📄 liberty-authentication-context-v1.3.xsd
字号:
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:liberty:ac:2003-08"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:liberty:ac:2003-08">
<!-- added to get the Extension element -->
<xs:include schemaLocation="liberty-utility-v1.1.xsd"/>
<xs:annotation>
<xs:documentation> ### IMPORTANT NOTICE ###
The source code in this XSD file was excerpted verbatim from:
Liberty Authentication Context Specification
Version 1.3
14 December 2004
Copyright (c) 2004 Liberty Alliance participants, see
http://www.projectliberty.org/specs/idwsf_1_1_copyrights.php
</xs:documentation>
</xs:annotation>
<xs:element name="AuthenticationContextStatement" type="AuthenticationContextStatementType">
<xs:annotation>
<xs:documentation>
A particular assertion on an identity
provider's part with respect to the authentication
context associated with an authentication assertion.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Identification" type="IdentificationType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that describe the processes and mechanisms
the Authentication Authority uses to initially create an association between a Principal
and the identity (or name) by which the Principal will be known
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PhysicalVerification">
<xs:annotation>
<xs:documentation>
This element indicates that identification has been performed in a physical
face-to-face meeting with the principal and not in an online manner.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="credentialLevel">
<xs:simpleType>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="primary"/>
<xs:enumeration value="secondary"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="WrittenConsent">
<xs:complexType>
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="TechnicalProtection" type="TechnicalProtectionType">
<xs:annotation>
<xs:documentation>
Refers to those characterstics that describe how the 'secret' (the knowledge or possession
of which allows the Principal to authenticate to the Authentication Authority) is kept secure
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="SecretKeyProtection" type="SecretKeyProtectionType">
<xs:annotation>
<xs:documentation>
This element indicates the types and strengths of facilities
of a UA used to protect a shared secret key from unauthorized access and/or use.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PrivateKeyProtection" type="PrivateKeyProtectionType">
<xs:annotation>
<xs:documentation>
This element indicates the types and strengths of facilities
of a UA used to protect a private key from unauthorized access and/or use.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeyActivation" type="KeyActivationType">
<xs:annotation>
<xs:documentation>The actions that must be performed before the private key can be used. </xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeySharing" type="KeySharingType">
<xs:annotation>
<xs:documentation>Whether or not the private key is shared with the certificate authority.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="KeyStorage" type="KeyStorageType">
<xs:annotation>
<xs:documentation>
In which medium is the key stored.
memory - the key is stored in memory.
smartcard - the key is stored in a smartcard.
token - the key is stored in a hardware token.
MobileDevice - the key is stored in a mobile device.
MobileAuthCard - the key is stored in a mobile authentication card.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Password" type="PasswordType">
<xs:annotation>
<xs:documentation>
This element indicates that a password (or passphrase) has been used to
authenticate the Principal to a remote system.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationPin" type="ActivationPinType">
<xs:annotation>
<xs:documentation>
This element indicates that a Pin (Personal Identification Number) has been used to authenticate the Principal to some local system in order to activate a key.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Token" type="TokenType">
<xs:annotation>
<xs:documentation>
This element indicates that a hardware or software token is used
as a method of identifying the Principal.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="TimeSyncToken" type="TimeSyncTokenType">
<xs:annotation>
<xs:documentation>
This element indicates that a time synchronization
token is used to identify the Principal. hardware - the time synchronization
token has been implemented in hardware. software - the time synchronization
token has been implemented in software. SeedLength - the length, in bits, of the
random seed used in the time synchronization token.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Smartcard">
<xs:annotation>
<xs:documentation>
This element indicates that a smartcard is used to identity the Principal.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Length" type="LengthType">
<xs:annotation>
<xs:documentation>
This element indicates the minimum and/or maximum ASCII length of the password which is enforced (by the UA or the IdP). In other words, this is the minimum and/or maximum number of ASCII characters required to represent a valid password.
min - the minimum number of ASCII characters required in a valid password, as enforced by the UA or the IdP.
max - the maximum number of ASCII characters required in a valid password, as enforced by the UA or the IdP.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ActivationLimit" type="ActivationLimitType">
<xs:annotation>
<xs:documentation>
This element indicates the length of time for which an PIN-based authentication is valid.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Generation">
<xs:annotation>
<xs:documentation>
Indicates whether the password was chosen by the Principal or auto-supplied by the Authentication Authority.
principalchosen - the Principal is allowed to choose the value of the password. This is true even if
the initial password is chosen at random by the UA or the IdP and the Principal is then free to change
the password.
automatic - the password is chosen by the UA or the IdP to be cryptographically strong in some sense,
or to satisfy certain password rules, and that the Principal is not free to change it or to choose a new password.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="mechanism" use="required">
<xs:simpleType>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="principalchosen"/>
<xs:enumeration value="automatic"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="AuthenticationMethod" type="AuthenticationMethodType">
<xs:annotation>
<xs:documentation>
Refers to those characteristics that define the mechanisms by which the Principal authenticates to the Authentication Authority.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PrincipalAuthenticationMechanism" type="PrincipalAuthenticationMechanismType">
<xs:annotation>
<xs:documentation>
The method that a Principal employs to perform authentication to local system components.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Authenticator" type="AuthenticatorType">
<xs:annotation>
<xs:documentation>
The method applied to validate a principal's authentication across a network
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="PreviousSession">
<xs:annotation>
<xs:documentation>
Indicates that the Principal has been strongly authenticated in a previous session during which the IdP has set a cookie in the UA. During the present session the Principal has only been authenticated by the UA returning the cookie to the IdP.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="ResumeSession">
<xs:annotation>
<xs:documentation>
Rather like PreviousSession but using stronger security. A secret that was established in a previous session with the Authentication Authority has been cached by the local system and is now re-used (e.g. a Master Secret is used to derive new session keys in TLS, SSL, WTLS).
</xs:documentation>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -