· 5 years ago · Aug 25, 2020, 02:18 PM
1<?xml version="1.0" encoding="utf-8"?>
2<xs:schema xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" targetNamespace="http://schemas.microsoft.com/online/cpim/schemas/2013/06" xmlns:tfp="http://schemas.microsoft.com/online/cpim/schemas/2013/06" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
3 <!-- <xs:schema xmlns="http://schemas.microsoft.com/online/cpim/schemas/2014/07" targetNamespace="http://schemas.microsoft.com/online/cpim/schemas/2014/07" xmlns:tfp="http://schemas.microsoft.com/online/cpim/schemas/2014/07" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> -->
4 <!--
5 The top-level definition of a trust framework policy. Each section is defined by type elsewhere.
6 -->
7 <xs:element name="TrustFrameworkPolicy">
8 <xs:annotation>
9 <xs:documentation>
10 The root element within which a Trust Framework Policy is defined.
11 </xs:documentation>
12 </xs:annotation>
13 <xs:complexType>
14 <xs:sequence>
15 <xs:element minOccurs="0" maxOccurs="1" name="BasePolicy" type="tfp:BasePolicy" />
16
17 <xs:element minOccurs="0" maxOccurs="1" name="Contacts">
18 <xs:annotation>
19 <xs:documentation>
20 Contains a list of contacts who can be communicated with for notifications and issues regarding the Policy.
21 </xs:documentation>
22 </xs:annotation>
23 <xs:complexType>
24 <xs:sequence>
25 <xs:element minOccurs="0" maxOccurs="unbounded" name="Contact" type="tfp:Contact" />
26 </xs:sequence>
27 </xs:complexType>
28 </xs:element>
29
30 <xs:element minOccurs="0" maxOccurs="1" name="DocumentReferences">
31 <xs:annotation>
32 <xs:documentation>
33 Contains a list of references to documents for the Policy.
34 </xs:documentation>
35 </xs:annotation>
36 <xs:complexType>
37 <xs:sequence>
38 <xs:element minOccurs="0" maxOccurs="unbounded" name="DocumentReference" type="tfp:DocumentReference" />
39 </xs:sequence>
40 </xs:complexType>
41 <xs:key name="UniqueDocumentReferenceId">
42 <xs:selector xpath="tfp:DocumentReference"/>
43 <xs:field xpath="@Id"/>
44 </xs:key>
45 </xs:element>
46
47 <xs:element minOccurs="0" maxOccurs="1" name="BuildingBlocks" type="tfp:BuildingBlocks" />
48
49 <xs:element minOccurs="0" maxOccurs="1" name="ClaimsProviders">
50 <xs:annotation>
51 <xs:documentation>
52 This section contains the Claims Providers and their Technical Profiles that may be used in the various User Journeys.
53 </xs:documentation>
54 </xs:annotation>
55 <xs:complexType>
56 <xs:sequence>
57 <xs:element minOccurs="1" maxOccurs="unbounded" name="ClaimsProvider" type="tfp:ClaimsProvider"/>
58 </xs:sequence>
59 </xs:complexType>
60 <xs:key name="UniqueTechnicalProfileId">
61 <xs:selector xpath="tfp:ClaimsProvider/tfp:TechnicalProfiles/tfp:TechnicalProfile"/>
62 <xs:field xpath="@Id"/>
63 </xs:key>
64 </xs:element>
65
66 <xs:element minOccurs="0" maxOccurs="1" name="UserJourneys">
67 <xs:annotation>
68 <xs:documentation>
69 The User Journeys through which a user is taken to retrieve the claims that are to be presented to the relying party.
70 </xs:documentation>
71 </xs:annotation>
72 <xs:complexType>
73 <xs:sequence>
74 <xs:element minOccurs="1" maxOccurs="unbounded" name="UserJourney" type="tfp:UserJourney" />
75 </xs:sequence>
76 </xs:complexType>
77 <xs:key name="UniqueUserJourneyId">
78 <xs:selector xpath="tfp:UserJourney"/>
79 <xs:field xpath="@Id"/>
80 </xs:key>
81 </xs:element>
82
83 <xs:element minOccurs="0" maxOccurs="1" name="RelyingParty">
84 <xs:complexType>
85 <xs:sequence>
86 <xs:element minOccurs="0" maxOccurs="1" name="DefaultUserJourney">
87 <xs:annotation>
88 <xs:documentation>
89 An identifier of the User Journey which the orchestration engine will begin with. A merged trust framework policy
90 can contain multiple user journeys and relying parties select one of them as the starting point.
91 </xs:documentation>
92 </xs:annotation>
93 <xs:complexType>
94 <xs:attribute use="required" name="ReferenceId" type="xs:string"/>
95 </xs:complexType>
96 </xs:element>
97 <xs:element minOccurs="0" maxOccurs="1" name="UserJourneyBehaviors">
98 <xs:annotation>
99 <xs:documentation>
100 Controls the scope of various user journey behaviors.
101 </xs:documentation>
102 </xs:annotation>
103 <xs:complexType>
104 <xs:sequence>
105 <xs:element name="SingleSignOn" type="tfp:SingleSignOn" minOccurs="0" maxOccurs="1">
106 <xs:annotation>
107 <xs:documentation>
108 Controls the scope of the single sign on behavior of a user journey.
109 </xs:documentation>
110 </xs:annotation>
111 </xs:element>
112 <xs:element name="SessionExpiryType" type="tfp:SessionExpiryTypeTYPE" minOccurs="0" maxOccurs="1">
113 <xs:annotation>
114 <xs:documentation>
115 Controls the whether the session is rolling or absolute.
116 </xs:documentation>
117 </xs:annotation>
118 </xs:element>
119 <xs:element name="SessionExpiryInSeconds" type="xs:int" minOccurs="0" maxOccurs="1">
120 <xs:annotation>
121 <xs:documentation>
122 Controls the time of the session expiry in seconds.
123 </xs:documentation>
124 </xs:annotation>
125 </xs:element>
126 <xs:element name="AzureApplicationInsights" type="tfp:AzureApplicationInsights" minOccurs="0" maxOccurs="1">
127 <xs:annotation>
128 <xs:documentation>
129 Specifies the Microsoft Azure Application Insights instrumentation key to be used in the application insights javascript.
130 </xs:documentation>
131 </xs:annotation>
132 </xs:element>
133 <xs:element name="ContentDefinitionParameters" type="tfp:ContentDefinitionParameters" minOccurs="0" maxOccurs="1">
134 <xs:annotation>
135 <xs:documentation>
136 Specifies the a list of key value pairs to be appended to the content definition load uri.
137 </xs:documentation>
138 </xs:annotation>
139 </xs:element>
140 </xs:sequence>
141 </xs:complexType>
142 </xs:element>
143 <xs:element minOccurs="0" maxOccurs="1" name="TechnicalProfile" type="tfp:TechnicalProfile"/>
144 </xs:sequence>
145 </xs:complexType>
146 </xs:element>
147 </xs:sequence>
148 <xs:attribute use="required" name="PolicySchemaVersion" type="tfp:FourPartVersionNumber">
149 <xs:annotation>
150 <xs:documentation>
151 Determines the schema version published by Microsoft using which this Policy is to be executed.
152 </xs:documentation>
153 </xs:annotation>
154 </xs:attribute>
155 <xs:attribute use="required" name="TenantId" type="tfp:TenantId">
156 <xs:annotation>
157 <xs:documentation>
158 The unique identifier of the tenant to which this policy belongs.
159 </xs:documentation>
160 </xs:annotation>
161 </xs:attribute>
162 <xs:attribute use="optional" name="TenantObjectId" type="tfp:TenantObjectId">
163 <xs:annotation>
164 <xs:documentation>
165 The unique identifier of the object ID of the Azure tenant.
166 </xs:documentation>
167 </xs:annotation>
168 </xs:attribute>
169 <xs:attribute use="required" name="PolicyId" type="tfp:PolicyId">
170 <xs:annotation>
171 <xs:documentation>
172 The unique identifier of this policy.
173 </xs:documentation>
174 </xs:annotation>
175 </xs:attribute>
176 <xs:attribute use="required" name="PublicPolicyUri" type="xs:anyURI">
177 <xs:annotation>
178 <xs:documentation>
179 The URI for the policy which is an appropriate name of the policy outside of the CPIM system.
180 </xs:documentation>
181 </xs:annotation>
182 </xs:attribute>
183 <xs:attribute use="optional" name="StateTableName" type="xs:string">
184 <xs:annotation>
185 <xs:documentation>
186 The name of the StateTable that should execute this policy.
187 </xs:documentation>
188 </xs:annotation>
189 </xs:attribute>
190 <xs:attribute use="optional" name="DeploymentMode" type="tfp:DeploymentModeType">
191 <xs:annotation>
192 <xs:documentation>
193 The mode under which the policy should be deployed.
194 </xs:documentation>
195 </xs:annotation>
196 </xs:attribute>
197 <xs:attribute use="optional" name="UserJourneyRecorderEndpoint" type="xs:string">
198 <xs:annotation>
199 <xs:documentation>
200 The Url in the format http://{host}?stream={guid} (where the braces are omitted)
201 of a service able to receive http posts documenting user journey progress
202 </xs:documentation>
203 </xs:annotation>
204 </xs:attribute>
205 </xs:complexType>
206 </xs:element>
207
208 <xs:complexType name="BasePolicy">
209 <xs:annotation>
210 <xs:documentation>
211 This section defines the base policy from which this Policy is derived.
212 </xs:documentation>
213 </xs:annotation>
214 <xs:sequence>
215 <xs:element minOccurs="1" maxOccurs="1" name="TenantId" type="tfp:TenantId">
216 <xs:annotation>
217 <xs:documentation>
218 The identifier of the tenant that published the base policy. The base policy is looked up inside the tenant
219 specified here.
220 </xs:documentation>
221 </xs:annotation>
222 </xs:element>
223 <xs:element minOccurs="1" maxOccurs="1" name="PolicyId" type="tfp:PolicyId">
224 <xs:annotation>
225 <xs:documentation>
226 The identifier of the base policy. The policy is looked up using this identifier within the tenant specified
227 by the preceding element.
228 </xs:documentation>
229 </xs:annotation>
230 </xs:element>
231 </xs:sequence>
232 </xs:complexType>
233
234 <xs:complexType name="TechnicalProfile">
235 <xs:annotation>
236 <xs:documentation>
237 Every Claims Provider must have one or more Technical Profiles which determines the end points and the protocols needed
238 to communicate with that Claims Provider. In fact, in CPIM, it is the Technical Profile that is referenced elsewhere for
239 communication with a particular Claims Provider.
240
241 A Claims Provider can have multiple Technical Profiles for various reasons. For example, multiple Technical Profiles may
242 be defined because the Claims Provider supports multiple protocols, various endpoints with different capabilities, or
243 releases different claims at different assurance levels. It may be acceptable to release
244 sensitive claims in one User Journey, but not in another one. A Technical Profile is usually certified for
245 a Level of Assurance and thus one Claims Provider may have multiple Technical Profiles for different Levels of Assurance.
