RequestTypeEnum xs:anyURI' />
</xs:simpleType>
<xs:simpleType name='RequestTypeEnum' >
<xs:restriction base='xs:anyURI' >
</xs:restriction>
</xs:simpleType>
<!-- WS-Trust Section 5.2 -->
<xs:element name='RequestSecurityTokenResponse' type='wst:RequestSecurityTokenResponseType' />
<xs:complexType name='RequestSecurityTokenResponseType' >
<xs:annotation>
<xs:documentation>
Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
<xs:element ref='wst:TokenType' minOccurs='0' />
<xs:element ref='wst:RequestType' />
<xs:element ref='wst:RequestedSecurityToken' minOccurs='0' />
<xs:element ref='wsp:AppliesTo' minOccurs='0' />
<xs:element ref='wst:RequestedAttachedReference' minOccurs='0' />
<xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' />
<xs:element ref='wst:RequestedProofToken' minOccurs='0' />
<xs:element ref='wst:Entropy' minOccurs='0' />
<xs:element ref='wst:Lifetime' minOccurs='0' />
<xs:element ref='wst:Status' minOccurs='0' />
<xs:element ref='wst:AllowPostdating' minOccurs='0' />
<xs:element ref='wst:Renewing' minOccurs='0' />
<xs:element ref='wst:OnBehalfOf' minOccurs='0' />
<xs:element ref='wst:Issuer' minOccurs='0' />
<xs:element ref='wst:AuthenticationType' minOccurs='0' />
<xs:element ref='wst:Authenticator' minOccurs='0' />
<xs:element ref='wst:KeyType' minOccurs='0' />
<xs:element ref='wst:KeySize' minOccurs='0' />
<xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
<xs:element ref='wst:Encryption' minOccurs='0' />
<xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' />
<xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
<xs:element ref='wst:ProofEncryption' minOccurs='0' />
<xs:element ref='wst:UseKey' minOccurs='0' />
<xs:element ref='wst:SignWith' minOccurs='0' />
<xs:element ref='wst:EncryptWith' minOccurs='0' />
<xs:element ref='wst:DelegateTo' minOccurs='0' />
<xs:element ref='wst:Forwardable' minOccurs='0' />
<xs:element ref='wst:Delegatable' minOccurs='0' />
<xs:element ref='wsp:Policy' minOccurs='0' />
<xs:element ref='wsp:PolicyReference' minOccurs='0' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='Context' type='xs:anyURI' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='RequestedSecurityToken' type='wst:RequestedSecurityTokenType' />
<xs:complexType name='RequestedSecurityTokenType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 5.3 -->
<xs:element name='BinarySecret' type='wst:BinarySecretType' />
<xs:complexType name='BinarySecretType' >
<xs:simpleContent>
<xs:extension base='xs:base64Binary' >
<xs:attribute name='Type' type='wst:BinarySecretTypeOpenEnum' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name='BinarySecretTypeEnum' >
<xs:restriction base='xs:anyURI' >
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='BinarySecretTypeOpenEnum' >
<xs:union memberTypes='wst:BinarySecretTypeEnum xs:anyURI' />
</xs:simpleType>
<!-- WS-Trust Section 6.1 -->
<xs:element name='Claims' type='wst:ClaimsType' />
<xs:complexType name='ClaimsType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:attribute name='Dialect' type='xs:anyURI' use='optional' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='Entropy' type='wst:EntropyType' />
<xs:complexType name='EntropyType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<xs:element name='Lifetime' type='wst:LifetimeType' />
<xs:complexType name='LifetimeType' >
<xs:sequence>
<xs:element ref='wsu:Created' minOccurs='0' />
<xs:element ref='wsu:Expires' minOccurs='0' />
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 6.2 -->
<xs:element name='ComputedKey' type='wst:ComputedKeyOpenEnum' />
<xs:simpleType name='ComputedKeyEnum' >
<xs:restriction base='xs:anyURI' >
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='ComputedKeyOpenEnum' >
<xs:union memberTypes='wst:ComputedKeyEnum xs:anyURI' />
</xs:simpleType>
<xs:element name='RequestedAttachedReference' type='wst:RequestedReferenceType' />
<xs:element name='RequestedUnattachedReference' type='wst:RequestedReferenceType' />
<xs:complexType name='RequestedReferenceType' >
<xs:sequence>
<xs:element ref='wsse:SecurityTokenReference' />
</xs:sequence>
</xs:complexType>
<xs:element name='RequestedProofToken' type='wst:RequestedProofTokenType' />
<xs:complexType name='RequestedProofTokenType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 6.3 -->
<xs:element name='RequestSecurityTokenResponseCollection' type='wst:RequestSecurityTokenResponseCollectionType' />
<xs:complexType name='RequestSecurityTokenResponseCollectionType' >
<xs:sequence>
<xs:element ref='wst:RequestSecurityTokenResponse' minOccurs='1' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:complexType>
<!-- WS-Trust Section 6.4 -->
<xs:element name='IssuedTokens' type='wst:RequestSecurityTokenResponseCollectionType' />
<!-- WS-Trust Section 7 -->
<xs:element name='RenewTarget' type='wst:RenewTargetType' />
<xs:complexType name='RenewTargetType' >
<xs:sequence>
<xs:any namespace='##other' minOccurs='1' maxOccurs='1' />
</xs:sequence>
</xs:complexType>
<xs:element name='AllowPostdating' type='wst:AllowPostdatingType' />
