schema validation

1. <xs:schema xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" targetNamespace="http://schemas.microsoft.com/online/cpim/schemas/2013/06" xmlns:tfp="http://schemas.microsoft.com/online/cpim/schemas/2013/06" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
2. <!-- <xs:schema xmlns="http://schemas.microsoft.com/online/cpim/schemas/2014/07" targetNamespace="http://schemas.microsoft.com/online/cpim/schemas/2014/07" xmlns:tfp="http://schemas.microsoft.com/online/cpim/schemas/2014/07" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> -->
3. <!--
4. The top-level definition of a trust framework policy. Each section is defined by type elsewhere.
5. -->
6. <xs:element name="TrustFrameworkPolicy">
7. <xs:annotation>
8. <xs:documentation>
9. The root element within which a Trust Framework Policy is defined.
10. </xs:documentation>
11. </xs:annotation>
12. <xs:complexType>
13. <xs:sequence>
14. <xs:element minOccurs="0" maxOccurs="1" name="BasePolicy" type="tfp:BasePolicy" />
15.  
16. <xs:element minOccurs="0" maxOccurs="1" name="PolicyConstraints">
17. <xs:annotation>
18. <xs:documentation>
19. This section contains the policy constraints controlling which tenants and policies
20. can inherit from it.
21. </xs:documentation>
22. </xs:annotation>
23. <xs:complexType>
24. <xs:sequence>
25. <xs:element minOccurs="0" maxOccurs="1" name="Inheritance" type="tfp:Inheritance" />
26. <xs:element minOccurs="0" maxOccurs="1" name="RerouteRules" type="tfp:RerouteRules" />
27. </xs:sequence>
28. </xs:complexType>
29. </xs:element>
30.  
31. <xs:element minOccurs="0" maxOccurs="1" name="Contacts">
32. <xs:annotation>
33. <xs:documentation>
34. Contains a list of contacts who can be communicated with for notifications and issues regarding the Policy.
35. </xs:documentation>
36. </xs:annotation>
37. <xs:complexType>
38. <xs:sequence>
39. <xs:element minOccurs="0" maxOccurs="unbounded" name="Contact" type="tfp:Contact" />
40. </xs:sequence>
41. </xs:complexType>
42. </xs:element>
43.  
44. <xs:element minOccurs="0" maxOccurs="1" name="DocumentReferences">
45. <xs:annotation>
46. <xs:documentation>
47. Contains a list of references to documents for the Policy.
48. </xs:documentation>
49. </xs:annotation>
50. <xs:complexType>
51. <xs:sequence>
52. <xs:element minOccurs="0" maxOccurs="unbounded" name="DocumentReference" type="tfp:DocumentReference" />
53. </xs:sequence>
54. </xs:complexType>
55. <xs:key name="UniqueDocumentReferenceId">
56. <xs:selector xpath="tfp:DocumentReference"/>
57. <xs:field xpath="@Id"/>
58. </xs:key>
59. </xs:element>
60.  
61. <xs:element minOccurs="0" maxOccurs="1" name="BuildingBlocks" type="tfp:BuildingBlocks" />
62.  
63. <xs:element minOccurs="0" maxOccurs="1" name="ClaimsProviders">
64. <xs:annotation>
65. <xs:documentation>
66. This section contains the Claims Providers and their Technical Profiles that may be used in the various User Journeys.
67. </xs:documentation>
68. </xs:annotation>
69. <xs:complexType>
70. <xs:sequence>
71. <xs:element minOccurs="1" maxOccurs="unbounded" name="ClaimsProvider" type="tfp:ClaimsProvider"/>
72. </xs:sequence>
73. </xs:complexType>
74. <xs:key name="UniqueTechnicalProfileId">
75. <xs:selector xpath="tfp:ClaimsProvider/tfp:TechnicalProfiles/tfp:TechnicalProfile"/>
76. <xs:field xpath="@Id"/>
77. </xs:key>
78. </xs:element>
79.  
80. <xs:element minOccurs="0" maxOccurs="1" name="UserJourneys">
81. <xs:annotation>
82. <xs:documentation>
83. The User Journeys through which a user is taken to retrieve the claims that are to be presented to the relying party.
84. </xs:documentation>
85. </xs:annotation>
86. <xs:complexType>
87. <xs:sequence>
88. <xs:element minOccurs="1" maxOccurs="unbounded" name="UserJourney" type="tfp:UserJourney" />
89. </xs:sequence>
90. </xs:complexType>
91. <xs:key name="UniqueUserJourneyId">
92. <xs:selector xpath="tfp:UserJourney"/>
93. <xs:field xpath="@Id"/>
94. </xs:key>
95. </xs:element>
96.  
97. <xs:element minOccurs="0" maxOccurs="1" name="SubJourneys">
98. <xs:annotation>
99. <xs:documentation>
100. The SubJourneys that are components of UserJourneys and are executed as part of a User Journey.
101. </xs:documentation>
102. </xs:annotation>
103. <xs:complexType>
104. <xs:sequence>
105. <xs:element minOccurs="1" maxOccurs="unbounded" name="SubJourney" type="tfp:SubJourney" />
106. </xs:sequence>
107. </xs:complexType>
108. <xs:key name="UniqueSubJourney">
109. <xs:selector xpath="tfp:SubJourney" />
110. <xs:field xpath="@Id" />
111. </xs:key>
112. </xs:element>
113.  
114. <xs:element minOccurs="0" maxOccurs="1" name="RelyingParty">
115. <xs:complexType>
116. <xs:sequence>
117. <xs:element minOccurs="0" maxOccurs="1" name="DefaultUserJourney">
118. <xs:annotation>
119. <xs:documentation>
120. An identifier of the User Journey which the orchestration engine will begin with. A merged trust framework policy
121. can contain multiple user journeys and relying parties select one of them as the starting point.
122. </xs:documentation>
123. </xs:annotation>
124. <xs:complexType>
125. <xs:attribute use="required" name="ReferenceId" type="xs:string"/>
126. </xs:complexType>
127. </xs:element>
128. <xs:element minOccurs="0" maxOccurs="1" name="Endpoints">
129. <xs:annotation>
130. <xs:documentation>
131. Defines different endpoints exposed by the policy and maps to UserJourneys to invoke.
132. </xs:documentation>
133. </xs:annotation>
134. <xs:complexType>
135. <xs:sequence>
136. <xs:element name="Endpoint" type="tfp:Endpoint" minOccurs="1" maxOccurs="unbounded" />
137. </xs:sequence>
138. </xs:complexType>
139. <xs:key name="UniqueEndpoint">
140. <xs:selector xpath="tfp:Endpoint" />
141. <xs:field xpath="@Id" />
142. </xs:key>
143. </xs:element>
144. <xs:element minOccurs="0" maxOccurs="1" name="UserJourneyBehaviors">
145. <xs:annotation>
146. <xs:documentation>
147. Controls the scope of various user journey behaviors.
148. </xs:documentation>
149. </xs:annotation>
150. <xs:complexType>
151. <xs:sequence>
152. <xs:element name="SingleSignOn" type="tfp:SingleSignOn" minOccurs="0" maxOccurs="1">
153. <xs:annotation>
154. <xs:documentation>
155. Controls the scope of the single sign on behavior of a user journey.
156. </xs:documentation>
157. </xs:annotation>
158. </xs:element>
159. <xs:element name="SessionExpiryType" type="tfp:SessionExpiryTypeTYPE" minOccurs="0" maxOccurs="1">
160. <xs:annotation>
161. <xs:documentation>
162. Controls the whether the session is rolling or absolute.
163. </xs:documentation>
164. </xs:annotation>
165. </xs:element>
166. <xs:element name="SessionExpiryInSeconds" type="xs:int" minOccurs="0" maxOccurs="1">
167. <xs:annotation>
168. <xs:documentation>
169. Controls the time of the session expiry in seconds.
170. </xs:documentation>
171. </xs:annotation>
172. </xs:element>
173. <xs:element name="AzureApplicationInsights" type="tfp:AzureApplicationInsights" minOccurs="0" maxOccurs="1">
174. <xs:annotation>
175. <xs:documentation>
176. DEPRECATED - Use JourneyInsights indicating ApplicationInsights as the telemetry engine.
177. </xs:documentation>
178. </xs:annotation>
179. </xs:element>
180. <xs:element name="JourneyInsights" type="tfp:JourneyInsights" minOccurs="0" maxOccurs="1">
181. <xs:annotation>
182. <xs:documentation>
183. Specifies the details required for journey insights.
184. </xs:documentation>
185. </xs:annotation>
186. </xs:element>
187. <xs:element name="ContentDefinitionParameters" type="tfp:ContentDefinitionParameters" minOccurs="0" maxOccurs="1">
188. <xs:annotation>
189. <xs:documentation>
190. Specifies the a list of key value pairs to be appended to the content definition load uri.
191. </xs:documentation>
192. </xs:annotation>
193. </xs:element>
194. <xs:element name="JourneyFraming" type="tfp:JourneyFraming" minOccurs="0" maxOccurs="1">
195. <xs:annotation>
196. <xs:documentation>
197. Specifies whether journey framing is enabled and for what sources.
198. </xs:documentation>
199. </xs:annotation>
200. </xs:element>
201. <xs:element name="ScriptExecution" type="tfp:ScriptExecutionType" minOccurs="0" maxOccurs="1">
202. <xs:annotation>
203. <xs:documentation>
204. Controls the whether script execution is allowed for the journey.
205. </xs:documentation>
206. </xs:annotation>
207. </xs:element>
208. <xs:element name="OnError" type="tfp:JourneyOnError" minOccurs="0" maxOccurs="1">
209. <xs:annotation>
210. <xs:documentation>
211. Specifies the error handling behavior of a journey.
212. </xs:documentation>
213. </xs:annotation>
214. </xs:element>
215. </xs:sequence>
216. </xs:complexType>
217. </xs:element>
218. <xs:element minOccurs="0" maxOccurs="unbounded" name="TechnicalProfile" type="tfp:TechnicalProfile"/>
219. </xs:sequence>
220. </xs:complexType>
221. </xs:element>
222. </xs:sequence>
223. <xs:attribute use="required" name="PolicySchemaVersion" type="tfp:FourPartVersionNumber">
224. <xs:annotation>
225. <xs:documentation>
226. Determines the schema version published by Microsoft using which this Policy is to be executed.
227. </xs:documentation>
228. </xs:annotation>
229. </xs:attribute>
230. <xs:attribute use="required" name="TenantId" type="tfp:TenantId">
231. <xs:annotation>
232. <xs:documentation>
233. The unique identifier of the tenant to which this policy belongs.
234. </xs:documentation>
235. </xs:annotation>
236. </xs:attribute>
237. <xs:attribute use="optional" name="TenantObjectId" type="tfp:TenantObjectId">
238. <xs:annotation>
239. <xs:documentation>
240. The unique identifier of the object ID of the Azure tenant.
241. </xs:documentation>
242. </xs:annotation>
243. </xs:attribute>
244. <xs:attribute use="required" name="PolicyId" type="tfp:PolicyId">
245. <xs:annotation>
246. <xs:documentation>
247. The unique identifier of this policy.
248. </xs:documentation>
249. </xs:annotation>
250. </xs:attribute>
251. <xs:attribute use="required" name="PublicPolicyUri" type="xs:anyURI">
252. <xs:annotation>
253. <xs:documentation>
254. The URI for the policy which is an appropriate name of the policy outside of the CPIM system.
255. </xs:documentation>
256. </xs:annotation>
257. </xs:attribute>
258. <xs:attribute use="optional" name="StateTableName" type="xs:string">
259. <xs:annotation>
260. <xs:documentation>
261. The name of the StateTable that should execute this policy.
262. </xs:documentation>
263. </xs:annotation>
264. </xs:attribute>
265. <xs:attribute use="optional" name="DeploymentMode" type="tfp:DeploymentModeType">
266. <xs:annotation>
267. <xs:documentation>
268. The mode under which the policy should be deployed.
269. </xs:documentation>
270. </xs:annotation>
271. </xs:attribute>
272. <xs:attribute use="optional" name="UserJourneyRecorderEndpoint" type="xs:string">
273. <xs:annotation>
274. <xs:documentation>
275. The Url in the format http://{host}?stream={guid} (where the braces are omitted)
276. of a service able to receive http posts documenting user journey progress
277. </xs:documentation>
278. </xs:annotation>
279. </xs:attribute>
280. </xs:complexType>
281. </xs:element>
282.  
283. <xs:complexType name="BasePolicy">
284. <xs:annotation>
285. <xs:documentation>
286. This section defines the base policy from which this Policy is derived.
287. </xs:documentation>
288. </xs:annotation>
289. <xs:sequence>
290. <xs:element minOccurs="1" maxOccurs="1" name="TenantId" type="tfp:TenantId">
291. <xs:annotation>
292. <xs:documentation>
293. The identifier of the tenant that published the base policy. The base policy is looked up inside the tenant
294. specified here.
295. </xs:documentation>
296. </xs:annotation>
297. </xs:element>
298. <xs:element minOccurs="1" maxOccurs="1" name="PolicyId" type="tfp:PolicyId">
299. <xs:annotation>
300. <xs:documentation>
301. The identifier of the base policy. The policy is looked up using this identifier within the tenant specified
302. by the preceding element.
303. </xs:documentation>
304. </xs:annotation>
305. </xs:element>
306. </xs:sequence>
307. </xs:complexType>
308.  
309. <xs:complexType name="Inheritance">
310. <xs:annotation>
311. <xs:documentation>
312. This section defines the constraints for policies inheriting from this policy.
313. </xs:documentation>
314. </xs:annotation>
315. <xs:choice minOccurs="0">
316. <xs:element minOccurs="0" maxOccurs="1" name="Tenants" type="tfp:TenantListType">
317. <xs:annotation>
318. <xs:documentation>
319. A list of tenant references used when the inheritance rule is an allow or deny list.
320. </xs:documentation>
321. </xs:annotation>
322. </xs:element>
323. <xs:element minOccurs="0" maxOccurs="1" name="ConstraintHandler" type="tfp:ConstraintHandler">
324. <xs:annotation>
325. <xs:documentation>
326. A handler implementing the IConstraintHandler interface for applying more complex inheritance rules.
327. </xs:documentation>
328. </xs:annotation>
329. </xs:element>
330. </xs:choice>
331. <xs:attribute use="required" name="DerivingPolicies" type="xs:string" />
332. </xs:complexType>
333.  
334. <xs:complexType name="RerouteRules">
335. <xs:annotation>
336. <xs:documentation>
337. This section defines policy rerouting rules.
338. </xs:documentation>
339. </xs:annotation>
340. <xs:sequence>
341. <xs:element minOccurs="0" maxOccurs="unbounded" name="RerouteRule" type="tfp:RerouteRule">
342. <xs:annotation>
343. <xs:documentation>
344. A list of reroute rules
345. </xs:documentation>
346. </xs:annotation>
347. </xs:element>
348. </xs:sequence>
349. <xs:attribute use="required" name="Type" type="xs:string" />
350. </xs:complexType>
351.  
352. <xs:complexType name="RerouteRule">
353. <xs:annotation>
354. <xs:documentation>
355. This section defines details of a rerouting rule
356. </xs:documentation>
357. </xs:annotation>
358. <xs:attribute use="required" name="PolicyId" type="tfp:PolicyIdPattern">
359. <xs:annotation>
360. <xs:documentation>
361. The unique identifier of this policy.
362. </xs:documentation>
363. </xs:annotation>
364. </xs:attribute>
365. <xs:attribute use="optional" name="Weight" type="tfp:Weight">
366. <xs:annotation>
367. <xs:documentation>
368. The weight for a policy in case of A/B testing.
369. </xs:documentation>
370. </xs:annotation>
371. </xs:attribute>
372. <xs:attribute use="optional" name="Match" type="tfp:Match">
373. <xs:annotation>
374. <xs:documentation>
375. Defines an attribute that can be passed into the query string, that will match the policy to be redirected to.
376. </xs:documentation>
377. </xs:annotation>
378. </xs:attribute>
379. </xs:complexType>
380.  
381. <xs:complexType name="ConstraintHandler">
382. <xs:annotation>
383. <xs:documentation>
384. This section defines the constraints for policies inheriting from this policy.
385. </xs:documentation>
386. </xs:annotation>
387. <xs:attribute use="required" name="Id" type="xs:string">
388. <xs:annotation>
389. <xs:documentation>
390. A machine understandable identifier that is used to uniquely identify this particular constraint handler.
391. </xs:documentation>
392. </xs:annotation>
393. </xs:attribute>
394. <xs:attribute use="required" name="Handler" type="xs:string">
395. <xs:annotation>
396. <xs:documentation>
397. A fully-qualified name of the assembly that will be used by CPIM to determine the constraint handler.
398. </xs:documentation>
399. </xs:annotation>
400. </xs:attribute>
401. </xs:complexType>
402.  
403. <xs:complexType name="TechnicalProfile">
404. <xs:annotation>
405. <xs:documentation>
406. Every Claims Provider must have one or more Technical Profiles which determines the end points and the protocols needed
407. to communicate with that Claims Provider. In fact, in CPIM, it is the Technical Profile that is referenced elsewhere for
408. communication with a particular Claims Provider.
409.  
410. A Claims Provider can have multiple Technical Profiles for various reasons. For example, multiple Technical Profiles may
411. be defined because the Claims Provider supports multiple protocols, various endpoints with different capabilities, or
412. releases different claims at different assurance levels. It may be acceptable to release
413. sensitive claims in one User Journey, but not in another one. A Technical Profile is usually certified for
414. a Level of Assurance and thus one Claims Provider may have multiple Technical Profiles for different Levels of Assurance.
415. </xs:documentation>
416. </xs:annotation>
417. <xs:sequence>
418. <xs:element minOccurs="0" maxOccurs="1" name="Domains">
419. <xs:annotation>
420. <xs:documentation>
421. The human understandable domain names for the technical profile.
422. </xs:documentation>
423. </xs:annotation>
424. <xs:complexType>
425. <xs:sequence>
426. <xs:element minOccurs="1" maxOccurs="unbounded" name="Domain" type="tfp:nonemptystring">
427. <xs:annotation>
428. <xs:documentation>
429. The human understandable domain name for the technical profile.
430. </xs:documentation>
431. </xs:annotation>
432. </xs:element>
433. </xs:sequence>
434. </xs:complexType>
435. </xs:element>
436. <xs:element minOccurs="0" maxOccurs="1" name="Domain" type="xs:string">
437. <xs:annotation>
438. <xs:documentation>
439. The human understandable domain name for the technical profile.
440. </xs:documentation>
441. </xs:annotation>
442. </xs:element>
443. <xs:element minOccurs="0" maxOccurs="1" name="DisplayName" type="xs:string">
444. <xs:annotation>
445. <xs:documentation>
446. The human understandable name of the Technical Profile that can be displayed to the users.
447. </xs:documentation>
448. </xs:annotation>
449. </xs:element>
450. <xs:element minOccurs="0" maxOccurs="1" name="Description" type="xs:string">
451. <xs:annotation>
452. <xs:documentation>
453. Provides detailed user understandable text to explain the Technical Profile.
454. </xs:documentation>
455. </xs:annotation>
456. </xs:element>
457. <xs:element minOccurs="0" maxOccurs="1" name="Protocol">
458. <xs:annotation>
459. <xs:documentation>
460. The protocol used for federation.
461. </xs:documentation>
462. </xs:annotation>
463. <xs:complexType>
464. <xs:attribute use="required" name="Name" type="tfp:ProtocolName">
465. <xs:annotation>
466. <xs:documentation>
467. Name of the protocol used by CPIM for claims exchange with the claims provider.
468. </xs:documentation>
469. </xs:annotation>
470. </xs:attribute>
471. <xs:attribute use="optional" name="Handler" type="xs:string">
472. <xs:annotation>
473. <xs:documentation>
474. A fully-qualified name of the assembly that will be used by CPIM to determine the protocol handler if the protocol
475. name is "Proprietary". It is invalid to provide this attribute with any other protocol name.
476. </xs:documentation>
477. </xs:annotation>
478. </xs:attribute>
479. </xs:complexType>
480. </xs:element>
481. <xs:element minOccurs="0" maxOccurs="1" name="InputTokenFormat" type="tfp:TokenFormat">
482. <xs:annotation>
483. <xs:documentation>
484. Format of the input token
485. </xs:documentation>
486. </xs:annotation>
487. </xs:element>
488. <xs:element minOccurs="0" maxOccurs="1" name="OutputTokenFormat" type="tfp:TokenFormat">
489. <xs:annotation>
490. <xs:documentation>
491. Format of the output token
492. </xs:documentation>
493. </xs:annotation>
494. </xs:element>
495. <xs:element minOccurs="0" maxOccurs="1" name="AssuranceLevelOfOutputClaims" type="xs:string">
496. <xs:annotation>
497. <xs:documentation>
498. Lists the assurance level of the claims that are retrieved from the Technical Profile.
499. </xs:documentation>
500. </xs:annotation>
501. </xs:element>
502. <xs:element minOccurs="0" maxOccurs="1" name="RequiredAssuranceLevelsOfInputClaims">
503. <xs:annotation>
504. <xs:documentation>
505. Lists the assurance levels that a claim must have in order for it to be used as an input claim to the Technical Profile.
506. </xs:documentation>
507. </xs:annotation>
508. <xs:complexType>
509. <xs:sequence>
510. <xs:element minOccurs="0" maxOccurs="unbounded" name="RequiredAssuranceLevelOfInputClaims" type="xs:string"/>
511. </xs:sequence>
512. </xs:complexType>
513. </xs:element>
514. <xs:element minOccurs="0" maxOccurs="1" name="SubjectAuthenticationRequirements">
515. <xs:annotation>
516. <xs:documentation>
517. Requirements regarding the conscious and active participation of the subject in authentication
518. </xs:documentation>
519. </xs:annotation>
520. <xs:complexType>
521. <xs:attribute use="required" name="TimeToLive" type="xs:int">
522. <xs:annotation>
523. <xs:documentation>
524. The maximum number of minutes cached credentials can be used following an active authentication by the subject.
525. </xs:documentation>
526. </xs:annotation>
527. </xs:attribute>
528. <xs:attribute use="optional" name="ResetExpiryWhenTokenIssued" type="xs:boolean">
529. <xs:annotation>
530. <xs:documentation>
531. Default is False. If True then whenever a token is issued
532. (even using a cached credential) the expiry time is set to the current time plus the TimeToLive
533. </xs:documentation>
534. </xs:annotation>
535. </xs:attribute>
536. </xs:complexType>
537. </xs:element>
538. <xs:element minOccurs="0" maxOccurs="1" name="Metadata" type="tfp:metadataTYPE">
539. <xs:annotation>
540. <xs:documentation>
541. This is the data utilized by the protocol for communicating with the endpoint.
542. </xs:documentation>
543. </xs:annotation>
544. </xs:element>
545. <xs:element minOccurs="0" maxOccurs="1" name="CryptographicKeys" type="tfp:CryptographicKeys">
546. <xs:annotation>
547. <xs:documentation>
548. A list of cryptographic keys used in this technical profile.
549. </xs:documentation>
550. </xs:annotation>
551. </xs:element>
552. <xs:element minOccurs="0" maxOccurs="1" name="Suppressions" type="tfp:ItemGroup">
553. <xs:annotation>
554. <xs:documentation>
555. A list of suppressions supported by the protocol.
556. </xs:documentation>
557. </xs:annotation>
558. </xs:element>
559. <xs:element minOccurs="0" maxOccurs="1" name="PreferredBinding" type="xs:string">
560. <xs:annotation>
561. <xs:documentation>
562. If the protocol supports multiple bindings, this represents binding preferred by the protocol, for example HTTP POST or HTTP GET
563. in the case of SAML.
564. </xs:documentation>
565. </xs:annotation>
566. </xs:element>
567. <xs:element minOccurs="0" maxOccurs="1" name="IncludeInSso" type="xs:boolean">
568. <xs:annotation>
569. <xs:documentation>
570. A value indicating whether usage of this technical profile should apply
571. single-signon behavior for the session and instead require explicit interaction
572. </xs:documentation>
573. </xs:annotation>
574. </xs:element>
575. <xs:element minOccurs="0" maxOccurs="1" name="InputTokenSources" type="tfp:InputTokenSources">
576. <xs:annotation>
577. <xs:documentation>
578. CPIM can send the original token from one claims provider to another claims provider. InputTokenSources are
579. the list of technical profiles of the claims providers from which the original tokens are to be sent.
580. </xs:documentation>
581. </xs:annotation>
582. </xs:element>
583.  
584. <xs:element minOccurs="0" maxOccurs="unbounded" name="InputClaimsTransformations">
585. <xs:annotation>
586. <xs:documentation>
587. ClaimsTransformations can be used to modify existing ClaimsSchema claims or generate new ones. This element contains the
588. list of references to ClaimsTransformations that should be executed before any claims are sent to the claims provider or the
589. relying party.
590. </xs:documentation>
591. </xs:annotation>
592. <xs:complexType>
593. <xs:sequence>
594. <xs:element minOccurs="1" maxOccurs="unbounded" name="InputClaimsTransformation" type="tfp:ClaimsTransformationReference" />
595. </xs:sequence>
596. </xs:complexType>
597. </xs:element>
598.  
599. <xs:element minOccurs="0" maxOccurs="1" name="InputClaims">
600. <xs:annotation>
601. <xs:documentation>
602. A list of the ClaimsSchema claim types that are sent as input to the claims provider or the relying party.
603. </xs:documentation>
604. </xs:annotation>
605. <xs:complexType>
606. <xs:sequence>
607. <xs:element minOccurs="0" maxOccurs="unbounded" name="InputClaim" type="tfp:ClaimsSchemaClaimTypeReference" />
608. </xs:sequence>
609. </xs:complexType>
610. </xs:element>
611.  
612. <xs:element name="DisplayClaims" minOccurs="0" maxOccurs="1">
613. <xs:annotation>
614. <xs:documentation>Defines a list of display claims for user interface controls.</xs:documentation>
615. </xs:annotation>
616. <xs:complexType>
617. <xs:sequence>
618. <xs:element name="DisplayClaim" type="DisplayClaimReference" minOccurs="0" maxOccurs="unbounded" />
619. </xs:sequence>
620. </xs:complexType>
621. </xs:element>
622.  
623. <xs:element minOccurs="0" maxOccurs="1" name="PersistedClaims">
624. <xs:annotation>
625. <xs:documentation>
626. A list of the ClaimsSchema claim types that are persisted by the claims provider.
627. </xs:documentation>
628. </xs:annotation>
629. <xs:complexType>
630. <xs:sequence>
631. <xs:element minOccurs="0" maxOccurs="unbounded" name="PersistedClaim" type="tfp:PersistedClaim" />
632. </xs:sequence>
633. </xs:complexType>
634. </xs:element>
635.  
636. <xs:element minOccurs="0" maxOccurs="1" name="OutputClaims">
637. <xs:annotation>
638. <xs:documentation>
639. A list of the ClaimsSchema claim types that are received as output from the claims provider.
640. </xs:documentation>
641. </xs:annotation>
642. <xs:complexType>
643. <xs:sequence>
644. <xs:element minOccurs="0" maxOccurs="unbounded" name="OutputClaim" type="tfp:ClaimsSchemaClaimTypeReference" />
645. </xs:sequence>
646. </xs:complexType>
647. </xs:element>
648.  
649. <xs:element minOccurs="0" maxOccurs="unbounded" name="OutputClaimsTransformations">
650. <xs:annotation>
651. <xs:documentation>
652. ClaimsTransformations can be used to modify existing ClaimsSchema claims or generate new ones. This element contains the
653. list of references to ClaimsTransformations that should be executed after claims are received from the claims provider.
654. </xs:documentation>
655. </xs:annotation>
656. <xs:complexType>
657. <xs:sequence>
658. <xs:element minOccurs="1" maxOccurs="unbounded" name="OutputClaimsTransformation" type="tfp:ClaimsTransformationReference" />
659. </xs:sequence>
660. </xs:complexType>
661. </xs:element>
662.  
663. <xs:element minOccurs="0" maxOccurs="unbounded" name="ValidationTechnicalProfiles">
664. <xs:annotation>
665. <xs:documentation>
666. A TechnicalProfile can have a set of other TechnicalProfiles that it uses for validation purposes. This section lists all
667. such technical profiles.
668. </xs:documentation>
669. </xs:annotation>
670. <xs:complexType>
671. <xs:sequence>
672. <xs:element minOccurs="1" maxOccurs="unbounded" name="ValidationTechnicalProfile">
673. <xs:complexType>
674. <xs:annotation>
675. <xs:documentation>
676. The technical profile to be used for validating some or all of the output claims of the referencing technical profile.
677. Therefore, all the input claims of the referenced technical profile must appear in the output claims of the
678. referencing technical profile.
679. </xs:documentation>
680. </xs:annotation>
681. <xs:sequence>
682. <xs:element minOccurs="0" maxOccurs="unbounded" name="Preconditions" type="tfp:Preconditions">
683. <xs:annotation>
684. <xs:documentation>
685. A list of preconditions that must be satisfied for the validation technical profile to execute.
686. </xs:documentation>
687. </xs:annotation>
688. </xs:element>
689. </xs:sequence>
690. <xs:attribute use="required" name="ReferenceId" type="xs:string" />
691. <xs:attribute use="optional" name="ContinueOnSuccess" type="xs:boolean">
692. <xs:annotation>
693. <xs:documentation>
694. A boolean indicating whether validation of any subsequent validation profiles should continue if this
695. profile succeeds. The default is true, meaning that the processing of further validation profiles will continue.
696. </xs:documentation>
697. </xs:annotation>
698. </xs:attribute>
699. <xs:attribute use="optional" name="ContinueOnError" type="xs:boolean">
700. <xs:annotation>
701. <xs:documentation>
702. A boolean indicating whether validation of any subsequent validation profiles should continue if this
703. profile errors. The default is false, meaning that processing of further validation profiles will stop and
704. an error returned.
705. </xs:documentation>
706. </xs:annotation>
707. </xs:attribute>
708. </xs:complexType>
709. </xs:element>
710. </xs:sequence>
711. </xs:complexType>
712. <xs:key name="UniqueTechnicalProfileReferenceId">
713. <xs:selector xpath="tfp:ValidationTechnicalProfile"/>
714. <xs:field xpath="@ReferenceId"/>
715. </xs:key>
716. </xs:element>
717.  
718. <xs:element minOccurs="0" maxOccurs="1" name="SubjectNamingInfo">
719. <xs:annotation>
720. <xs:documentation>
721. Information that controls production of the subject name in tokens (e.g. SAML) where subject name is specified separately
722. from claims.
723. </xs:documentation>
724. </xs:annotation>
725. <xs:complexType>
726. <xs:attribute use="required" name="ClaimType" type="xs:string" />
727. <xs:attribute use="optional" name="NameQualifier" type="xs:string" />
728. <xs:attribute use="optional" name="SPNameQualifier" type="xs:string" />
729. <xs:attribute use="optional" name="Format" type="xs:string" />
730. <xs:attribute use="optional" name="SPProvidedID" type="xs:string" />
731. <xs:attribute use="optional" name="ExcludeAsClaim" type="xs:boolean" />
732. </xs:complexType>
733. </xs:element>
734.  
735. <xs:element minOccurs="0" name="Extensions" type="tfp:Extensions">
736. <xs:annotation>
737. <xs:documentation>
738. An element for including additional information specific to a particular technical profile
739. </xs:documentation>
740. </xs:annotation>
741. </xs:element>
742.  
743. <xs:element minOccurs="0" maxOccurs="1" name="IncludeClaimsFromTechnicalProfile" type="xs:string">
744. <xs:annotation>
745. <xs:documentation>
746. A id of different technical profile. All input and output claims from referenced technical profile will be
747. added to this technical profile. Referenced technical profile must be defined in the same trust framework policy.
748. </xs:documentation>
749. </xs:annotation>
750. </xs:element>
751.  
752. <xs:element minOccurs="0" maxOccurs="1" name="IncludeTechnicalProfile">
753. <xs:complexType>
754. <xs:annotation>
755. <xs:documentation>
756. A id of different technical profile. All data from referenced technical profile will be
757. added to this technical profile. Referenced technical profile must exists in trust framework policy.
758. </xs:documentation>
759. </xs:annotation>
760. <xs:attribute use="required" name="ReferenceId" type="xs:string" />
761. </xs:complexType>
762. </xs:element>
763.  
764. <xs:element minOccurs="0" maxOccurs="1" name="UseTechnicalProfileForSessionManagement">
765. <xs:complexType>
766. <xs:annotation>
767. <xs:documentation>
768. An id of a technical profile to be used for session managemetn.
769. </xs:documentation>
770. </xs:annotation>
771. <xs:attribute use="required" name="ReferenceId" type="xs:string" />
772. </xs:complexType>
773. </xs:element>
774.  
775. <xs:element minOccurs="0" maxOccurs="1" name="ErrorHandlers">
776. <xs:annotation>
777. <xs:documentation>
778. Error handlers to take action based on different error responses.
779. </xs:documentation>
780. </xs:annotation>
781. <xs:complexType>
782. <xs:sequence>
783. <xs:element minOccurs="0" maxOccurs="unbounded" name="ErrorHandler">
784. <xs:complexType>
785. <xs:sequence>
786. <xs:element minOccurs="0" maxOccurs="1" name="ErrorResponseFormat" type="tfp:ErrorResponseFormat" >
787. <xs:annotation>
788. <xs:documentation>
789. Format of error response. Used to indicate the reader of the error response for path matching. Default is json.
790. </xs:documentation>
791. </xs:annotation>
792. </xs:element>
793. <xs:element minOccurs="1" maxOccurs="1" name="ResponseMatch" type="xs:string" >
794. <xs:annotation>
795. <xs:documentation>
796. Match path for the response to trigger the action. JSONPath is used for json response. XPath is used for XML response.
797. </xs:documentation>
798. </xs:annotation>
799. </xs:element>
800. <xs:element minOccurs="1" maxOccurs="1" name="Action" type="tfp:ErrorHandlingAction" >
801. <xs:annotation>
802. <xs:documentation>
803. Action to perform when the error response matches the pattern.
804. </xs:documentation>
805. </xs:annotation>
806. </xs:element>
807. <xs:element minOccurs="0" maxOccurs="unbounded" name="AdditionalRequestParameters">
808. <xs:complexType>
809. <xs:annotation>
810. <xs:documentation>
811. Additional query string to send for reauthentication action.
812. </xs:documentation>
813. </xs:annotation>
814. <xs:simpleContent>
815. <xs:extension base="xs:string">
816. <xs:attribute name="Key" type="xs:string" use="required"/>
817. </xs:extension>
818. </xs:simpleContent>
819. </xs:complexType>
820. </xs:element>
821. </xs:sequence>
822. </xs:complexType>
823. </xs:element>
824. </xs:sequence>
825. </xs:complexType>
826. </xs:element>
827.  
828. <xs:element minOccurs="0" maxOccurs="1" name="EnabledForUserJourneys" type="tfp:EnabledForUserJourneysValues">
829. <xs:annotation>
830. <xs:documentation>
831. A boolean indicating if the technical provile should be used within a user journey, this includes ClaimProviderSelections.
832. If this value is set to true, it will disable the selection.
833. </xs:documentation>
834. </xs:annotation>
835. </xs:element>
836. </xs:sequence>
837.  
838. <xs:attribute use="required" name="Id" type="xs:string">
839. <xs:annotation>
840. <xs:documentation>
841. A machine understandable identifier that is used to uniquely identify this particular TechnicalProfile,
842. and reference it from other sections of the document, for example OrchestrationSteps and InputTokenSources.
843. </xs:documentation>
844. </xs:annotation>
845. </xs:attribute>
846. </xs:complexType>
847.  
848. <!--
849. Describes a particular user journey, which may refer to sections defined elsewhere.
850. -->
851. <xs:complexType name="UserJourney">
852. <xs:annotation>
853. <xs:documentation>
854. A User Journey defines all the constructs necessary for a complete user flow.
855. </xs:documentation>
856. </xs:annotation>
857. <xs:sequence>
858.  
859. <xs:element minOccurs="0" maxOccurs="1" name="AssuranceLevel" type="xs:string">
860. <xs:annotation>
861. <xs:documentation>
862. Specifies a measurement of identity assurance when the claims are presented to the Relying
863. Party at the conclusion of the orchestration steps contained in the User Journey.
864. </xs:documentation>
865. </xs:annotation>
866. </xs:element>
867.  
868. <xs:element minOccurs="0" maxOccurs="1" name="PreserveOriginalAssertion" type="xs:boolean">
869. <xs:annotation>
870. <xs:documentation>
871. Claims are presented to the Relying Party Application in a token generated by CPIM. However, a Technical
872. Policy may state, using a true or a false for this element, that the original assertion which was returned from
873. the Claims Provider(s) must also be preserved so that if needed, it can be looked at by Relying Party for auditing
874. or diagnostic purposes.
875. </xs:documentation>
876. </xs:annotation>
877. </xs:element>
878.  
879. <xs:element minOccurs="0" maxOccurs="1" name="Authorization">
880. <xs:annotation>
881. <xs:documentation>
882. Specifies relevent information required for the Authorization elements of a UserJourney. This can point to other
883. element references in policy for validating information about the request in order to assert the request is allowed.
884. </xs:documentation>
885. </xs:annotation>
886.  
887. <xs:complexType>
888. <xs:sequence>
889.  
890. <xs:element minOccurs="0" maxOccurs="1" name="AuthorizationTechnicalProfiles">
891. <xs:annotation>
892. <xs:documentation>
893. A TechnicalProfile can be used to extract information from a request and perform authorization of the request. This section lists all
894. such technical profiles.
895. </xs:documentation>
896. </xs:annotation>
897. <xs:complexType>
898. <xs:sequence>
899. <xs:element minOccurs="1" maxOccurs="unbounded" name="AuthorizationTechnicalProfile">
900. <xs:complexType>
901. <xs:annotation>
902. <xs:documentation>
903. The technical profile to be used for validating/authorizing incoming data to assert the information is valid for the UserJourney. If
904. the information is invalid, the UserJourney will not execute and the request is Forbidden.
905. </xs:documentation>
906. </xs:annotation>
907. <xs:attribute use="required" name="ReferenceId" type="xs:string" />
908. </xs:complexType>
909. </xs:element>
910. </xs:sequence>
911. </xs:complexType>
912. <xs:key name="UniqueAuthorizationTechnicalProfileReferenceId">
913. <xs:selector xpath="tfp:AuthorizationTechnicalProfile"/>
914. <xs:field xpath="@ReferenceId"/>
915. </xs:key>
916. </xs:element>
917.  
918. </xs:sequence>
919. </xs:complexType>
920. </xs:element>
921.  
922. <xs:element minOccurs="0" maxOccurs="1" name="OrchestrationSteps">
923. <xs:annotation>
924. <xs:documentation>
925. This section lists the orchestration sequence that must be followed through for a successful transaction (i.e. a
926. complete user flow). Thus, every User Journey consists of an ordered list of Orchestration Steps (OS) that are
927. executed in sequence. If any step fails, the transaction fails.
928. </xs:documentation>
929. </xs:annotation>
930. <xs:complexType>
931. <xs:sequence>
932. <xs:element minOccurs="1" maxOccurs="unbounded" name="OrchestrationStep" type="tfp:OrchestrationStep" />
933. </xs:sequence>
934. </xs:complexType>
935. <xs:key name="UniqueOrchestrationStepOrder">
936. <xs:selector xpath="tfp:OrchestrationStep"/>
937. <xs:field xpath="@Order"/>
938. </xs:key>
939. <xs:key name="UniqueClaimsExchangeId">
940. <xs:selector xpath="tfp:OrchestrationStep/tfp:ClaimsExchanges/tfp:ClaimsExchange"/>
941. <xs:field xpath="@Id"/>
942. </xs:key>
943. </xs:element>
944.  
945. <xs:element minOccurs="0" maxOccurs="1" name="ClientDefinition">
946. <xs:annotation>
947. <xs:documentation>
948. References settings definition section that determines the client behavior.
949. </xs:documentation>
950. </xs:annotation>
951. <xs:complexType>
952. <xs:attribute name="ReferenceId" type="xs:string">
953. <xs:annotation>
954. <xs:documentation>
955. The identifier of the policy to use.
956. </xs:documentation>
957. </xs:annotation>
958. </xs:attribute>
959. </xs:complexType>
960. </xs:element>
961.  
962. <xs:element minOccurs="0" maxOccurs="1" name="CryptographicKeys" type="tfp:CryptographicKeys">
963. <xs:annotation>
964. <xs:documentation>
965. A list of cryptographic keys used in this User Journey.
966. </xs:documentation>
967. </xs:annotation>
968. </xs:element>
969.  
970. </xs:sequence>
971.  
972. <xs:attribute use="required" name="Id" type="xs:string">
973. <xs:annotation>
974. <xs:documentation>
975. A machine understandable identifier that is used to uniquely identify this particular User Journey.
976. </xs:documentation>
977. </xs:annotation>
978. </xs:attribute>
979.  
980. <xs:attribute use="optional" name="NonInteractive" type="xs:boolean">
981. <xs:annotation>
982. <xs:documentation>
983. A boolean that is used to indicate whether this particular User Journey is non interactive.
984. </xs:documentation>
985. </xs:annotation>
986. </xs:attribute>
987.  
988. <xs:attribute use="optional" name="DefaultCpimIssuerTechnicalProfileReferenceId" type="xs:string">
989. <xs:annotation>
990. <xs:documentation>
991. The default Issuer TechnicalProfileId of the claims provider that will mint the token for the relyingParty.
992. If absent then CpimIssuerTechicalProfileReferenceId from first SendClaims step would be considered as default.
993. </xs:documentation>
994. </xs:annotation>
995. </xs:attribute>
996.  
997. </xs:complexType>
998.  
