1# zxid/sg/liberty-authentication-context-v2.0.sg 2# Slightly edited, 5.9.2006, Sampo Kellomaki (sampo@iki.fi) 3# $Id: liberty-authentication-context-v2.0.sg,v 1.3 2009-09-05 02:23:41 sampo Exp $ 4# 5# N.B. This file is nearly identical to urn:liberty:ac:2003-08, 6# liberty-authentication-context-1.2-errata-v1.0.xsd. Thus we adopt the convention 7# of using this collection of authentication contexts. 8 9target(ac, urn:liberty:ac:2004-12) 10#include(liberty-utility-v2.0.xsd) necessary definitions have been inline expanded 11 12Extension -> %ac:extensionType 13%extensionType: 14 any+ ns(##other) processContents(lax) 15 ; 16 17AuthenticationContextStatement -> %ac:AuthenticationContextStatementType 18Identification -> %ac:IdentificationType 19 20PhysicalVerification: 21 @credentialLevel?: enum( primary secondary ) ; 22 ; 23WrittenConsent: 24 ac:Extension* 25 ; 26 27TechnicalProtection -> %ac:TechnicalProtectionType 28SecretKeyProtection -> %ac:SecretKeyProtectionType 29PrivateKeyProtection -> %ac:PrivateKeyProtectionType 30KeyActivation -> %ac:KeyActivationType 31KeySharing -> %ac:KeySharingType 32KeyStorage -> %ac:KeyStorageType 33Password -> %ac:PasswordType 34ActivationPin -> %ac:ActivationPinType 35Token -> %ac:TokenType 36TimeSyncToken -> %ac:TimeSyncTokenType 37 38Smartcard: 39 ac:Extension* 40 ; 41 42Length -> %ac:LengthType 43ActivationLimit -> %ac:ActivationLimitType 44 45Generation: 46 @mechanism: enum( principalchosen automatic ) ; 47 ; 48 49AuthenticationMethod -> %ac:AuthenticationMethodType 50PrincipalAuthenticationMechanism -> %ac:PrincipalAuthenticationMechanismType 51Authenticator -> %ac:AuthenticatorType 52 53PreviousSession: 54 ac:Extension* 55 ; 56ResumeSession: 57 ac:Extension* 58 ; 59ZeroKnowledge: 60 ac:Extension* 61 ; 62SharedSecretChallengeResponse: 63 ac:Extension* 64 ; 65DigSig: 66 ac:Extension* 67 ; 68IPAddress: 69 ac:Extension* 70 ; 71AsymmetricDecryption: 72 ac:Extension* 73 ; 74AsymmetricKeyAgreement: 75 ac:Extension* 76 ; 77SharedSecretDynamicPlaintext: 78 ac:Extension* 79 ; 80AuthenticatorTransportProtocol -> %ac:AuthenticatorTransportProtocolType 81HTTP: 82 ac:Extension* 83 ; 84IPSec: 85 ac:Extension* 86 ; 87WTLS: 88 ac:Extension* 89 ; 90MobileNetworkNoEncryption: 91 ac:Extension* 92 ; 93MobileNetworkRadioEncryption: 94 ac:Extension* 95 ; 96MobileNetworkEndToEndEncryption: 97 ac:Extension* 98 ; 99SSL: 100 ac:Extension* 101 ; 102OperationalProtection -> %ac:OperationalProtectionType 103SecurityAudit -> %ac:SecurityAuditType 104SwitchAudit: 105 ac:Extension* 106 ; 107DeactivationCallCenter: 108 ac:Extension* 109 ; 110GoverningAgreements -> %ac:GoverningAgreementsType 111GoverningAgreementRef -> %ac:GoverningAgreementRefType 112AuthenticatingAuthority -> %ac:AuthenticatingAuthorityType 113%IdentificationType: 114 ac:PhysicalVerification? 115 ac:WrittenConsent? 