246 </xs:documentation>
247 </xs:annotation>
248 <xs:sequence>
249 <xs:element minOccurs="0" maxOccurs="1" name="Domain" type="xs:string">
250 <xs:annotation>
251 <xs:documentation>
252 The human understandable domain name for the technical profile.
253 </xs:documentation>
254 </xs:annotation>
255 </xs:element>
256 <xs:element minOccurs="0" maxOccurs="1" name="DisplayName" type="xs:string">
257 <xs:annotation>
258 <xs:documentation>
259 The human understandable name of the Technical Profile that can be displayed to the users.
260 </xs:documentation>
261 </xs:annotation>
262 </xs:element>
263 <xs:element minOccurs="0" maxOccurs="1" name="Description" type="xs:string">
264 <xs:annotation>
265 <xs:documentation>
266 Provides detailed user understandable text to explain the Technical Profile.
267 </xs:documentation>
268 </xs:annotation>
269 </xs:element>
270 <xs:element minOccurs="0" maxOccurs="1" name="Protocol">
271 <xs:annotation>
272 <xs:documentation>
273 The protocol used for federation.
274 </xs:documentation>
275 </xs:annotation>
276 <xs:complexType>
277 <xs:attribute use="required" name="Name" type="tfp:ProtocolName">
278 <xs:annotation>
279 <xs:documentation>
280 Name of the protocol used by CPIM for claims exchange with the claims provider.
281 </xs:documentation>
282 </xs:annotation>
283 </xs:attribute>
284 <xs:attribute use="optional" name="Handler" type="xs:string">
285 <xs:annotation>
286 <xs:documentation>
287 A fully-qualified name of the assembly that will be used by CPIM to determine the protocol handler if the protocol
288 name is "Proprietary". It is invalid to provide this attribute with any other protocol name.
289 </xs:documentation>
290 </xs:annotation>
291 </xs:attribute>
292 </xs:complexType>
293 </xs:element>
294 <xs:element minOccurs="0" maxOccurs="1" name="InputTokenFormat" type="tfp:TokenFormat">
295 <xs:annotation>
296 <xs:documentation>
297 Format of the input token
298 </xs:documentation>
299 </xs:annotation>
300 </xs:element>
301 <xs:element minOccurs="0" maxOccurs="1" name="OutputTokenFormat" type="tfp:TokenFormat">
302 <xs:annotation>
303 <xs:documentation>
304 Format of the output token
305 </xs:documentation>
306 </xs:annotation>
307 </xs:element>
308 <xs:element minOccurs="0" maxOccurs="1" name="AssuranceLevelOfOutputClaims" type="xs:string">
309 <xs:annotation>
310 <xs:documentation>
311 Lists the assurance level of the claims that are retrieved from the Technical Profile.
312 </xs:documentation>
313 </xs:annotation>
314 </xs:element>
315 <xs:element minOccurs="0" maxOccurs="1" name="RequiredAssuranceLevelsOfInputClaims">
316 <xs:annotation>
317 <xs:documentation>
318 Lists the assurance levels that a claim must have in order for it to be used as an input claim to the Technical Profile.
319 </xs:documentation>
320 </xs:annotation>
321 <xs:complexType>
322 <xs:sequence>
323 <xs:element minOccurs="0" maxOccurs="unbounded" name="RequiredAssuranceLevelOfInputClaims" type="xs:string"/>
324 </xs:sequence>
325 </xs:complexType>
326 </xs:element>
327 <xs:element minOccurs="0" maxOccurs="1" name="SubjectAuthenticationRequirements">
328 <xs:annotation>
329 <xs:documentation>
330 Requirements regarding the conscious and active participation of the subject in authentication
331 </xs:documentation>
332 </xs:annotation>
333 <xs:complexType>
334 <xs:attribute use="required" name="TimeToLive" type="xs:int">
335 <xs:annotation>
336 <xs:documentation>
337 The maximum number of minutes cached credentials can be used following an active authentication by the subject.
338 </xs:documentation>
339 </xs:annotation>
340 </xs:attribute>
341 <xs:attribute use="optional" name="ResetExpiryWhenTokenIssued" type="xs:boolean">
342 <xs:annotation>
343 <xs:documentation>
344 Default is False. If True then whenever a token is issued
345 (even using a cached credential) the expiry time is set to the current time plus the TimeToLive
346 </xs:documentation>
347 </xs:annotation>
348 </xs:attribute>
349 </xs:complexType>
350 </xs:element>
351 <xs:element minOccurs="0" maxOccurs="1" name="Metadata" type="tfp:metadataTYPE">
352 <xs:annotation>
353 <xs:documentation>
354 This is the data utilized by the protocol for communicating with the endpoint.
355 </xs:documentation>
356 </xs:annotation>
357 </xs:element>
358 <xs:element minOccurs="0" maxOccurs="1" name="CryptographicKeys" type="tfp:CryptographicKeys">
359 <xs:annotation>
360 <xs:documentation>
361 A list of cryptographic keys used in this technical profile.
362 </xs:documentation>
363 </xs:annotation>
364 </xs:element>
365 <xs:element minOccurs="0" maxOccurs="1" name="Suppressions" type="tfp:ItemGroup">
366 <xs:annotation>
367 <xs:documentation>
368 A list of suppressions supported by the protocol.
369 </xs:documentation>
370 </xs:annotation>
371 </xs:element>
372 <xs:element minOccurs="0" maxOccurs="1" name="PreferredBinding" type="xs:string">
373 <xs:annotation>
374 <xs:documentation>
375 If the protocol supports multiple bindings, this represents binding preferred by the protocol, for example HTTP POST or HTTP GET
376 in the case of SAML.
377 </xs:documentation>
378 </xs:annotation>
379 </xs:element>
380 <xs:element minOccurs="0" maxOccurs="1" name="IncludeInSso" type="xs:boolean">
381 <xs:annotation>
382 <xs:documentation>
383 A value indicating whether usage of this technical profile should apply
384 single-signon behavior for the session and instead require explicit interaction
385 </xs:documentation>
386 </xs:annotation>
387 </xs:element>
388 <xs:element minOccurs="0" maxOccurs="1" name="InputTokenSources" type="tfp:InputTokenSources">
389 <xs:annotation>
390 <xs:documentation>
391 CPIM can send the original token from one claims provider to another claims provider. InputTokenSources are
392 the list of technical profiles of the claims providers from which the original tokens are to be sent.
393 </xs:documentation>
394 </xs:annotation>
395 </xs:element>
396
397 <xs:element minOccurs="0" maxOccurs="unbounded" name="InputClaimsTransformations">
398 <xs:annotation>
399 <xs:documentation>
400 ClaimsTransformations can be used to modify existing ClaimsSchema claims or generate new ones. This element contains the
401 list of references to ClaimsTransformations that should be executed before any claims are sent to the claims provider or the
402 relying party.
403 </xs:documentation>
404 </xs:annotation>
405 <xs:complexType>
406 <xs:sequence>
407 <xs:element minOccurs="1" maxOccurs="unbounded" name="InputClaimsTransformation" type="tfp:ClaimsTransformationReference" />
408 </xs:sequence>
409 </xs:complexType>
410 </xs:element>
411
412 <xs:element minOccurs="0" maxOccurs="1" name="InputClaims">
413 <xs:annotation>
414 <xs:documentation>
415 A list of the ClaimsSchema claim types that are sent as input to the claims provider or the relying party.
416 </xs:documentation>
417 </xs:annotation>
418 <xs:complexType>
419 <xs:sequence>
420 <xs:element minOccurs="0" maxOccurs="unbounded" name="InputClaim" type="tfp:ClaimsSchemaClaimTypeReference" />
421 </xs:sequence>
422 </xs:complexType>
423 </xs:element>
424
425 <xs:element minOccurs="0" maxOccurs="1" name="PersistedClaims">
426 <xs:annotation>
427 <xs:documentation>
428 A list of the ClaimsSchema claim types that are persisted by the claims provider.
429 </xs:documentation>
430 </xs:annotation>
431 <xs:complexType>
432 <xs:sequence>
433 <xs:element minOccurs="0" maxOccurs="unbounded" name="PersistedClaim" type="tfp:PersistedClaim" />
434 </xs:sequence>
435 </xs:complexType>
436 </xs:element>
437
438 <xs:element minOccurs="0" maxOccurs="1" name="OutputClaims">
439 <xs:annotation>
440 <xs:documentation>
441 A list of the ClaimsSchema claim types that are received as output from the claims provider.
442 </xs:documentation>
443 </xs:annotation>
444 <xs:complexType>
445 <xs:sequence>
446 <xs:element minOccurs="0" maxOccurs="unbounded" name="OutputClaim" type="tfp:ClaimsSchemaClaimTypeReference" />
447 </xs:sequence>
448 </xs:complexType>
449 </xs:element>
450
451 <xs:element minOccurs="0" maxOccurs="unbounded" name="OutputClaimsTransformations">
452 <xs:annotation>
453 <xs:documentation>
454 ClaimsTransformations can be used to modify existing ClaimsSchema claims or generate new ones. This element contains the
455 list of references to ClaimsTransformations that should be executed after claims are received from the claims provider.
456 </xs:documentation>
457 </xs:annotation>
458 <xs:complexType>
459 <xs:sequence>
460 <xs:element minOccurs="1" maxOccurs="unbounded" name="OutputClaimsTransformation" type="tfp:ClaimsTransformationReference" />
461 </xs:sequence>
462 </xs:complexType>
463 </xs:element>
464
465 <xs:element minOccurs="0" maxOccurs="unbounded" name="ValidationTechnicalProfiles">
466 <xs:annotation>
467 <xs:documentation>
468 A TechnicalProfile can have a set of other TechnicalProfiles that it uses for validation purposes. This section lists all
469 such technical profiles.
470 </xs:documentation>
471 </xs:annotation>
472 <xs:complexType>
473 <xs:sequence>
474 <xs:element minOccurs="1" maxOccurs="unbounded" name="ValidationTechnicalProfile">
475 <xs:complexType>
476 <xs:annotation>
477 <xs:documentation>
478 The technical profile to be used for validating some or all of the output claims of the referencing technical profile.
479 Therefore, all the input claims of the referenced technical profile must appear in the output claims of the
480 referencing technical profile.
481 </xs:documentation>
482 </xs:annotation>
483 <xs:attribute use="required" name="ReferenceId" type="xs:string" />
484 </xs:complexType>
485 </xs:element>
486 </xs:sequence>
487 </xs:complexType>
488 <xs:key name="UniqueTechnicalProfileReferenceId">
489 <xs:selector xpath="tfp:ValidationTechnicalProfile"/>
490 <xs:field xpath="@ReferenceId"/>
491 </xs:key>
492 </xs:element>
493
494 <xs:element minOccurs="0" maxOccurs="1" name="SubjectNamingInfo">
495 <xs:annotation>
496 <xs:documentation>
497 Information that controls production of the subject name in tokens (e.g. SAML) where subject name is specified separately
498 from claims.
499 </xs:documentation>
500 </xs:annotation>
501 <xs:complexType>
502 <xs:attribute use="required" name="ClaimType" type="xs:string" />
503 <xs:attribute use="optional" name="NameQualifier" type="xs:string" />
504 <xs:attribute use="optional" name="SPNameQualifier" type="xs:string" />
505 <xs:attribute use="optional" name="Format" type="xs:string" />
506 <xs:attribute use="optional" name="SPProvidedID" type="xs:string" />
507 </xs:complexType>
508 </xs:element>
509
510 <xs:element minOccurs="0" name="Extensions" type="tfp:Extensions">
511 <xs:annotation>
512 <xs:documentation>
513 An element for including additional information specific to a particular technical profile
514 </xs:documentation>
515 </xs:annotation>
516 </xs:element>
517
518 <xs:element minOccurs="0" maxOccurs="1" name="IncludeClaimsFromTechnicalProfile" type="xs:string">
519 <xs:annotation>
520 <xs:documentation>
521 A id of different technical profile. All input and output claims from referenced technical profile will be
522 added to this technical profile. Referenced technical profile must be defined in the same trust framework policy.
523 </xs:documentation>
524 </xs:annotation>
525 </xs:element>
526
527 <xs:element minOccurs="0" maxOccurs="1" name="IncludeTechnicalProfile">
528 <xs:complexType>
529 <xs:annotation>
530 <xs:documentation>
531 A id of different technical profile. All data from referenced technical profile will be
532 added to this technical profile. Referenced technical profile must exists in trust framework policy.
533 </xs:documentation>
534 </xs:annotation>
535 <xs:attribute use="required" name="ReferenceId" type="xs:string" />
536 </xs:complexType>
537 </xs:element>
538
539 <xs:element minOccurs="0" maxOccurs="1" name="UseTechnicalProfileForSessionManagement">
540 <xs:complexType>
541 <xs:annotation>
542 <xs:documentation>
543 An id of a technical profile to be used for session managemetn.
544 </xs:documentation>
545 </xs:annotation>
546 <xs:attribute use="required" name="ReferenceId" type="xs:string" />
547 </xs:complexType>
548 </xs:element>
549
550 <xs:element minOccurs="0" maxOccurs="1" name="EnabledForUserJourneys" type="tfp:EnabledForUserJourneysValues">
551 <xs:annotation>
552 <xs:documentation>
553 A boolean indicating if the technical provile should be used within a user journey, this includes ClaimProviderSelections.
554 If this value is set to true, it will disable the selection.
555 </xs:documentation>
556 </xs:annotation>
557 </xs:element>
558 </xs:sequence>
559
560 <xs:attribute use="required" name="Id" type="xs:string">
561 <xs:annotation>
562 <xs:documentation>
563 A machine understandable identifier that is used to uniquely identify this particular TechnicalProfile,
564 and reference it from other sections of the document, for example OrchestrationSteps and InputTokenSources.
565 </xs:documentation>
566 </xs:annotation>
567 </xs:attribute>
568 </xs:complexType>
569
570 <!--
571 Describes a particular user journey, which may refer to sections defined elsewhere.
572 -->
573 <xs:complexType name="UserJourney">
574 <xs:annotation>
575 <xs:documentation>
576 A User Journey defines all the constructs necessary for a complete user flow.
577 </xs:documentation>
578 </xs:annotation>
579 <xs:sequence>
580
581 <xs:element minOccurs="0" maxOccurs="1" name="AssuranceLevel" type="xs:string">
582 <xs:annotation>
583 <xs:documentation>
584 Specifies a measurement of identity assurance when the claims are presented to the Relying
585 Party at the conclusion of the orchestration steps contained in the User Journey.
586 </xs:documentation>
587 </xs:annotation>
588 </xs:element>
589
590 <xs:element minOccurs="0" maxOccurs="1" name="PreserveOriginalAssertion" type="xs:boolean">
591 <xs:annotation>
592 <xs:documentation>
593 Claims are presented to the Relying Party Application in a token generated by CPIM. However, a Technical
594 Policy may state, using a true or a false for this element, that the original assertion which was returned from
595 the Claims Provider(s) must also be preserved so that if needed, it can be looked at by Relying Party for auditing
596 or diagnostic purposes.
597 </xs:documentation>
598 </xs:annotation>
599 </xs:element>
600
601 <xs:element minOccurs="0" maxOccurs="1" name="OrchestrationSteps">
602 <xs:annotation>
603 <xs:documentation>
604 This section lists the orchestration sequence that must be followed through for a successful transaction (i.e. a
605 complete user flow). Thus, every User Journey consists of an ordered list of Orchestration Steps (OS) that are
606 executed in sequence. If any step fails, the transaction fails.
607 </xs:documentation>
608 </xs:annotation>
609 <xs:complexType>
610 <xs:sequence>
611 <xs:element minOccurs="1" maxOccurs="unbounded" name="OrchestrationStep" type="tfp:OrchestrationStep" />
612 </xs:sequence>
613 </xs:complexType>
614 <xs:key name="UniqueOrchestrationStepOrder">
615 <xs:selector xpath="tfp:OrchestrationStep"/>
616 <xs:field xpath="@Order"/>
617 </xs:key>
618 <xs:key name="UniqueClaimsExchangeId">
619 <xs:selector xpath="tfp:OrchestrationStep/tfp:ClaimsExchanges/tfp:ClaimsExchange"/>
620 <xs:field xpath="@Id"/>
621 </xs:key>
622 </xs:element>
623
624 <xs:element minOccurs="0" maxOccurs="1" name="ClientDefinition">
625 <xs:annotation>
626 <xs:documentation>
627 References settings definition section that determines the client behavior.
628 </xs:documentation>
629 </xs:annotation>
630 <xs:complexType>
631 <xs:attribute name="ReferenceId" type="xs:string">
632 <xs:annotation>
633 <xs:documentation>
634 The identifier of the policy to use.
635 </xs:documentation>
636 </xs:annotation>
637 </xs:attribute>
638 </xs:complexType>
639 </xs:element>
640
641 <xs:element minOccurs="0" maxOccurs="1" name="CryptographicKeys" type="tfp:CryptographicKeys">
642 <xs:annotation>
643 <xs:documentation>
644 A list of cryptographic keys used in this User Journey.
645 </xs:documentation>
646 </xs:annotation>
647 </xs:element>
648
649 </xs:sequence>
650
651 <xs:attribute use="required" name="Id" type="xs:string">
652 <xs:annotation>
653 <xs:documentation>
654 A machine understandable identifier that is used to uniquely identify this particular User Journey.
655 </xs:documentation>
656 </xs:annotation>
657 </xs:attribute>
658 </xs:complexType>
659 <!--
660 Policy definitions that technical policies may refer to
661 -->
662 <xs:complexType name="BuildingBlocks">
663 <xs:annotation>
664 <xs:documentation>
665 This section contains all the definitions that are used by the Technical Policies.
666 </xs:documentation>
667 </xs:annotation>
668 <xs:sequence>
669 <xs:element minOccurs="0" maxOccurs="1" name="ClaimsSchema">
670 <xs:annotation>
671 <xs:documentation>
672 This section defines all the claim types that can be reference from other sections of the document.
673 </xs:documentation>
674 </xs:annotation>
675 <xs:complexType>
676 <xs:sequence>
677 <xs:element minOccurs="1" maxOccurs="unbounded" name="ClaimType" type="tfp:ClaimType" />
678 </xs:sequence>
679 </xs:complexType>
680 <xs:key name="UniqueClaimTypeId">
681 <xs:selector xpath="tfp:ClaimType"/>
682 <xs:field xpath="@Id"/>
683 </xs:key>
684 </xs:element>
685
686 <xs:element minOccurs="0" maxOccurs="1" name="ClaimsTransformations">
687 <xs:annotation>
688 <xs:documentation>
689 Contains a list of claims transforms that can be used in Technical Policies.
690 </xs:documentation>
691 </xs:annotation>
692 <xs:complexType>
693 <xs:sequence>
694 <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsTransformation" type="tfp:ClaimsTransformation" />
695 </xs:sequence>
696 </xs:complexType>
697 <xs:key name="UniqueClaimsTransformationId">
698 <xs:selector xpath="tfp:ClaimsTransformation"/>
699 <xs:field xpath="@Id"/>
700 </xs:key>
701 </xs:element>
702
703 <xs:element minOccurs="0" maxOccurs="1" name="ClientDefinitions">
704 <xs:annotation>
705 <xs:documentation>
706 ClientDefinitions specify various properties specific to the end-user device for which the policy is being executed.
707 </xs:documentation>
708 </xs:annotation>
709 <xs:complexType>
710 <xs:sequence>
711 <xs:element minOccurs="0" maxOccurs="unbounded" name="ClientDefinition" type="tfp:ClientDefinition" />
712 </xs:sequence>
713 </xs:complexType>
714 <xs:key name="UniqueClientDefinitionId">
715 <xs:selector xpath="tfp:ClientDefinition"/>
716 <xs:field xpath="@Id"/>
717 </xs:key>
718 </xs:element>
719
720 <xs:element minOccurs="0" maxOccurs="1" name="ContentDefinitions">
721 <xs:annotation>
722 <xs:documentation>
723 Content definitions contain URLs to external content (for example, URLs to pages used in claims providers such as Phone Factor).
724 </xs:documentation>
725 </xs:annotation>
726 <xs:complexType>
727 <xs:sequence>
728 <xs:element minOccurs="0" maxOccurs="unbounded" name="ContentDefinition" type="tfp:ContentDefinition" />
729 </xs:sequence>
730 </xs:complexType>
731 <xs:key name="UniqueContentDefinitionId">
732 <xs:selector xpath="tfp:ContentDefinition"/>
733 <xs:field xpath="@Id"/>
734 </xs:key>
735 </xs:element>
736
737 <xs:element minOccurs="0" maxOccurs="1" name="Localization">
738 <xs:annotation>
739 <xs:documentation>
740 Defines the supported cultures and contains strings and collections in those cultures.
741 </xs:documentation>
742 </xs:annotation>
743 <xs:complexType>
744 <xs:sequence>
745 <xs:element minOccurs="0" maxOccurs="1" name="SupportedLanguages" type="tfp:SupportedLanguages">
746 <xs:annotation>
747 <xs:documentation>
748 Defines all the cultures that are supported by this policy.
749 </xs:documentation>
750 </xs:annotation>
751 </xs:element>
752 <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedResources" type="tfp:LocalizedResources">
753 <xs:annotation>
754 <xs:documentation>
755 Contains all the translated strings for a specific culture.
756 </xs:documentation>
757 </xs:annotation>
758 </xs:element>
759 </xs:sequence>
760 </xs:complexType>
761 </xs:element>
762 </xs:sequence>
763 </xs:complexType>
764
765 <xs:complexType name="SupportedLanguages">
766 <xs:annotation>
767 <xs:documentation>
768 Represents the set of supported language including the default language.
769 </xs:documentation>
770 </xs:annotation>
771 <xs:sequence>
772 <xs:element minOccurs="0" maxOccurs="unbounded" name="SupportedLanguage" type="tfp:Culture">
773 <xs:annotation>
774 <xs:documentation>
775 Represents one supported language
776 </xs:documentation>
777 </xs:annotation>
778 </xs:element>
779 </xs:sequence>
780 <xs:attribute name="DefaultLanguage" type="tfp:Culture">
781 <xs:annotation>
782 <xs:documentation>
783 This is the default language that the customer will see user journeys in, if he doesnt specify any other supported culture.
784 </xs:documentation>
785 </xs:annotation>
786 </xs:attribute>
787 <xs:attribute name="PolicyLanguage" type="tfp:Culture">
788 <xs:annotation>
789 <xs:documentation>
790 This is the the language the default values in the policy are written in.
791 </xs:documentation>
792 </xs:annotation>
793 </xs:attribute>
794 </xs:complexType>
795
796 <xs:complexType name="LocalizedResources">
797 <xs:annotation>
798 <xs:documentation>
799
800 </xs:documentation>
801 </xs:annotation>
802 <xs:sequence>
803 <xs:element minOccurs="0" maxOccurs="1" name="LocalizedCollections">
804 <xs:annotation>
805 <xs:documentation>
806 A collection can have different number of items, and different strings for various cultures. This element
807 allows defining the entire collections in various cultures. Examples of collections include the enumerations
808 that appear in claim types, e.g. country/region list, and are shown to the user in a drop down list.