999. <xs:complexType name="SubJourney">
1000. <xs:annotation>
1001. <xs:documentation>
1002. A SubJourney describes a part of the User Journey
1003. </xs:documentation>
1004. </xs:annotation>
1005.  
1006. <xs:sequence>
1007. <xs:element minOccurs="0" maxOccurs="1" name="OrchestrationSteps">
1008. <xs:annotation>
1009. <xs:documentation>
1010. This section lists the orchestration sequence that must be followed through for a successful transaction (i.e. a
1011. complete user flow). Thus, every SubJourney consists of an ordered list of Orchestration Steps (OS) that are
1012. executed in sequence. If any step fails, the transaction fails.
1013. </xs:documentation>
1014. </xs:annotation>
1015. <xs:complexType>
1016. <xs:sequence>
1017. <xs:element minOccurs="1" maxOccurs="unbounded" name="OrchestrationStep" type="tfp:OrchestrationStep" />
1018. </xs:sequence>
1019. </xs:complexType>
1020. <xs:key name="UniqueOrchestrationStepOrderForSubJourney">
1021. <xs:selector xpath="tfp:OrchestrationStep"/>
1022. <xs:field xpath="@Order"/>
1023. </xs:key>
1024. <xs:key name="UniqueClaimsExchangeIdForSubJourney">
1025. <xs:selector xpath="tfp:OrchestrationStep/tfp:ClaimsExchanges/tfp:ClaimsExchange"/>
1026. <xs:field xpath="@Id"/>
1027. </xs:key>
1028. </xs:element>
1029. </xs:sequence>
1030.  
1031. <xs:attribute use="required" name="Id" type="xs:string">
1032. <xs:annotation>
1033. <xs:documentation>
1034. A machine understandable identifier that is used to uniquely identify this particular SubJourney.
1035. </xs:documentation>
1036. </xs:annotation>
1037. </xs:attribute>
1038.  
1039. <xs:attribute use="required" name="Type" type="tfp:SubJourneyTYPE">
1040. <xs:annotation>
1041. <xs:documentation>
1042. The type of the SubJourney that governs how it is executed in the context of the policy.
1043. </xs:documentation>
1044. </xs:annotation>
1045. </xs:attribute>
1046.  
1047. </xs:complexType>
1048.  
1049. <xs:complexType name="Endpoint">
1050. <xs:annotation>
1051. <xs:documentation>
1052. An Endpoint that describes what UserJourney should be invoked when a user agent lands on the endpoint.
1053. </xs:documentation>
1054. </xs:annotation>
1055. <xs:attribute use="required" name="Id" type="xs:string">
1056. <xs:annotation>
1057. <xs:documentation>
1058. A machine understandable identifier that is used to uniquely identify this particular Endpoint.
1059. </xs:documentation>
1060. </xs:annotation>
1061. </xs:attribute>
1062. <xs:attribute use="required" name="UserJourneyReferenceId" type="xs:string">
1063. <xs:annotation>
1064. <xs:documentation>
1065. The unique identifier of the UserJourney to be executed on invoking the endpoint.
1066. </xs:documentation>
1067. </xs:annotation>
1068. </xs:attribute>
1069. </xs:complexType>
1070.  
1071. <!--
1072. Policy definitions that technical policies may refer to
1073. -->
1074. <xs:complexType name="BuildingBlocks">
1075. <xs:annotation>
1076. <xs:documentation>
1077. This section contains all the definitions that are used by the Technical Policies.
1078. </xs:documentation>
1079. </xs:annotation>
1080. <xs:sequence>
1081. <xs:element minOccurs="0" maxOccurs="1" name="ClaimsSchema">
1082. <xs:annotation>
1083. <xs:documentation>
1084. This section defines all the claim types that can be referenced from other sections of the document.
1085. </xs:documentation>
1086. </xs:annotation>
1087. <xs:complexType>
1088. <xs:sequence>
1089. <xs:element minOccurs="1" maxOccurs="unbounded" name="ClaimType" type="tfp:ClaimType" />
1090. </xs:sequence>
1091. </xs:complexType>
1092. <xs:key name="UniqueClaimTypeId">
1093. <xs:selector xpath="tfp:ClaimType"/>
1094. <xs:field xpath="@Id"/>
1095. </xs:key>
1096. </xs:element>
1097.  
1098. <xs:element minOccurs="0" maxOccurs="1" name="Predicates">
1099. <xs:annotation>
1100. <xs:documentation>
1101. This section defines all the predicates that are used to validate input strings.
1102. </xs:documentation>
1103. </xs:annotation>
1104. <xs:complexType>
1105. <xs:sequence>
1106. <xs:element minOccurs="0" maxOccurs="unbounded" name="Predicate" type="tfp:Predicate" />
1107. </xs:sequence>
1108. </xs:complexType>
1109. <xs:key name="UniquePredicateId">
1110. <xs:selector xpath="tfp:Predicate"/>
1111. <xs:field xpath="@Id"/>
1112. </xs:key>
1113. </xs:element>
1114.  
1115. <xs:element minOccurs="0" maxOccurs="1" name="InputValidations">
1116. <xs:annotation>
1117. <xs:documentation>
1118. This section defines input validations that combine predicates to create a string validation logic.
1119. </xs:documentation>
1120. </xs:annotation>
1121. <xs:complexType>
1122. <xs:sequence>
1123. <xs:element minOccurs="0" maxOccurs="unbounded" name="InputValidation" type="tfp:InputValidation" />
1124. </xs:sequence>
1125. </xs:complexType>
1126. <xs:key name="UniqueInputValidationId">
1127. <xs:selector xpath="tfp:InputValidation"/>
1128. <xs:field xpath="@Id"/>
1129. </xs:key>
1130. </xs:element>
1131.  
1132. <!--New password complexity schema xsd-->
1133. <xs:element minOccurs="0" maxOccurs="1" name="PredicateValidations">
1134. <xs:annotation>
1135. <xs:documentation>
1136. This section defines predicate validations that combine predicates to create a string validation logic.
1137. </xs:documentation>
1138. </xs:annotation>
1139. <xs:complexType>
1140. <xs:sequence>
1141. <xs:element minOccurs="0" maxOccurs="unbounded" name="PredicateValidation" type="tfp:PredicateValidation" />
1142. </xs:sequence>
1143. </xs:complexType>
1144. <xs:key name="UniquePredicateValidationId">
1145. <xs:selector xpath="tfp:PredicateValidation"/>
1146. <xs:field xpath="@Id"/>
1147. </xs:key>
1148. </xs:element>
1149. <!--END-->
1150.  
1151. <xs:element minOccurs="0" maxOccurs="1" name="ClaimsTransformations">
1152. <xs:annotation>
1153. <xs:documentation>
1154. Contains a list of claims transforms that can be used in Technical Policies.
1155. </xs:documentation>
1156. </xs:annotation>
1157. <xs:complexType>
1158. <xs:sequence>
1159. <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsTransformation" type="tfp:ClaimsTransformation" />
1160. </xs:sequence>
1161. </xs:complexType>
1162. <xs:key name="UniqueClaimsTransformationId">
1163. <xs:selector xpath="tfp:ClaimsTransformation"/>
1164. <xs:field xpath="@Id"/>
1165. </xs:key>
1166. </xs:element>
1167.  
1168. <xs:element minOccurs="0" maxOccurs="1" name="ClientDefinitions">
1169. <xs:annotation>
1170. <xs:documentation>
1171. ClientDefinitions specify various properties specific to the end-user device for which the policy is being executed.
1172. </xs:documentation>
1173. </xs:annotation>
1174. <xs:complexType>
1175. <xs:sequence>
1176. <xs:element minOccurs="0" maxOccurs="unbounded" name="ClientDefinition" type="tfp:ClientDefinition" />
1177. </xs:sequence>
1178. </xs:complexType>
1179. <xs:key name="UniqueClientDefinitionId">
1180. <xs:selector xpath="tfp:ClientDefinition"/>
1181. <xs:field xpath="@Id"/>
1182. </xs:key>
1183. </xs:element>
1184.  
1185. <xs:element minOccurs="0" maxOccurs="1" name="ContentDefinitions">
1186. <xs:annotation>
1187. <xs:documentation>
1188. Content definitions contain URLs to external content (for example, URLs to pages used in claims providers such as Phone Factor).
1189. </xs:documentation>
1190. </xs:annotation>
1191. <xs:complexType>
1192. <xs:sequence>
1193. <xs:element minOccurs="0" maxOccurs="unbounded" name="ContentDefinition" type="tfp:ContentDefinition" />
1194. </xs:sequence>
1195. </xs:complexType>
1196. <xs:key name="UniqueContentDefinitionId">
1197. <xs:selector xpath="tfp:ContentDefinition"/>
1198. <xs:field xpath="@Id"/>
1199. </xs:key>
1200. </xs:element>
1201.  