<xs:complexType name='AllowPostdatingType' />
<xs:element name='Renewing' type='wst:RenewingType' />
<xs:complexType name='RenewingType' >
<xs:attribute name='Allow' type='xs:boolean' use='optional' />
<xs:attribute name='OK' type='xs:boolean' use='optional' />
</xs:complexType>
<!-- WS-Trust Section 8 -->
<xs:element name='CancelTarget' type='wst:CancelTargetType' />
<xs:complexType name='CancelTargetType' >
<xs:sequence>
<xs:any namespace='##other' minOccurs='1' maxOccurs='1' />
</xs:sequence>
</xs:complexType>
<xs:element name='RequestedTokenCancelled' type='wst:RequestedTokenCancelledType' />
<xs:complexType name='RequestedTokenCancelledType' />
<!-- WS-Trust Section 9 -->
<xs:element name='Status' type='wst:StatusType' />
<xs:complexType name='StatusType' >
<xs:sequence>
<xs:element name='Code' type='wst:StatusCodeOpenEnum' />
<xs:element name='Reason' type='xs:string' minOccurs='0' />
</xs:sequence>
</xs:complexType>
<xs:simpleType name='StatusCodeEnum' >
<xs:restriction base='xs:anyURI' >
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='StatusCodeOpenEnum' >
<xs:union memberTypes='wst:StatusCodeEnum xs:anyURI' />
</xs:simpleType>
<!-- WS-Trust Section 10.2 -->
<xs:element name='SignChallenge' type='wst:SignChallengeType' />
<xs:element name='SignChallengeResponse' type='wst:SignChallengeType' />
<xs:complexType name='SignChallengeType' >
<xs:sequence>
<xs:element ref='wst:Challenge' />
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
<xs:anyAttribute namespace='##any' processContents='lax' />
</xs:complexType>
<xs:element name='Challenge' type='xs:string'/>
<!-- WS-Trust Section 10.3 -->
<xs:element name='BinaryExchange' type='wst:BinaryExchangeType' />
<xs:complexType name='BinaryExchangeType' >
<xs:simpleContent>
<xs:extension base='xs:string' >
<xs:attribute name='ValueType' type='xs:anyURI' use='required' />
<xs:attribute name='EncodingType' type='xs:anyURI' use='required' />
<xs:anyAttribute namespace='##other' processContents='lax' />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- WS-Trust Section 10.4 -->
<xs:element name='RequestKET' type='wst:RequestKETType' />
<xs:complexType name='RequestKETType' />
<xs:element name='KeyExchangeToken' type='wst:KeyExchangeTokenType' />
<xs:complexType name='KeyExchangeTokenType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
</xs:complexType>
<!-- WS-Trust Section 10.9 -->
<xs:element name='Authenticator' type='wst:AuthenticatorType' />
<xs:complexType name='AuthenticatorType' >
<xs:sequence>
<xs:element ref='wst:CombinedHash' minOccurs='0' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
</xs:complexType>
<xs:element name='CombinedHash' type='xs:base64Binary' />
<!-- WS-Trust Section 11.1 -->
<xs:element name='OnBehalfOf' type='wst:OnBehalfOfType' />
<xs:complexType name='OnBehalfOfType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
<xs:element name='Issuer' type='wsa:EndpointReferenceType' />
<!-- WS-Trust Section 11.2 -->
<xs:element name='AuthenticationType' type='xs:anyURI' />
<xs:element name='KeyType' type='wst:KeyTypeOpenEnum' />
<xs:simpleType name='KeyTypeEnum' >
<xs:restriction base='xs:anyURI' >
</xs:restriction>
</xs:simpleType>
<xs:simpleType name='KeyTypeOpenEnum' >
<xs:union memberTypes='wst:KeyTypeEnum xs:anyURI' />
</xs:simpleType>
<xs:element name='KeySize' type='xs:unsignedInt' />
<xs:element name='SignatureAlgorithm' type='xs:anyURI' />
<xs:element name='EncryptionAlgorithm' type='xs:anyURI' />
<xs:element name='CanonicalizationAlgorithm' type='xs:anyURI' />
<xs:element name='ComputedKeyAlgorithm' type='xs:anyURI' />
<xs:element name='Encryption' type='wst:EncryptionType' />
<xs:complexType name='EncryptionType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
<xs:element name='ProofEncryption' type='wst:ProofEncryptionType' />
<xs:complexType name='ProofEncryptionType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
<xs:element name='UseKey' type='wst:UseKeyType' />
<xs:complexType name='UseKeyType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' minOccurs='0' />
</xs:sequence>
<xs:attribute name='Sig' type='xs:anyURI' use='optional' />
</xs:complexType>
<xs:element name='SignWith' type='xs:anyURI' />
<xs:element name='EncryptWith' type='xs:anyURI' />
<!-- WS-Trust Section 11.3 -->
<xs:element name='DelegateTo' type='wst:DelegateToType' />
<xs:complexType name='DelegateToType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
<xs:element name='Forwardable' type='xs:boolean' />
<xs:element name='Delegatable' type='xs:boolean' />
<!-- WS-Trust Section 11.5 -->
<xs:element name='Participants' type='wst:ParticipantsType' />
<xs:complexType name='ParticipantsType' >
<xs:sequence>
<xs:element name='Primary' type='wst:ParticipantType' minOccurs='0' />
<xs:element name='Participant' type='wst:ParticipantType' minOccurs='0' maxOccurs='unbounded' />
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
</xs:sequence>
</xs:complexType>
<xs:complexType name='ParticipantType' >
<xs:sequence>
<xs:any namespace='##any' processContents='lax' />
</xs:sequence>
</xs:complexType>
</xs:schema>