809 </xs:documentation>
810 </xs:annotation>
811 <xs:complexType>
812 <xs:sequence>
813 <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedCollection" type="tfp:LocalizedCollection" />
814 </xs:sequence>
815 </xs:complexType>
816 </xs:element>
817 <xs:element minOccurs="0" maxOccurs="1" name="LocalizedStrings">
818 <xs:annotation>
819 <xs:documentation>
820 This section is used to define all the strings, except those that appear in collections, in various cultures.
821 </xs:documentation>
822 </xs:annotation>
823 <xs:complexType>
824 <xs:sequence>
825 <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedString" type="tfp:LocalizedString" />
826 </xs:sequence>
827 </xs:complexType>
828 </xs:element>
829 </xs:sequence>
830 <xs:attribute use="required" name="Culture" type="tfp:Culture">
831 <xs:annotation>
832 <xs:documentation>
833 </xs:documentation>
834 </xs:annotation>
835 </xs:attribute>
836
837 </xs:complexType>
838<!--
839 Specifications for the various low-level types
840 -->
841 <xs:complexType name="SingleSignOn">
842 <xs:annotation>
843 <xs:documentation>
844 Defines the behavior of the single sign-on functionality for this application policy
845 </xs:documentation>
846 </xs:annotation>
847 <xs:attribute use="required" name="Scope" type="tfp:UserJourneyBehaviorScopeType">
848 <xs:annotation>
849 <xs:documentation>
850 Defines the scope of the single sign-on behavior.
851 </xs:documentation>
852 </xs:annotation>
853 </xs:attribute>
854 </xs:complexType>
855 <xs:complexType name="AzureApplicationInsights">
856 <xs:annotation>
857 <xs:documentation>
858 Defines the Azure Applications Insight element which includes the application insights script in the user journeys.
859 </xs:documentation>
860 </xs:annotation>
861 <xs:attribute use="required" name="InstrumentationKey" type="tfp:InstrumentationKey">
862 <xs:annotation>
863 <xs:documentation>
864 Defines the instrumentation key for the application insights element.
865 </xs:documentation>
866 </xs:annotation>
867 </xs:attribute>
868 </xs:complexType>
869 <xs:complexType name="ContentDefinitionParameters">
870 <xs:annotation>
871 <xs:documentation>
872 Defines a list of key value pairs to be appended to the query string of the content definition load uris.
873 </xs:documentation>
874 </xs:annotation>
875 <xs:sequence>
876 <xs:element name="Parameter" maxOccurs="unbounded" type="tfp:ContentDefinitionParameter">
877 <xs:key name="UniqueContentDefinitionParameterName">
878 <xs:selector xpath="tfp:ContentDefinitionParameter"/>
879 <xs:field xpath="@Name"/>
880 </xs:key>
881 </xs:element>
882 </xs:sequence>
883 </xs:complexType>
884 <xs:complexType name="ContentDefinitionParameter">
885 <xs:annotation>
886 <xs:documentation>
887 Defines a key value pair that is to be appended to the query string of content definition load uri.
888 </xs:documentation>
889 </xs:annotation>
890 <xs:simpleContent>
891 <xs:extension base="xs:string">
892 <xs:attribute name="Name" type="xs:string" use="required"/>
893 </xs:extension>
894 </xs:simpleContent>
895 </xs:complexType>
896
897 <xs:complexType name="ClaimsTransformation">
898 <xs:annotation>
899 <xs:documentation>
900 Transforms take a set of claims, process them, and output another set of claims.
901 </xs:documentation>
902 </xs:annotation>
903 <xs:sequence>
904 <xs:element name="InputClaims" minOccurs="0" maxOccurs="1">
905 <xs:annotation>
906 <xs:documentation>
907 A list of the Claim Types that are taken as input to the Claims Transformation. Each of these elements contains reference
908 to a ClaimType already defined in the ClaimsSchema section.
909 </xs:documentation>
910 </xs:annotation>
911 <xs:complexType>
912 <xs:sequence>
913 <xs:element minOccurs="0" maxOccurs="unbounded" name="InputClaim" type="tfp:ClaimsTransformationClaimTypeReference" />
914 </xs:sequence>
915 </xs:complexType>
916 </xs:element>
917 <xs:element name="InputParameters" minOccurs="0" maxOccurs="1">
918 <xs:annotation>
919 <xs:documentation>
920 A list of the parameters that are provided as input to the Claims Transformation. Each of these elements contains a value that is passed
921 verbatim to the transformation.
922 </xs:documentation>
923 </xs:annotation>
924 <xs:complexType>
925 <xs:sequence>
926 <xs:element minOccurs="1" maxOccurs="unbounded" name="InputParameter" type="tfp:ClaimsTransformationParameter" />
927 </xs:sequence>
928 </xs:complexType>
929 </xs:element>
930 <xs:element name="OutputClaims" minOccurs="0" maxOccurs="1">
931 <xs:annotation>
932 <xs:documentation>
933 A list of the Claim Types that are taken as input to the Claims Transformation. Each of these elements contains reference
934 to a ClaimType already defined in the ClaimsSchema section.
935 </xs:documentation>
936 </xs:annotation>
937 <xs:complexType>
938 <xs:sequence>
939 <xs:element minOccurs="1" maxOccurs="1" name="OutputClaim" type="tfp:ClaimsTransformationClaimTypeReference">
940 <xs:annotation>
941 <xs:documentation>
942 The Claim Type that is outputted by the Claims Transformation. This element contains reference to a ClaimType already defined
943 in the ClaimsSchema section.
944 </xs:documentation>
945 </xs:annotation>
946 </xs:element>
947 </xs:sequence>
948 </xs:complexType>
949 </xs:element>
950 </xs:sequence>
951 <xs:attribute use="required" name="Id" type="xs:string">
952 <xs:annotation>
953 <xs:documentation>
954 A machine understandable identifier that is used to uniquely identify this particular Claims Transform, and reference it
955 from other sections of the document.
956 </xs:documentation>
957 </xs:annotation>
958 </xs:attribute>
959 <xs:attribute use="required" name="TransformationMethod" type="xs:string">
960 <xs:annotation>
961 <xs:documentation>
962 A machine understandable identifier to reference the published transformation method to be used.
963 </xs:documentation>
964 </xs:annotation>
965 </xs:attribute>
966 </xs:complexType>
967 <xs:complexType name="ContentDefinition">
968 <xs:sequence>
969 <xs:element minOccurs="0" maxOccurs="1" name="LoadUri" type="tfp:ContentUriTYPE" />
970 <xs:element minOccurs="0" maxOccurs="1" name="RecoveryUri" type="tfp:ContentUriTYPE" />
971 <xs:element minOccurs="0" maxOccurs="1" name="DataUri" type="tfp:ContentUriTYPE" />
972 <xs:element minOccurs="0" maxOccurs="1" name="Metadata" type="tfp:metadataTYPE">
973 <xs:annotation>
974 <xs:documentation>
975 Metadata section that can be used to override API settings and content
976 </xs:documentation>
977 </xs:annotation>
978 </xs:element>
979
980 </xs:sequence>
981 <xs:attribute use="required" name="Id" type="xs:string">
982 <xs:annotation>
983 <xs:documentation>
984 A machine understandable identifier that is used to uniquely identify this particular Content Definition, and reference it
985 from other sections of the document.
986 </xs:documentation>
987 </xs:annotation>
988 </xs:attribute>
989 </xs:complexType>
990
991 <xs:complexType name="ClientDefinition">
992 <xs:annotation>
993 <xs:documentation>
994 Contains settings for a User Journey on a client.
995 </xs:documentation>
996 </xs:annotation>
997 <xs:sequence>
998 <xs:element minOccurs="1" maxOccurs="1" name="ClientUIFilterFlags" type="xs:string">
999 <xs:annotation>
1000 <xs:documentation>
1001 These flags are used for indicate the client's UI behavior.
1002 </xs:documentation>
1003 </xs:annotation>
1004 </xs:element>
1005 </xs:sequence>
1006 <xs:attribute use="required" name="Id" type="xs:string">
1007 <xs:annotation>
1008 <xs:documentation>
1009 A unique identifier that allows this client definition to be referenced from a User Journey.
1010 </xs:documentation>
1011 </xs:annotation>
1012 </xs:attribute>
1013 </xs:complexType>
1014
1015 <xs:complexType name="ClaimsProvider">
1016 <xs:annotation>
1017 <xs:documentation>
1018 Represents a Claims Provider, along with its technical profiles.
1019 </xs:documentation>
1020 </xs:annotation>
1021 <xs:sequence>
1022 <xs:element minOccurs="0" maxOccurs="1" name="Domain" type="xs:string">
1023 <xs:annotation>
1024 <xs:documentation>
1025 The human understandable domain name for the claim provider.
1026 </xs:documentation>
1027 </xs:annotation>
1028 </xs:element>
1029 <xs:element minOccurs="0" maxOccurs="1" name="DisplayName" type="xs:string">
1030 <xs:annotation>
1031 <xs:documentation>
1032 The human understandable name of the claims provider that can be displayed to the users.
1033 </xs:documentation>
1034 </xs:annotation>
1035 </xs:element>
1036 <xs:element name="TechnicalProfiles">
1037 <xs:annotation>
1038 <xs:documentation>
1039 List of Technical Profiles for exchanging claims with this claims provider.
1040 </xs:documentation>
1041 </xs:annotation>
1042 <xs:complexType>
1043 <xs:sequence>
1044 <xs:element minOccurs="0" maxOccurs="unbounded" name="TechnicalProfile" type="tfp:TechnicalProfile" />
1045 </xs:sequence>
1046 </xs:complexType>
1047 </xs:element>
1048 </xs:sequence>
1049 </xs:complexType>
1050
1051 <xs:complexType name="Preconditions">
1052 <xs:annotation>
1053 <xs:documentation>
1054 A collection of Precondition elements.
1055 </xs:documentation>
1056 </xs:annotation>
1057 <xs:sequence>
1058 <xs:element minOccurs="1" maxOccurs="unbounded" name="Precondition" type="tfp:Precondition" />
1059 </xs:sequence>
1060 </xs:complexType>
1061
1062 <xs:complexType name="Precondition">
1063 <xs:annotation>
1064 <xs:documentation>
1065 Represents a conditional check should is performed to determine if an OrchestrationStep should be
1066 executed.
1067 </xs:documentation>
1068 </xs:annotation>
1069 <xs:sequence>
1070 <xs:element minOccurs="1" maxOccurs="unbounded" name="Value" type="xs:string">
1071 <xs:annotation>
1072 <xs:documentation>
1073 The data that is used by the check. For example, if the Type of this check is "ClaimsExist", this field
1074 will specify a ClaimTypeReferenceId to query for.
1075 </xs:documentation>
1076 </xs:annotation>
1077 </xs:element>
1078 <xs:element minOccurs="1" maxOccurs="unbounded" name="Action" type="tfp:PreconditionActionType">
1079 <xs:annotation>
1080 <xs:documentation>
1081 Specifies the action that should be taken if the Precondition check is true, such as "SkipThisOrchestrationStep"
1082 </xs:documentation>
1083 </xs:annotation>
1084 </xs:element>
1085 </xs:sequence>
1086 <xs:attribute use="required" name="Type" type="tfp:PreconditionType" >
1087 <xs:annotation>
1088 <xs:documentation>
1089 The type of check to perform.
1090 </xs:documentation>
1091 </xs:annotation>
1092 </xs:attribute>
1093 <xs:attribute use="required" name="ExecuteActionsIf" type="xs:boolean" >
1094 <xs:annotation>
1095 <xs:documentation>
1096 Specifies if the actions in this precondition should be performed if the test is true or false.
1097 </xs:documentation>
1098 </xs:annotation>
1099 </xs:attribute>
1100 </xs:complexType>
1101
1102 <xs:complexType name="ClaimsProviderSelections">
1103 <xs:annotation>
1104 <xs:documentation>
1105 A collection of ClaimsProviderSelection elements.
1106 </xs:documentation>
1107 </xs:annotation>
1108 <xs:sequence>
1109 <xs:element minOccurs="1" maxOccurs="unbounded" name="ClaimsProviderSelection" type="tfp:ClaimsProviderSelection" />
1110 </xs:sequence>
1111 </xs:complexType>
1112
1113 <xs:complexType name="ClaimsProviderSelection">
1114 <xs:annotation>
1115 <xs:documentation>
1116 Shows options for the selection between various claims providers in a given step (such as Google/Facebook/Microsoft Account).