1202. <xs:element minOccurs="0" maxOccurs="1" name="Localization">
1203. <xs:annotation>
1204. <xs:documentation>
1205. Defines the supported cultures and contains strings and collections in those cultures.
1206. </xs:documentation>
1207. </xs:annotation>
1208. <xs:complexType>
1209. <xs:sequence>
1210. <xs:element minOccurs="0" maxOccurs="1" name="SupportedLanguages" type="tfp:SupportedLanguages">
1211. <xs:annotation>
1212. <xs:documentation>
1213. Defines all the cultures that are supported by this policy.
1214. </xs:documentation>
1215. </xs:annotation>
1216. </xs:element>
1217. <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedResources" type="tfp:LocalizedResources">
1218. <xs:annotation>
1219. <xs:documentation>
1220. Contains all the translated strings for a specific culture.
1221. </xs:documentation>
1222. </xs:annotation>
1223. </xs:element>
1224. </xs:sequence>
1225. <xs:attribute use="optional" name="Enabled" type="xs:boolean">
1226. <xs:annotation>
1227. <xs:documentation>
1228. If set to true, the Localization section is used for rendering the strings and collections in appropriate languages, otherwise
1229. this section is not used.
1230. </xs:documentation>
1231. </xs:annotation>
1232. </xs:attribute>
1233. </xs:complexType>
1234. </xs:element>
1235.  
1236. <xs:element name="DisplayControls" minOccurs="0" maxOccurs="1">
1237. <xs:annotation>
1238. <xs:documentation>This section defines all display controls associated with user interface controls.</xs:documentation>
1239. </xs:annotation>
1240. <xs:complexType>
1241. <xs:sequence>
1242. <xs:element name="DisplayControl" type="DisplayControl" minOccurs="0" maxOccurs="unbounded">
1243. <xs:annotation>
1244. <xs:documentation>Defines the display control associated with user interface control.</xs:documentation>
1245. </xs:annotation>
1246. </xs:element>
1247. </xs:sequence>
1248. </xs:complexType>
1249. </xs:element>
1250. </xs:sequence>
1251. </xs:complexType>
1252.  
1253. <xs:complexType name="SupportedLanguages">
1254. <xs:annotation>
1255. <xs:documentation>
1256. Represents the set of supported language including the default language.
1257. </xs:documentation>
1258. </xs:annotation>
1259. <xs:sequence>
1260. <xs:element minOccurs="0" maxOccurs="unbounded" name="SupportedLanguage" type="tfp:Culture">
1261. <xs:annotation>
1262. <xs:documentation>
1263. Represents one supported language
1264. </xs:documentation>
1265. </xs:annotation>
1266. </xs:element>
1267. </xs:sequence>
1268. <xs:attribute name="DefaultLanguage" type="tfp:Culture">
1269. <xs:annotation>
1270. <xs:documentation>
1271. This is the default language that the customer will see user journeys in, if he doesnt specify any other supported culture.
1272. </xs:documentation>
1273. </xs:annotation>
1274. </xs:attribute>
1275. <xs:attribute name="PolicyLanguage" type="tfp:Culture">
1276. <xs:annotation>
1277. <xs:documentation>
1278. This is the the language the default values in the policy are written in.
1279. </xs:documentation>
1280. </xs:annotation>
1281. </xs:attribute>
1282. <xs:attribute use="optional" name="MergeBehavior" type="tfp:MergeBehavior">
1283. <xs:annotation>
1284. <xs:documentation>
1285. Specifies how the enumeration values will be merged together with any ClaimType present in a parent policy
1286. with the same identifier.
1287. </xs:documentation>
1288. </xs:annotation>
1289. </xs:attribute>
1290. </xs:complexType>
1291.  
1292. <xs:complexType name="LocalizedResources">
1293. <xs:annotation>
1294. <xs:documentation>
1295.  
1296. </xs:documentation>
1297. </xs:annotation>
1298. <xs:sequence>
1299. <xs:element minOccurs="0" maxOccurs="1" name="LocalizedCollections">
1300. <xs:annotation>
1301. <xs:documentation>
1302. A collection can have different number of items, and different strings for various cultures. This element
1303. allows defining the entire collections in various cultures. Examples of collections include the enumerations
1304. that appear in claim types, e.g. country/region list, and are shown to the user in a drop down list.
1305. </xs:documentation>
1306. </xs:annotation>
1307. <xs:complexType>
1308. <xs:sequence>
1309. <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedCollection" type="tfp:LocalizedCollection" />
1310. </xs:sequence>
1311. </xs:complexType>
1312. </xs:element>
1313. <xs:element minOccurs="0" maxOccurs="1" name="LocalizedStrings">
1314. <xs:annotation>
1315. <xs:documentation>
1316. This section is used to define all the strings, except those that appear in collections, in various cultures.
1317. </xs:documentation>
1318. </xs:annotation>
1319. <xs:complexType>
1320. <xs:sequence>
1321. <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedString" type="tfp:LocalizedString" />
1322. </xs:sequence>
1323. </xs:complexType>
1324. </xs:element>
1325. </xs:sequence>
1326. <xs:attribute name="Culture" type="tfp:Culture">
1327. <xs:annotation>
1328. <xs:documentation>
1329. </xs:documentation>
1330. </xs:annotation>
1331. </xs:attribute>
1332. <xs:attribute name="Id" type="xs:string">
1333. <xs:annotation>
1334. <xs:documentation>
1335. </xs:documentation>
1336. </xs:annotation>
1337. </xs:attribute>
1338. </xs:complexType>
1339. <!--
1340. Specifications for the various low-level types
1341. -->
1342. <xs:complexType name="JourneyFraming">
1343. <xs:annotation>
1344. <xs:documentation>
1345. Defines whether content journey framing is supported and the the corresponding
1346. domains allowed to frame.
1347. </xs:documentation>
1348. </xs:annotation>
1349. <xs:attribute use="required" name="Enabled" type="xs:boolean">
1350. <xs:annotation>
1351. <xs:documentation>
1352. Attribute indicating whether journey framing is enabled.
1353. </xs:documentation>
1354. </xs:annotation>
1355. </xs:attribute>
1356. <xs:attribute use="required" name="Sources" type="xs:string">
1357. <xs:annotation>
1358. <xs:documentation>
1359. A space seperated list of sources used to populate the CSP frame-ancestors directive
1360. and the X-Frame-Options headers. In the case if X-Frame-Options if more than one
1361. source is specified only the first source is included for X-Frame-Options and must
1362. be an absolute URL.
1363. </xs:documentation>
1364. </xs:annotation>
1365. </xs:attribute>
1366. </xs:complexType>
1367.  
1368. <xs:complexType name="JourneyOnError">
1369. <xs:annotation>
1370. <xs:documentation>
1371. Defines whether errors should be returned to the requestor or displayed in service.
1372. </xs:documentation>
1373. </xs:annotation>
1374. <xs:attribute use="required" name="Mode" type="tfp:JourneyOnErrorModeType">
1375. <xs:annotation>
1376. <xs:documentation>
1377. Attribute the error handling mode.
1378. </xs:documentation>
1379. </xs:annotation>
1380. </xs:attribute>
1381. </xs:complexType>
1382.  
1383. <xs:complexType name="SingleSignOn">
1384. <xs:annotation>
1385. <xs:documentation>
1386. Defines the behavior of the single sign-on functionality for this application policy
1387. </xs:documentation>
1388. </xs:annotation>
1389. <xs:attribute use="required" name="Scope" type="tfp:UserJourneyBehaviorScopeType">
1390. <xs:annotation>
1391. <xs:documentation>
1392. Defines the scope of the single sign-on behavior.
1393. </xs:documentation>
1394. </xs:annotation>
1395. </xs:attribute>
1396. <xs:attribute use="optional" name="KeepAliveInDays" type="xs:int">
1397. <xs:annotation>
1398. <xs:documentation>
1399. Defines the number of days to keep the session alive for when a user selects to be remembered.
1400. </xs:documentation>
1401. </xs:annotation>
1402. </xs:attribute>
1403. <xs:attribute use="optional" name="EnforceIdTokenHintOnLogout" type="xs:boolean">
1404. <xs:annotation>
1405. <xs:documentation>
1406. Attribute indicating whether the presence of the id_token_hint parameter is required for OIDC logout.
1407. </xs:documentation>
1408. </xs:annotation>
1409. </xs:attribute>
1410. </xs:complexType>
1411. <xs:complexType name="AzureApplicationInsights">
1412. <xs:annotation>
1413. <xs:documentation>
1414. DEPRECATED - Use JourneyInsights indicating ApplicationInsights as the telemetry engine.
1415. </xs:documentation>
1416. </xs:annotation>
1417. <xs:attribute use="required" name="InstrumentationKey" type="tfp:InstrumentationKey">
1418. <xs:annotation>
1419. <xs:documentation>
1420. Defines the instrumentation key for the application insights element.
1421. </xs:documentation>
1422. </xs:annotation>
1423. </xs:attribute>
1424. </xs:complexType>
1425. <xs:complexType name="JourneyInsights">
1426. <xs:annotation>
1427. <xs:documentation>
1428. Defines the Azure Applications Insight element which includes the application insights script in the user journeys.