116 ac:Extension* 117 @nym?: enum( anonymity verinymity pseudonymity ) ; 118 ; 119%GoverningAgreementsType: 120 ac:GoverningAgreementRef+ 121 ; 122%GoverningAgreementRefType: 123 @governingAgreementRef -> %xs:anyURI 124 ; 125%AuthenticatingAuthorityType: 126 ac:GoverningAgreements 127 @ID -> %xs:anyURI 128 ; 129%AuthenticatorTransportProtocolType: 130 ac:HTTP? 131 ac:SSL? 132 ac:MobileNetworkNoEncryption? 133 ac:MobileNetworkRadioEncryption? 134 ac:MobileNetworkEndToEndEncryption? 135 ac:WTLS? 136 ac:IPSec? 137 ac:Extension+ 138 ; 139%PrincipalAuthenticationMechanismType: 140 ac:Password? 141 ac:Token? 142 ac:Smartcard? 143 ac:ActivationPin? 144 ac:Extension+ 145 ; 146%AuthenticationMethodType: 147 ac:PrincipalAuthenticationMechanism? 148 ac:Authenticator? 149 ac:AuthenticatorTransportProtocol? 150 ac:Extension* 151 ; 152%AuthenticationContextStatementType: 153 ac:Identification? 154 ac:TechnicalProtection? 155 ac:OperationalProtection? 156 ac:AuthenticationMethod? 157 ac:GoverningAgreements? 158 ac:AuthenticatingAuthority* 159 ac:Extension* 160 @ID? -> %xs:ID 161 ; 162%TechnicalProtectionType: 163 ac:PrivateKeyProtection? 164 ac:SecretKeyProtection? 165 ac:Extension* 166 ; 167%OperationalProtectionType: 168 ac:SecurityAudit? 169 ac:DeactivationCallCenter? 170 ac:Extension* 171 ; 172%AuthenticatorType: 173 ac:PreviousSession? 174 ac:ResumeSession? 175 ac:DigSig? 176 ac:Password? 177 ac:ZeroKnowledge? 178 ac:SharedSecretChallengeResponse? 179 ac:SharedSecretDynamicPlaintext? 180 ac:IPAddress? 181 ac:AsymmetricDecryption? 182 ac:AsymmetricKeyAgreement? 183 ac:Extension+ 184 ; 185%KeyActivationType: 186 ac:ActivationPin? 187 ac:Extension+ 188 ; 189%KeySharingType: 190 @sharing -> %xs:boolean 191 ; 192%PrivateKeyProtectionType: 193 ac:KeyActivation? 194 ac:KeyStorage? 195 ac:KeySharing? 196 ac:Extension* 197 ; 198%PasswordType: 199 ac:Length? 200 ac:Alphabet? 201 ac:Generation? 202 ac:Extension* 203 ; 204%ActivationPinType: 205 ac:Length? 206 ac:Alphabet? 207 ac:Generation? 208 ac:ActivationLimit? 209 ac:Extension* 210 ; 211 212Alphabet -> %ac:AlphabetType 213%AlphabetType: 214 @requiredChars -> %xs:string 215 @excludedChars? -> %xs:string 216 @case? -> %xs:string 217 ; 218 219%TokenType: 220 ac:TimeSyncToken 221 ac:Extension* 222 223 ; 224%TimeSyncTokenType: 225 @DeviceType: enum( hardware software ) ; 226 @SeedLength -> %xs:integer 227 @DeviceInHand: enum( true false ) ; 228 ; 229 230%ActivationLimitType: 231 ac:ActivationLimitDuration? 232 ac:ActivationLimitUsages? 233 ac:ActivationLimitSession? 234 ; 235ActivationLimitDuration -> %ac:ActivationLimitDurationType 236ActivationLimitUsages -> %ac:ActivationLimitUsagesType 237ActivationLimitSession -> %ac:ActivationLimitSessionType 238%ActivationLimitDurationType: 239 @duration -> %xs:duration 240 ; 241%ActivationLimitUsagesType: 242 @number -> %xs:integer 243 ; 244 245%LengthType: 246 @min -> %xs:integer 247 @max? -> %xs:integer 248 ; 249%KeyStorageType: 250 @medium: enum( memory smartcard token MobileDevice MobileAuthCard ) ; 251 ; 252%SecretKeyProtectionType: 253 ac:KeyActivation? 254 ac:KeyStorage? 255 ac:Extension+ 256 ; 257%SecurityAuditType: 258 ac:SwitchAudit? 259 ac:Extension* 260 ; 261 262# EOF 263