1117 </xs:documentation>
1118 </xs:annotation>
1119 <xs:attribute use="optional" name="TargetClaimsExchangeId" type="xs:string" />
1120 <xs:attribute use="optional" name="ValidationClaimsExchangeId" type="xs:string" />
1121 </xs:complexType>
1122
1123 <xs:complexType name="ClaimsExchanges">
1124 <xs:annotation>
1125 <xs:documentation>
1126 A collection of ClaimsExchange elements.
1127 </xs:documentation>
1128 </xs:annotation>
1129 <xs:sequence>
1130 <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsExchange" type="tfp:ClaimsExchange" />
1131 </xs:sequence>
1132 <xs:attribute use="optional" name="UserIdentity" type="xs:boolean" default="false" />
1133 </xs:complexType>
1134
1135 <xs:complexType name="ClaimsExchange">
1136 <xs:annotation>
1137 <xs:documentation>
1138 Depending on the Technical Profile being used, a Claims Exchange either redirects the user’s client corresponding to the
1139 ClaimsProviderSelection that the user may have selected, or makes a server call to exchange claims.
1140 </xs:documentation>
1141 </xs:annotation>
1142 <xs:attribute use="required" name="Id" type="xs:string">
1143 <xs:annotation>
1144 <xs:documentation>
1145 A machine understandable identifier that is used to uniquely identify this particular Claims Exchange step, and reference
1146 it from a ClaimsProviderSelection step.
1147 </xs:documentation>
1148 </xs:annotation>
1149 </xs:attribute>
1150 <xs:attribute use="required" name="TechnicalProfileReferenceId" type="xs:string">
1151 <xs:annotation>
1152 <xs:documentation>
1153 The unique identifier of the Technical Profile which is used for claims exchange.
1154 </xs:documentation>
1155 </xs:annotation>
1156 </xs:attribute>
1157 </xs:complexType>
1158
1159 <xs:complexType name="ClaimsTransformationReference">
1160 <xs:annotation>
1161 <xs:documentation>
1162 ClaimsTransformations may be used in a TechnicalProfile for transforming claims when they are sent to and received from a claims
1163 provider. A ClaimsTransformation must be defined in this section before it can be referenced in a TechnicalProfile.
1164 </xs:documentation>
1165 </xs:annotation>
1166 <xs:attribute use="required" name="ReferenceId" type="xs:string" />
1167 </xs:complexType>
1168
1169 <xs:complexType name="ClaimType">
1170 <xs:annotation>
1171 <xs:documentation>
1172 Defines a single claim type.
1173 </xs:documentation>
1174 </xs:annotation>
1175 <xs:sequence>
1176 <xs:element minOccurs="0" maxOccurs="1" name="DisplayName" type="xs:string">
1177 <xs:annotation>
1178 <xs:documentation>
1179 The human understandable name of the claim type that is displayed to the users on various screens.
1180 </xs:documentation>
1181 </xs:annotation>
1182 </xs:element>
1183 <xs:element minOccurs="0" maxOccurs="1" name="DataType" type="tfp:DataType">
1184 <xs:annotation>
1185 <xs:documentation>
1186 The type of data stored in the claim type, such as String, Boolean, Int or DateTime. This type may be used by
1187 claims transforms and may thus participate in comparison or arithmetic operations. Associating an appropriate type
1188 ensures that these operations are performed correctly by the transforms.
1189 </xs:documentation>
1190 </xs:annotation>
1191 </xs:element>
1192 <xs:element minOccurs="0" maxOccurs="unbounded" name="DefaultPartnerClaimTypes">
1193 <xs:annotation>
1194 <xs:documentation>
1195 If a partner claim type is not provided in a claim mapping, then these partner claim types are used for
1196 the specified protocol.
1197 </xs:documentation>
1198 </xs:annotation>
1199 <xs:complexType>
1200 <xs:sequence>
1201 <xs:element minOccurs="0" maxOccurs="unbounded" name="Protocol">
1202 <xs:complexType>
1203 <xs:annotation>
1204 <xs:documentation>
1205 The list of technical profiles that is allowed to be used against a claims provider selection.
1206 </xs:documentation>
1207 </xs:annotation>
1208 <xs:attribute use="required" name="Name" type="tfp:ProtocolName" />
1209 <xs:attribute use="required" name="PartnerClaimType" type="xs:string" />
1210 </xs:complexType>
1211 </xs:element>
1212 </xs:sequence>
1213 </xs:complexType>
1214 </xs:element>
1215 <xs:element minOccurs="0" maxOccurs="1" name="Mask" type="tfp:claimMaskTYPE">
1216 <xs:annotation>
1217 <xs:documentation>
1218 An optional string of masking characters that can be applied to the claim when displaying the claim for example phone number
1219 324-232-4343 masked as XXX-XXX-4343
1220 </xs:documentation>
1221 </xs:annotation>
1222 </xs:element>
1223 <xs:element minOccurs="0" maxOccurs="1" name="AdminHelpText" type="xs:string">
1224 <xs:annotation>
1225 <xs:documentation>
1226 A description of the claim type that can be helpful for the administrators to understand the purpose and/or usage of
1227 the claim type.
1228 </xs:documentation>
1229 </xs:annotation>
1230 </xs:element>
1231 <xs:element minOccurs="0" maxOccurs="1" name="UserHelpText" type="xs:string">
1232 <xs:annotation>
1233 <xs:documentation>
1234 A description of the claim type that can be helpful for the users to understand the purpose and/or usage of the claim type.
1235 </xs:documentation>
1236 </xs:annotation>
1237 </xs:element>
1238 <xs:element minOccurs="0" maxOccurs="1" name="UserInputType" type="tfp:UserInputType">
1239 <xs:annotation>
1240 <xs:documentation>
1241 The type of input control that should be available to the user when manually entering claim data for this claim type.
1242 </xs:documentation>
1243 </xs:annotation>
1244 </xs:element>
1245 <xs:element minOccurs="0" maxOccurs="1" name="Restriction" type="tfp:Restriction">
1246 <xs:annotation>
1247 <xs:documentation>
1248 The value restrictions for this claim, such as a regular expression or a list of acceptable values.
1249 </xs:documentation>
1250 </xs:annotation>
1251 </xs:element>
1252 </xs:sequence>
1253 <xs:attribute use="required" name="Id" type="xs:string">
1254 <xs:annotation>
1255 <xs:documentation>
1256 A machine understandable identifier that is used to uniquely identify this particular Claim Type, and reference it
1257 from other sections of the document.
1258 </xs:documentation>
1259 </xs:annotation>
1260 </xs:attribute>
1261 <xs:attribute name="StatementType" type="tfp:StatementType" default="Attribute">
1262 <xs:annotation>
1263 <xs:documentation>
1264 The type of statement the claim type represents, such as Attribute, Authentication or Subject, the default being Attribute. This type may be used by
1265 claims transforms and may thus participate in comparison or arithmetic operations. Associating an appropriate type
1266 ensures that these operations are performed correctly by the transforms.
1267 </xs:documentation>
1268 </xs:annotation>
1269 </xs:attribute>
1270 </xs:complexType>
1271
1272 <xs:complexType name="Contact">
1273 <xs:sequence>
1274 <xs:element minOccurs="1" maxOccurs="1" name="DisplayName" type="xs:string">
1275 <xs:annotation>
1276 <xs:documentation>
1277 The display name.
1278 </xs:documentation>
1279 </xs:annotation>
1280 </xs:element>
1281 <xs:element minOccurs="1" maxOccurs="1" name="TelephoneNumber" type="xs:string">
1282 <xs:annotation>
1283 <xs:documentation>
1284 The telephone number.
1285 </xs:documentation>
1286 </xs:annotation>
1287 </xs:element>
1288 <xs:element minOccurs="1" maxOccurs="1" name="Email" type="xs:string">
1289 <xs:annotation>
1290 <xs:documentation>
1291 The email address.
1292 </xs:documentation>
1293 </xs:annotation>
1294 </xs:element>
1295 <xs:element minOccurs="1" maxOccurs="1" name="Role" type="xs:string">
1296 <xs:annotation>
1297 <xs:documentation>
1298 The role of the contact.
1299 </xs:documentation>
1300 </xs:annotation>
1301 </xs:element>
1302 </xs:sequence>
1303 <xs:attribute use="required" name="Id" type="xs:string">
1304 <xs:annotation>
1305 <xs:documentation>
1306 A machine understandable identifier that is used to uniquely identify this particular Contact.
1307 </xs:documentation>
1308 </xs:annotation>
1309 </xs:attribute>
1310 </xs:complexType>
1311
1312 <xs:complexType name="DocumentReference">
1313 <xs:annotation>
1314 <xs:documentation>
1315 Certain documents, such as terms of use or privacy policy, may be made available to the Relying Parties or even the
1316 users before they sign up to the use one of the services provided by CPIM. The RPs may use these documents to determine
1317 whether the TF is appropriate for the purposes it intends to use it for. The users may view these documents to look at
1318 the parameters within which RPs and the TF will operate and determine whether they want to participate or not.
1319 </xs:documentation>
1320 </xs:annotation>
1321 <xs:sequence>
1322 <xs:element minOccurs="1" maxOccurs="1" name="DisplayName" type="xs:string">
1323 <xs:annotation>
1324 <xs:documentation>
1325 The display name of the document.
1326 </xs:documentation>
1327 </xs:annotation>
1328 </xs:element>
1329 <xs:element minOccurs="1" maxOccurs="1" name="Url" type="xs:anyURI">
1330 <xs:annotation>
1331 <xs:documentation>
1332 The url where the document is located.
1333 </xs:documentation>
1334 </xs:annotation>
1335 </xs:element>
1336 </xs:sequence>
1337 <xs:attribute use="required" name="Id" type="xs:string" />
1338 </xs:complexType>
1339 <xs:complexType name="OrchestrationStep">
1340 <xs:annotation>
1341 <xs:documentation>
1342 Specifies the orchestration step.
1343 </xs:documentation>
1344 </xs:annotation>
1345 <xs:sequence>
1346 <xs:element minOccurs="0" maxOccurs="unbounded" name="Preconditions" type="tfp:Preconditions">
1347 <xs:annotation>
1348 <xs:documentation>
1349 A list of preconditions that must be satisfied for the step to execute.
1350 </xs:documentation>
1351 </xs:annotation>
1352 </xs:element>
1353 <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsProviderSelections" type="tfp:ClaimsProviderSelections">
1354 <xs:annotation>
1355 <xs:documentation>
1356 A list of Claims Provider Selection options for the Orchestration Step.
1357 </xs:documentation>
1358 </xs:annotation>
1359 </xs:element>
1360 <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsExchanges" type="tfp:ClaimsExchanges">
1361 <xs:annotation>
1362 <xs:documentation>
1363 A list of Claims Exchanges for the Orchestration Step.
1364 </xs:documentation>
1365 </xs:annotation>
1366 </xs:element>
1367 </xs:sequence>
1368 <xs:attribute use="required" name="Order" type="xs:int">
1369 <xs:annotation>
1370 <xs:documentation>
1371 The order of the Orchestration Step. Orchestration Steps must appear in increasing order, in which they are executed.
1372 </xs:documentation>
1373 </xs:annotation>
1374 </xs:attribute>
1375 <xs:attribute use="required" name="Type" type="tfp:OrchestrationStepType">
1376 <xs:annotation>
1377 <xs:documentation>
1378 The type of the Orchestration Step.
1379 </xs:documentation>
1380 </xs:annotation>
1381 </xs:attribute>
1382 <xs:attribute use="optional" name="ContentDefinitionReferenceId" type="xs:string">
1383 <xs:annotation>
1384 <xs:documentation>
1385 A reference to the Content that the Orchestration Step can display to the user.
1386 </xs:documentation>
1387 </xs:annotation>
1388 </xs:attribute>
1389 <xs:attribute use="optional" name="CpimIssuerTechnicalProfileReferenceId" type="xs:string">
1390 <xs:annotation>
1391 <xs:documentation>
1392 Used on SendClaims steps to define the TechnicalProfileId of the claims provider
1393 that will mint the token for the relyingParty. If absent no RP token will be created.
1394 </xs:documentation>
1395 </xs:annotation>
1396 </xs:attribute>
1397 </xs:complexType>
1398
1399 <xs:complexType name="InputTokenSources">
1400 <xs:annotation>
1401 <xs:documentation>
1402 A list of sources for that can be the input assertions for the current technical profile.
1403 </xs:documentation>
1404 </xs:annotation>
1405 <xs:sequence>
1406 <xs:element minOccurs="1" maxOccurs="unbounded" name="TechnicalProfile">
1407 <xs:complexType>
1408 <xs:attribute use="required" name="Id" type="xs:string">
1409 <xs:annotation>
1410 <xs:documentation>
1411 A machine understandable identifier that is used to uniquely identify this particular technical policy.
1412 </xs:documentation>
1413 </xs:annotation>
1414 </xs:attribute>
1415 </xs:complexType>
1416 </xs:element>
1417 </xs:sequence>
1418 </xs:complexType>
1419
1420 <xs:complexType name="CryptographicKeys">
1421 <xs:annotation>
1422 <xs:documentation>
1423 Represents the CryptographicKeys that are used within the Policy. Since these are sensitive secrets, the actual cryptographic
1424 keys are stored outside of the Trust Framework Policy and would generally reside in a system deemed secure for
1425 cryptographic storage, such as in a hardware security module (HSM) or a key management service (KMS).
1426 </xs:documentation>
1427 </xs:annotation>
1428 <xs:sequence>
1429 <xs:element minOccurs="1" maxOccurs="unbounded" name="Key">
1430 <xs:complexType>
1431 <xs:attribute use="required" name="Id" type="xs:string">
1432 <xs:annotation>
1433 <xs:documentation>
1434 A machine understandable identifier that is used to uniquely identify this particular Cryptographic Key.
1435 </xs:documentation>
1436 </xs:annotation>
1437 </xs:attribute>
1438 <xs:attribute use="required" name="StorageReferenceId" type="xs:string">
1439 <xs:annotation>
1440 <xs:documentation>
1441 An identifier that references the key in the underlying key storage.
1442 </xs:documentation>
1443 </xs:annotation>
1444 </xs:attribute>
1445 </xs:complexType>
1446 </xs:element>
1447 </xs:sequence>
1448 </xs:complexType>
1449 <xs:complexType name="metadataTYPE">
1450 <xs:annotation>
1451 <xs:documentation>
1452 Defines the element for the protocol provider metadata.
1453 </xs:documentation>
1454 </xs:annotation>
1455 <xs:sequence>
1456 <xs:element name="Item" maxOccurs="unbounded" type="tfp:metadataItemTYPE">
1457 <xs:key name="UniqueMetadataItemKey">
1458 <xs:selector xpath="tfp:metadataItemTYPE"/>
1459 <xs:field xpath="@Key"/>
1460 </xs:key>
1461 </xs:element>
1462 </xs:sequence>
1463 </xs:complexType>
1464
1465 <!-- Type for a keyed string value that allows large string values
1466 such as CDATA or simple strings such as URLs -->
1467 <xs:complexType name="metadataItemTYPE">
1468 <xs:annotation>
1469 <xs:documentation>
1470 Defines a single metadata item for the protocol provider metadata.
1471 </xs:documentation>
1472 </xs:annotation>
1473 <xs:simpleContent>
1474 <xs:extension base="xs:string">
1475 <xs:attribute name="Key" type="xs:string" use="required"/>
1476 </xs:extension>
1477 </xs:simpleContent>
1478 </xs:complexType>
1479
1480 <xs:complexType name="ItemGroup">
1481 <xs:annotation>
1482 <xs:documentation>
1483 Defines a group of items of key/value pairs.
1484 </xs:documentation>
1485 </xs:annotation>
1486 <xs:sequence>
1487 <xs:element minOccurs="1" maxOccurs="unbounded" name="Item" type="tfp:Item"/>
1488 </xs:sequence>
1489 </xs:complexType>
1490
1491 <xs:complexType name="Item">
1492 <xs:annotation>
1493 <xs:documentation>
1494 Defines a single key/value pair item.
1495 </xs:documentation>
1496 </xs:annotation>
1497 <xs:attribute use="required" name="Key" type="xs:string">
1498 <xs:annotation>
1499 <xs:documentation>
1500 A key that uniquely identifies the item.
1501 </xs:documentation>
1502 </xs:annotation>
1503 </xs:attribute>
1504 <xs:attribute use="required" name="Value" type="xs:string">
1505 <xs:annotation>
1506 <xs:documentation>
1507 The value to hold in the item.
1508 </xs:documentation>
1509 </xs:annotation>
1510 </xs:attribute>
1511 </xs:complexType>
1512
1513 <xs:complexType name="PersistedClaim">
1514 <xs:annotation>
1515 <xs:documentation>
1516 The claim type in the normalized schema that is sent to the claims provider. The claim mappings are used to determine the
1517 provider claim type before sending to the claims provider.
1518 </xs:documentation>
1519 </xs:annotation>
1520 <xs:attribute use="required" name="ClaimTypeReferenceId" type="xs:string">
1521 <xs:annotation>
1522 <xs:documentation>
1523 Identifies a Claim Type specified in the Claims Schema.
1524 </xs:documentation>
1525 </xs:annotation>
1526 </xs:attribute>
1527 <xs:attribute use="optional" name="PartnerClaimType" type="xs:string">
1528 <xs:annotation>
1529 <xs:documentation>
1530 Identifies the claim type of the external partner that the specified policy claim type maps to. If the PartnerClaimType attribute
1531 is not specified, then the specified policy claim type is mapped to the partner claim type of the same name.
1532 </xs:documentation>
1533 </xs:annotation>
1534 </xs:attribute>
1535 <xs:attribute use="optional" name="DefaultValue" type="xs:string">
1536 <xs:annotation>
1537 <xs:documentation>
1538 If the claim indicated by ClaimTypeReferenceId does not exist, then the DefaultValue is used to create one so it can be used as an
1539 input claim by the technical profile.
1540 </xs:documentation>
1541 </xs:annotation>
1542 </xs:attribute>
1543 <xs:attribute use="optional" name="OverwriteIfExists" type="xs:boolean">
1544 <xs:annotation>
1545 <xs:documentation>
1546 Provides an optional property to the claims provider indicating whether the claim can be overwritten in the claims providers
1547 records if the claim provider supports overwriting.
1548 </xs:documentation>
1549 </xs:annotation>
1550 </xs:attribute>
1551 </xs:complexType>
1552
1553 <xs:complexType name="ClaimsSchemaClaimTypeReference">
1554 <xs:sequence>
1555 <xs:element name="From" type="tfp:FromTechnicalProfileReference" maxOccurs="unbounded" minOccurs="0">
1556 <xs:annotation>
1557 <xs:documentation>
1558 A reference to a Technical Profile which constrains the source of the claim to one or more
1559 technical profiles. If no from is specified then the claim can be sourced from any technical
1560 profile.
1561 </xs:documentation>
1562 </xs:annotation>
1563 </xs:element>
1564 </xs:sequence>
1565 <xs:attribute use="required" name="ClaimTypeReferenceId" type="xs:string">
1566 <xs:annotation>
1567 <xs:documentation>
1568 An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
1569 </xs:documentation>
1570 </xs:annotation>
1571 </xs:attribute>
1572 <xs:attribute use="optional" name="PartnerClaimType" type="xs:string">
1573 <xs:annotation>
1574 <xs:documentation>
1575 Identifies the claim type of the external partner that is mapped to the specified policy claim type. If the PartnerClaimType
1576 attribute is not specified, then the partner claim type of the same name as the specified policy claim type is mapped instead.
1577 </xs:documentation>
1578 </xs:annotation>
1579 </xs:attribute>
1580 <xs:attribute use="optional" name="Required" type="xs:boolean">
1581 <xs:annotation>
1582 <xs:documentation>
1583 Identifies whether or not the claim is required for this technical profile. If this property is not specified, false is assumed,
1584 meaning that the given claim may be utilized if available, but its absence does not indicate an error. For claims that are user
1585 asserted, this property controls whether or not the user is required to fill out the associated field before continuing.
1586 </xs:documentation>
1587 </xs:annotation>
1588 </xs:attribute>
1589 <xs:attribute use="optional" name="DefaultValue" type="xs:string">
1590 <xs:annotation>
1591 <xs:documentation>
1592 If the claim indicated by ClaimTypeReferenceId does not exist, then the DefaultValue is used to create one so it can be used as an
1593 input claim by the technical profile.
1594 </xs:documentation>
1595 </xs:annotation>
1596 </xs:attribute>
1597 </xs:complexType>
1598
1599 <xs:complexType name="ClaimsTransformationClaimTypeReference">
1600 <xs:attribute use="required" name="ClaimTypeReferenceId" type="xs:string">
1601 <xs:annotation>
1602 <xs:documentation>
1603 An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
1604 </xs:documentation>
1605 </xs:annotation>
1606 </xs:attribute>
1607 <xs:attribute use="optional" name="TransformationClaimType" type="xs:string">
1608 <xs:annotation>
1609 <xs:documentation>
1610 Identifies the claim type of the transformation that is mapped to the specified policy claim type. If the TransformationClaimType
1611 attribute is not specified, then the transformation claim type of the same name as the specified policy claim type is mapped instead.
1612 </xs:documentation>
1613 </xs:annotation>
1614 </xs:attribute>
1615 </xs:complexType>
1616
1617 <xs:complexType name="FromTechnicalProfileReference">
1618 <xs:attribute use="required" name="TechnicalProfileReferenceId" type="xs:string">
1619 <xs:annotation>
1620 <xs:documentation>
1621 An identifier that is a reference to a Technical Profile specified in the one of the Claims Providers.
1622 </xs:documentation>
1623 </xs:annotation>
1624 </xs:attribute>
1625 </xs:complexType>
1626
1627 <xs:complexType name="claimMaskTYPE">
1628 <xs:annotation>
1629 <xs:documentation>
1630 An optional string for masking a claim when displaying the claim for example phone number
1631 324-232-4343 masked as XXX-XXX-4343. Can either be a simple substitution mask or a regular
1632 expression which uses named groups
1633 </xs:documentation>
1634 </xs:annotation>
1635 <xs:simpleContent>
1636 <xs:extension base="xs:string">
1637 <xs:attribute name="Type" type="tfp:MaskTypeTYPE" use="required"/>
1638 <xs:attribute name="Regex" type="xs:string" use="optional"/>
1639 </xs:extension>
1640 </xs:simpleContent>
1641 </xs:complexType>
1642
1643 <xs:complexType name="EnumerationItem">
1644 <xs:annotation>
1645 <xs:documentation>
1646 Defines an available option for the user to select for a claim in the UI, such as a value in a dropdown.
1647 </xs:documentation>
1648 </xs:annotation>
1649 <xs:simpleContent>
1650 <xs:extension base="xs:string">
1651 <xs:attribute use="required" name="Text" type="xs:string">
1652 <xs:annotation>
1653 <xs:documentation>
1654 The user-friendly display string that should be shown to the user in the UI for this option.
1655 </xs:documentation>
1656 </xs:annotation>
1657 </xs:attribute>
1658 <xs:attribute use="required" name="Value" type="xs:string">
1659 <xs:annotation>
1660 <xs:documentation>
1661 The claim value associated with selecting this option.
1662 </xs:documentation>
1663 </xs:annotation>
1664 </xs:attribute>
1665 <xs:attribute use="optional" name="SelectByDefault" type="xs:boolean">
1666 <xs:annotation>
1667 <xs:documentation>
1668 A value indicating whether or not this option should be selected by default in the UI.
1669 </xs:documentation>
1670 </xs:annotation>
1671 </xs:attribute>
1672 </xs:extension>
1673 </xs:simpleContent>
1674 </xs:complexType>
1675
1676 <xs:complexType name="Pattern">
1677 <xs:annotation>
1678 <xs:documentation>
1679 Defines a pattern restriction, such as a regular expression, to be placed on values for a specific claim type.
1680 </xs:documentation>
1681 </xs:annotation>
1682 <xs:attribute use="required" name="RegularExpression" type="xs:string">
1683 <xs:annotation>
1684 <xs:documentation>
1685 A regular expression that claims of this type must match in order to be valid.
1686 </xs:documentation>
1687 </xs:annotation>
1688 </xs:attribute>
1689 <xs:attribute use="optional" name="HelpText" type="xs:string">
1690 <xs:annotation>
1691 <xs:documentation>
1692 A string that can describe the pattern/regular expression for this claim to the user.
1693 </xs:documentation>
1694 </xs:annotation>
1695 </xs:attribute>
1696 </xs:complexType>
1697
1698 <xs:complexType name="Restriction">
1699 <xs:annotation>
1700 <xs:documentation>
1701 Defines the element for specifying value restrictions for a claim, such as regular expressions or a list of acceptable values.
1702 </xs:documentation>
1703 </xs:annotation>
1704 <xs:choice minOccurs="1">
1705 <xs:sequence>
1706 <xs:element minOccurs="1" maxOccurs="unbounded" name="Enumeration" type="tfp:EnumerationItem" />
1707 </xs:sequence>
1708 <xs:element minOccurs="1" maxOccurs="1" name="Pattern" type="tfp:Pattern" />
1709 </xs:choice>
1710 <xs:attribute use="optional" name="MergeBehavior" type="tfp:MergeBehavior">
1711 <xs:annotation>
1712 <xs:documentation>
1713 Specifies how the enumeration values will be merged together with any ClaimType present in a parent policy
1714 with the same identifier.
1715 </xs:documentation>
1716 </xs:annotation>
1717 </xs:attribute>
1718 </xs:complexType>
1719
1720 <xs:complexType name="ClaimsTransformationParameter">
1721 <xs:attribute use="required" name="Id" type="xs:string">
1722 <xs:annotation>
1723 <xs:documentation>
1724 An identifier that is a reference to a parameter of the TransformationMethod.
1725 </xs:documentation>
1726 </xs:annotation>
1727 </xs:attribute>
1728 <xs:attribute use="required" name="DataType" type="tfp:DataType">
1729 <xs:annotation>
1730 <xs:documentation>
1731 The type of data of the parameter, such as String, Boolean, Int or DateTime. This type is used to perform arithmetic
1732 operations correctly.
1733 </xs:documentation>
1734 </xs:annotation>
1735 </xs:attribute>
1736 <xs:attribute use="required" name="Value" type="xs:string">
1737 <xs:annotation>
1738 <xs:documentation>
1739 The value that is to be provided to the TransformationMethod when invoked.
1740 </xs:documentation>
1741 </xs:annotation>
1742 </xs:attribute>
1743 </xs:complexType>
1744
1745 <xs:complexType name="Extensions" mixed="false">
1746 <xs:annotation>
1747 <xs:documentation>
1748 An extension point for elements that allows any xml from any namespace outside of
1749 the document namespaces to be included in the element
1750 </xs:documentation>
1751 </xs:annotation>
1752 <xs:sequence>
1753 <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded"/>
1754 </xs:sequence>
1755 </xs:complexType>
1756
1757 <xs:complexType name="LocalizedCollection">
1758 <xs:annotation>
1759 <xs:documentation>
1760
1761 </xs:documentation>
1762 </xs:annotation>
1763 <xs:sequence>
1764 <xs:element minOccurs="1" maxOccurs="unbounded" name="Item" type="tfp:EnumerationItem" />
1765 </xs:sequence>
1766 <xs:attribute use="required" name="ElementType" type="xs:string">
1767 <xs:annotation>
1768 <xs:documentation>
1769
1770 </xs:documentation>
1771 </xs:annotation>
1772 </xs:attribute>
1773 <xs:attribute use="required" name="ElementId" type="xs:string">
1774 <xs:annotation>
1775 <xs:documentation>
1776
1777 </xs:documentation>
1778 </xs:annotation>
1779 </xs:attribute>
1780 <xs:attribute use="required" name="TargetCollection" type="xs:string">
1781 <xs:annotation>
1782 <xs:documentation>
1783
1784 </xs:documentation>
1785 </xs:annotation>
1786 </xs:attribute>
1787
1788 </xs:complexType>
1789
1790 <xs:complexType name="LocalizedString">
1791 <xs:annotation>
1792 <xs:documentation>
1793
1794 </xs:documentation>
1795 </xs:annotation>
1796 <xs:simpleContent>
1797 <xs:extension base="xs:string">
1798 <xs:attribute use="required" name="ElementType" type="xs:string">
1799 <xs:annotation>
1800 <xs:documentation>
1801
1802 </xs:documentation>
1803 </xs:annotation>
1804 </xs:attribute>
1805 <xs:attribute use="required" name="ElementId" type="xs:string">
1806 <xs:annotation>
1807 <xs:documentation>
1808
1809 </xs:documentation>
1810 </xs:annotation>
1811 </xs:attribute>
1812 <xs:attribute use="required" name="StringId" type="xs:string">
1813 <xs:annotation>
1814 <xs:documentation>
1815
1816 </xs:documentation>
1817 </xs:annotation>
1818 </xs:attribute>
1819 </xs:extension>
1820 </xs:simpleContent>
1821 </xs:complexType>
1822
1823<!--
1824 Enumerations and pattern restrictions
1825 -->
1826 <xs:simpleType name="MergeBehavior">
1827 <xs:annotation>
1828 <xs:documentation>
1829 Specifies how the contents of the node will be merged together with data from parent policies
1830 with the same unique identifer.
1831 </xs:documentation>
1832 </xs:annotation>
1833 <xs:restriction base="xs:string">
1834 <xs:enumeration value="Append">
1835 <xs:annotation>
1836 <xs:documentation>
1837 Specifies that the collection of data present should be appended to the end of the
1838 collection specified in the parent policy.
1839 </xs:documentation>
1840 </xs:annotation>
1841 </xs:enumeration>
1842 <xs:enumeration value="Prepend">
1843 <xs:annotation>
1844 <xs:documentation>
1845 Specifies that the collection of data present should be added before the
1846 collection specified in the parent policy.
1847 </xs:documentation>
1848 </xs:annotation>
1849 </xs:enumeration>
1850 <xs:enumeration value="ReplaceAll">
1851 <xs:annotation>
1852 <xs:documentation>
1853 Specifies that the collection of data specified in the parent policy should be ignored,
1854 using instead the data specified in the current policy.
1855 </xs:documentation>
1856 </xs:annotation>
1857 </xs:enumeration>
1858 </xs:restriction>
1859 </xs:simpleType>
1860
1861 <xs:simpleType name="MaskTypeTYPE">
1862 <xs:annotation>
1863 <xs:documentation>
1864 The types of claim masks
1865 1. Simple, a simple text mask that is
1866 applied to the leading portion of a string claim.
1867 2. A regular expression that can be applied
1868 to the string claim as whole
1869 </xs:documentation>
1870 </xs:annotation>
1871 <xs:restriction base="xs:string">
1872 <xs:enumeration value="Simple" />
1873 <xs:enumeration value="Regex" />
1874 </xs:restriction>
1875 </xs:simpleType>
1876
1877 <xs:simpleType name="ProtocolName">
1878 <xs:annotation>
1879 <xs:documentation>
1880 The names of the valid protocols supported by CPIM.
1881 </xs:documentation>
1882 </xs:annotation>
1883 <xs:restriction base="xs:string">
1884 <xs:enumeration value="None" />
1885 <xs:enumeration value="OAuth1" />
1886 <xs:enumeration value="OAuth2" />
1887 <xs:enumeration value="SAML2" />
1888 <xs:enumeration value="OpenIdConnect" />
1889 <xs:enumeration value="WsFed" />
1890 <xs:enumeration value="WsTrust" />
1891 <xs:enumeration value="UProve11" />
1892 <xs:enumeration value="Proprietary" />
1893 </xs:restriction>
1894 </xs:simpleType>
1895
1896 <xs:simpleType name="EnabledForUserJourneysValues">
1897 <xs:annotation>
1898 <xs:documentation>
1899 The list of acceptable values for "EnabledForUserJourneys" property: true and Always will execute the technical profile, false and Never will
1900 always skip it, and OnClaimsExistence will only execute the technical profile if the claim specified in the technical profile's metadata is
1901 present in the user journey storage.
1902 </xs:documentation>
1903 </xs:annotation>
1904 <xs:restriction base="xs:string">
1905 <xs:enumeration value="true" />
1906 <xs:enumeration value="false" />
1907 <xs:enumeration value="OnClaimsExistence" />
1908 <xs:enumeration value="Always" />
1909 <xs:enumeration value="Never" />
1910 </xs:restriction>
1911 </xs:simpleType>
1912
1913 <xs:simpleType name="TokenFormat">
1914 <xs:annotation>
1915 <xs:documentation>
1916 The token formats supported by CPIM.
1917 </xs:documentation>
1918 </xs:annotation>
1919 <xs:restriction base="xs:string">
1920 <xs:enumeration value="JSON" />
1921 <xs:enumeration value="JWT" />
1922 <xs:enumeration value="SAML11" />
1923 <xs:enumeration value="SAML2" />
1924 <xs:enumeration value="CpimUnsigned" />
1925 <xs:enumeration value="UProve11" />
1926 </xs:restriction>
1927 </xs:simpleType>
1928
1929 <xs:simpleType name="OrchestrationStepType">
1930 <xs:annotation>
1931 <xs:documentation>
1932 Specifies the type of the Orchestration Step.
1933 </xs:documentation>
1934 </xs:annotation>
1935 <xs:restriction base="xs:string">
1936 <xs:enumeration value="ConsentScreen">
1937 <xs:annotation>
1938 <xs:documentation>
1939 Indicates that the Orchestration Step presents text to the user to which the user must consent.
1940 </xs:documentation>
1941 </xs:annotation>
1942 </xs:enumeration>
1943 <xs:enumeration value="ClaimsProviderSelection">
1944 <xs:annotation>
1945 <xs:documentation>
1946 Indicates that the Orchestration Step presents various Claims Providers to the user for the user to select one.
1947 </xs:documentation>
1948 </xs:annotation>
1949 </xs:enumeration>
1950 <xs:enumeration value="CombinedSignInAndSignUp">
1951 <xs:annotation>
1952 <xs:documentation>
1953 Indicates that the Orchestration Step presents a combined social provider signin and local account signup page.
1954 </xs:documentation>
1955 </xs:annotation>
1956 </xs:enumeration>
1957 <xs:enumeration value="ClaimsExchange">
1958 <xs:annotation>
1959 <xs:documentation>
1960 Indicates that the Orchestration Step exchanges Claims with a Claims Provider.
1961 </xs:documentation>
1962 </xs:annotation>
1963 </xs:enumeration>
1964 <xs:enumeration value="ReviewScreen">
1965 <xs:annotation>
1966 <xs:documentation>
1967 Indicates that the Orchestration Step presents a review screen for the user to review the claims which the user
1968 must accept.
1969 </xs:documentation>
1970 </xs:annotation>
1971 </xs:enumeration>
1972 <xs:enumeration value="SendClaims">
1973 <xs:annotation>
1974 <xs:documentation>
1975 Indicates that the Orchestration Step sends the claims to the Relying Party.
1976 </xs:documentation>
1977 </xs:annotation>
1978 </xs:enumeration>
1979 <xs:enumeration value="UserDialog">
1980 <xs:annotation>
1981 <xs:documentation>
1982 Indicates that the Orchestration Step presents a user dialog to the user for the capturing of information.
1983 </xs:documentation>
1984 </xs:annotation>
1985 </xs:enumeration>
1986 <xs:enumeration value="Noop">
1987 <xs:annotation>
1988 <xs:documentation>
1989 Indicates that the Orchestration Step does nothing and is included to cope with errors in layering.
1990 </xs:documentation>
1991 </xs:annotation>
1992 </xs:enumeration>
1993 </xs:restriction>
1994 </xs:simpleType>
1995
1996 <xs:simpleType name="UserJourneyBehaviorScopeType">
1997 <xs:annotation>
1998 <xs:documentation>
1999 Defines the scope of single sign-on behavior in the user journey.
2000 </xs:documentation>
2001 </xs:annotation>
2002 <xs:restriction base="xs:string">
2003 <xs:enumeration value="Suppressed">
2004 <xs:annotation>
2005 <xs:documentation>
2006 Indicates that the behavior is suppressed. For exmaple in the case of SSO no session is maintained for the user and the user will always
2007 be prompted for identity provider selection.
2008 </xs:documentation>
2009 </xs:annotation>
2010 </xs:enumeration>
2011 <xs:enumeration value="TrustFramework">
2012 <xs:annotation>
2013 <xs:documentation>
2014 Indicates that the behavior is applied for all policies in the trust framework. For example a user being put through two policy journeys
2015 for a given trust framework will not be prompted for identity provider selection.
2016 </xs:documentation>
2017 </xs:annotation>
2018 </xs:enumeration>
2019 <xs:enumeration value="Tenant">
2020 <xs:annotation>
2021 <xs:documentation>
2022 Indicates that the behavior is applied for all policies in the tenant. For example a user being put through two policy journeys
2023 for a given tenant will not be prompted for identity provider selection.
2024 </xs:documentation>
2025 </xs:annotation>
2026 </xs:enumeration>
2027 <xs:enumeration value="Application">
2028 <xs:annotation>
2029 <xs:documentation>
2030 Indicates that the behavior is applied for all policies for the application making the request. For example a user being put through two policy journeys
2031 for a given application will not be prompted for identity provider selection.
2032 </xs:documentation>
2033 </xs:annotation>
2034 </xs:enumeration>
2035 <xs:enumeration value="Policy">
2036 <xs:annotation>
2037 <xs:documentation>
2038 Indicates that the behavior only applies to a policy. For example a user being put through two policy journeys
2039 for a given trust framework will be prompted for identity provider selection when switching between policies.
2040 </xs:documentation>
2041 </xs:annotation>
2042 </xs:enumeration>
2043 </xs:restriction>
2044 </xs:simpleType>
2045
2046 <xs:simpleType name="PreconditionType">
2047 <xs:annotation>
2048 <xs:documentation>
2049 Specifies the type of query that is being performed for this precondition.
2050 </xs:documentation>
2051 </xs:annotation>
2052 <xs:restriction base="xs:string">
2053 <xs:enumeration value="ClaimsExist">
2054 <xs:annotation>
2055 <xs:documentation>
2056 Specifies that the actions should be performed if the specified Claims exist in the
2057 user's current Claim set.
2058 </xs:documentation>
2059 </xs:annotation>
2060 </xs:enumeration>
2061 <xs:enumeration value="ClaimEquals">
2062 <xs:annotation>
2063 <xs:documentation>
2064 Specifies that the actions should be performed if the specified Claim exists and its
2065 values is equal to the specified value.
2066 </xs:documentation>
2067 </xs:annotation>
2068 </xs:enumeration>
2069 </xs:restriction>
2070 </xs:simpleType>
2071
2072 <xs:simpleType name="PreconditionActionType">
2073 <xs:annotation>
2074 <xs:documentation>
2075 Specifies the action that should be taken if the Precondition check within
2076 an OrchestrationStep is true.
2077 </xs:documentation>
2078 </xs:annotation>
2079 <xs:restriction base="xs:string">
2080 <xs:enumeration value="SkipThisOrchestrationStep">
2081 <xs:annotation>
2082 <xs:documentation>
2083 Specifies that the associated OrchestrationStep should not be executed.
2084 </xs:documentation>
2085 </xs:annotation>
2086 </xs:enumeration>
2087 </xs:restriction>
2088 </xs:simpleType>
2089
2090 <xs:simpleType name="DataType">
2091 <xs:annotation>
2092 <xs:documentation>
2093 The supported data types that the claims or parameters can have. These types are a subset of the types specified by
2094 W3C XML Schema documentation, which can be found at http://www.w3.org/TR/xmlschema-2.
2095 </xs:documentation>
2096 </xs:annotation>
2097 <xs:restriction base="xs:string">
2098 <xs:enumeration value="boolean"/>
2099 <xs:enumeration value="date"/>
2100 <xs:enumeration value="dateTime"/>
2101 <xs:enumeration value="duration"/>
2102 <xs:enumeration value="int"/>
2103 <xs:enumeration value="string"/>
2104 <xs:enumeration value="stringCollection"/>
2105 </xs:restriction>
2106 </xs:simpleType>
2107
2108 <xs:simpleType name="UserInputType">
2109 <xs:annotation>
2110 <xs:documentation>
2111 Represents the type of input controls that should be available to the user when manually entering claim data.
2112 </xs:documentation>
2113 </xs:annotation>
2114 <xs:restriction base="xs:string">
2115 <xs:enumeration value="TextBox"/>
2116 <xs:enumeration value="DateTimeDropdown"/>
2117 <xs:enumeration value="RadioSingleSelect"/>
2118 <xs:enumeration value="DropdownSingleSelect"/>
2119 <xs:enumeration value="CheckboxMultiSelect"/>
2120 <xs:enumeration value="Password"/>
2121 <xs:enumeration value="Readonly"/>
2122 <xs:enumeration value="Button"/>
2123 </xs:restriction>
2124 </xs:simpleType>
2125
2126 <xs:simpleType name="StatementType">
2127 <xs:annotation>
2128 <xs:documentation>
2129 Describes the category of statement that the claim belongs to, used for comapring authentication contexts
2130 and issuing tokens
2131 </xs:documentation>
2132 </xs:annotation>
2133 <xs:restriction base="xs:string">
2134 <xs:enumeration value="Attribute">
2135 <xs:annotation>
2136 <xs:documentation>
2137 A general claim about the authenticated individual
2138 </xs:documentation>
2139 </xs:annotation>
2140 </xs:enumeration>
2141 <xs:enumeration value="Authentication">
2142 <xs:annotation>
2143 <xs:documentation>
2144 A claim providing information about how the individual
2145 was authenticated
2146 </xs:documentation>
2147 </xs:annotation>
2148 </xs:enumeration>
2149 <xs:enumeration value="Subject">
2150 <xs:annotation>
2151 <xs:documentation>
2152 A claim providing a means of identifying an individual
2153 </xs:documentation>
2154 </xs:annotation>
2155 </xs:enumeration>
2156 </xs:restriction>
2157 </xs:simpleType>
2158
2159 <xs:simpleType name="Culture">
2160 <xs:annotation>
2161 <xs:documentation>
2162 Represents a culture for displaying content.
2163 </xs:documentation>
2164 </xs:annotation>
2165 <xs:restriction base="xs:string">
2166 <xs:pattern value="[a-z]{1,3}(-[a-zA-Z0-9]{2,4}){0,2}" />
2167 </xs:restriction>
2168 </xs:simpleType>
2169
2170 <xs:simpleType name="TenantId">
2171 <xs:annotation>
2172 <xs:documentation>
2173 Represents a tenant id.
2174 </xs:documentation>
2175 </xs:annotation>
2176 <xs:restriction base="xs:string">
2177 <xs:pattern value="[A-Za-z0-9\.]{3,63}" />
2178 </xs:restriction>
2179 </xs:simpleType>
2180
2181 <xs:simpleType name="TenantObjectId">
2182 <xs:annotation>
2183 <xs:documentation>
2184 Represents the object id of an Azure tenant.
2185 </xs:documentation>
2186 </xs:annotation>
2187 <xs:restriction base="xs:string">
2188 <xs:pattern value="([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}"/>
2189 </xs:restriction>
2190 </xs:simpleType>
2191
2192 <xs:simpleType name="InstrumentationKey">
2193 <xs:annotation>
2194 <xs:documentation>
2195 Represents the instrumentation key for an Azure Application insights instance.
2196 </xs:documentation>
2197 </xs:annotation>
2198 <xs:restriction base="xs:string">
2199 <xs:pattern value="([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}"/>
2200 </xs:restriction>
2201 </xs:simpleType>
2202
2203 <xs:simpleType name="PolicyId">
2204 <xs:annotation>
2205 <xs:documentation>
2206 Represents a machine readable identifier.
2207 </xs:documentation>
2208 </xs:annotation>
2209 <xs:restriction base="xs:string">
2210 <xs:minLength value="1"/>
2211 <xs:pattern value="[A-Za-z0-9_\-\.]*[A-Za-z0-9_\-]+" />
2212 </xs:restriction>
2213 </xs:simpleType>
2214
2215 <xs:simpleType name="FourPartVersionNumber">
2216 <xs:annotation>
2217 <xs:documentation>
2218 Represents a four part version number in the format 9.9.9.9.
2219 </xs:documentation>
2220 </xs:annotation>
2221 <xs:restriction base="xs:string">
2222 <xs:maxLength value="256"/>
2223 <xs:minLength value="1" />
2224 <xs:pattern value="[0-9][.][0-9][.][0-9][.][0-9]" />
2225 </xs:restriction>
2226 </xs:simpleType>
2227
2228 <xs:simpleType name="CryptographicKeyType" >
2229 <xs:annotation>
2230 <xs:documentation>
2231 Contains an enumeration of the key types supported by CPIM.
2232 </xs:documentation>
2233 </xs:annotation>
2234 <xs:restriction base="xs:string">
2235 <xs:enumeration value="UProveKey">
2236 <xs:annotation>
2237 <xs:documentation>
2238 A U-Prove Key.
2239 </xs:documentation>
2240 </xs:annotation>
2241 </xs:enumeration>
2242 <xs:enumeration value="X509Certificate">
2243 <xs:annotation>
2244 <xs:documentation>
2245 A X-509 Certificate.
2246 </xs:documentation>
2247 </xs:annotation>
2248 </xs:enumeration>
2249 <xs:enumeration value="Secret">
2250 <xs:annotation>
2251 <xs:documentation>
2252 A secret key.
2253 </xs:documentation>
2254 </xs:annotation>
2255 </xs:enumeration>
2256 </xs:restriction>
2257 </xs:simpleType>
2258
2259 <xs:simpleType name="ContentUriTYPE" >
2260 <xs:annotation>
2261 <xs:documentation>
2262 Type that restricts a string to either an absolute or
2263 relative URL. Matches https://domain/path, http://domain/path
2264 and ~/path
2265 </xs:documentation>
2266 </xs:annotation>
2267 <xs:restriction base="xs:string">
2268 <xs:pattern value="(http://|https://|~/)([\w{}.,@?\^=%&:~+#_-]+/?)+" />
2269 <xs:pattern value="urn:[a-z0-9][a-z0-9-]{0,31}:[a-z0-9()+,/\-.:=@;$_!*'%?#]+" />
2270 </xs:restriction>
2271 </xs:simpleType>
2272
2273 <xs:simpleType name="DeploymentModeType">
2274 <xs:annotation>
2275 <xs:documentation>
2276 The names of the valid values for a policy's DeploymentMode attribute.
2277 </xs:documentation>
2278 </xs:annotation>
2279 <xs:restriction base="xs:string">
2280 <xs:enumeration value="Development" />
2281 <xs:enumeration value="Production" />
2282 <xs:enumeration value="Debugging" />
2283 </xs:restriction>
2284 </xs:simpleType>
2285
2286 <xs:simpleType name="SessionExpiryTypeTYPE">
2287 <xs:annotation>
2288 <xs:documentation>
2289 The names of the valid values the single sign on session type.
2290 </xs:documentation>
2291 </xs:annotation>
2292 <xs:restriction base="xs:string">
2293 <xs:enumeration value="Rolling" />
2294 <xs:enumeration value="Absolute" />
2295 </xs:restriction>
2296 </xs:simpleType>
2297
2298</xs:schema>
2299