1429. </xs:documentation>
1430. </xs:annotation>
1431. <xs:attribute use="required" name="InstrumentationKey" type="tfp:InstrumentationKey">
1432. <xs:annotation>
1433. <xs:documentation>
1434. Defines the instrumentation key for the application insights element.
1435. </xs:documentation>
1436. </xs:annotation>
1437. </xs:attribute>
1438. <xs:attribute use="required" name="TelemetryEngine" type="tfp:TelemetryEngineType">
1439. <xs:annotation>
1440. <xs:documentation>
1441. Values indicating which telemetry engine to use.
1442. </xs:documentation>
1443. </xs:annotation>
1444. </xs:attribute>
1445. <xs:attribute use="optional" name="DeveloperMode" type="xs:boolean">
1446. <xs:annotation>
1447. <xs:documentation>
1448. Values indicating whether the aplication insights should operate in developer mode. Default if not specified is false.
1449. </xs:documentation>
1450. </xs:annotation>
1451. </xs:attribute>
1452. <xs:attribute use="optional" name="ClientEnabled" type="xs:boolean">
1453. <xs:annotation>
1454. <xs:documentation>
1455. Values indicating whether the aplication insights should be run on the client via JavaScript. Default if not specified is false.
1456. </xs:documentation>
1457. </xs:annotation>
1458. </xs:attribute>
1459. <xs:attribute use="optional" name="ServerEnabled" type="xs:boolean">
1460. <xs:annotation>
1461. <xs:documentation>
1462. Values indicating whether the server-side journey recording is enabled. Default if not specified is false.
1463. </xs:documentation>
1464. </xs:annotation>
1465. </xs:attribute>
1466. <xs:attribute use="optional" name="TelemetryVersion" type="tfp:ThreePartVersionNumber">
1467. <xs:annotation>
1468. <xs:documentation>
1469. Values indicating whether the version of journey telemetry to use. If not specified the lastest version is used.
1470. </xs:documentation>
1471. </xs:annotation>
1472. </xs:attribute>
1473.  
1474. </xs:complexType>
1475. <xs:complexType name="ContentDefinitionParameters">
1476. <xs:annotation>
1477. <xs:documentation>
1478. Defines a list of key value pairs to be appended to the query string of the content definition load uris.
1479. </xs:documentation>
1480. </xs:annotation>
1481. <xs:sequence>
1482. <xs:element name="Parameter" maxOccurs="unbounded" type="tfp:ContentDefinitionParameter">
1483. <xs:key name="UniqueContentDefinitionParameterName">
1484. <xs:selector xpath="tfp:ContentDefinitionParameter"/>
1485. <xs:field xpath="@Name"/>
1486. </xs:key>
1487. </xs:element>
1488. </xs:sequence>
1489. </xs:complexType>
1490. <xs:complexType name="ContentDefinitionParameter">
1491. <xs:annotation>
1492. <xs:documentation>
1493. Defines a key value pair that is to be appended to the query string of content definition load uri.
1494. </xs:documentation>
1495. </xs:annotation>
1496. <xs:simpleContent>
1497. <xs:extension base="xs:string">
1498. <xs:attribute name="Name" type="xs:string" use="required"/>
1499. </xs:extension>
1500. </xs:simpleContent>
1501. </xs:complexType>
1502.  
1503. <xs:complexType name="ClaimsTransformation">
1504. <xs:annotation>
1505. <xs:documentation>
1506. Transforms take a set of claims, process them, and output another set of claims.
1507. </xs:documentation>
1508. </xs:annotation>
1509. <xs:sequence>
1510. <xs:element name="InputClaims" minOccurs="0" maxOccurs="1">
1511. <xs:annotation>
1512. <xs:documentation>
1513. A list of the Claim Types that are taken as input to the Claims Transformation. Each of these elements contains reference
1514. to a ClaimType already defined in the ClaimsSchema section.
1515. </xs:documentation>
1516. </xs:annotation>
1517. <xs:complexType>
1518. <xs:sequence>
1519. <xs:element minOccurs="0" maxOccurs="unbounded" name="InputClaim" type="tfp:ClaimsTransformationClaimTypeReference" />
1520. </xs:sequence>
1521. </xs:complexType>
1522. </xs:element>
1523. <xs:element name="InputParameters" minOccurs="0" maxOccurs="1">
1524. <xs:annotation>
1525. <xs:documentation>
1526. A list of the parameters that are provided as input to the Claims Transformation. Each of these elements contains a value that is passed
1527. verbatim to the transformation.
1528. </xs:documentation>
1529. </xs:annotation>
1530. <xs:complexType>
1531. <xs:sequence>
1532. <xs:element minOccurs="1" maxOccurs="unbounded" name="InputParameter" type="tfp:ClaimsTransformationParameter" />
1533. </xs:sequence>
1534. </xs:complexType>
1535. </xs:element>
1536. <xs:element name="OutputClaims" minOccurs="0" maxOccurs="1">
1537. <xs:annotation>
1538. <xs:documentation>
1539. A list of the Claim Types that are taken as input to the Claims Transformation. Each of these elements contains reference
1540. to a ClaimType already defined in the ClaimsSchema section.
1541. </xs:documentation>
1542. </xs:annotation>
1543. <xs:complexType>
1544. <xs:sequence>
1545. <xs:element minOccurs="1" maxOccurs="unbounded" name="OutputClaim" type="tfp:ClaimsTransformationClaimTypeReference">
1546. <xs:annotation>
1547. <xs:documentation>
1548. The Claim Type that is outputted by the Claims Transformation. This element contains reference to a ClaimType already defined
1549. in the ClaimsSchema section.
1550. </xs:documentation>
1551. </xs:annotation>
1552. </xs:element>
1553. </xs:sequence>
1554. </xs:complexType>
1555. </xs:element>
1556. </xs:sequence>
1557. <xs:attribute use="required" name="Id" type="xs:string">
1558. <xs:annotation>
1559. <xs:documentation>
1560. A machine understandable identifier that is used to uniquely identify this particular Claims Transform, and reference it
1561. from other sections of the document.
1562. </xs:documentation>
1563. </xs:annotation>
1564. </xs:attribute>
1565. <xs:attribute use="required" name="TransformationMethod" type="xs:string">
1566. <xs:annotation>
1567. <xs:documentation>
1568. A machine understandable identifier to reference the published transformation method to be used.
1569. </xs:documentation>
1570. </xs:annotation>
1571. </xs:attribute>
1572. </xs:complexType>
1573. <xs:complexType name="ContentDefinition">
1574. <xs:sequence>
1575. <xs:element minOccurs="0" maxOccurs="1" name="LoadUri" />
1576. <xs:element minOccurs="0" maxOccurs="1" name="RecoveryUri" type="tfp:ContentUriTYPE" />
1577. <xs:element minOccurs="0" maxOccurs="1" name="DataUri" type="tfp:ContentUriTYPE" />
1578. <xs:element minOccurs="0" maxOccurs="1" name="Metadata" type="tfp:metadataTYPE">
1579. <xs:annotation>
1580. <xs:documentation>
1581. Metadata section that can be used to override API settings and content
1582. </xs:documentation>
1583. </xs:annotation>
1584. </xs:element>
1585. <xs:element minOccurs="0" maxOccurs="1" name="LocalizedResourcesReferences">
1586. <xs:annotation>
1587. <xs:documentation>
1588. Contains a list of references to localized resources. The reference can be of the form of URL or a machine understandable identifier
1589. that is used to uniquely identify the specific localized resource in the policy.
1590. </xs:documentation>
1591. </xs:annotation>
1592. <xs:complexType>
1593. <xs:sequence>
1594. <xs:element minOccurs="0" maxOccurs="unbounded" name="LocalizedResourcesReference" type="tfp:LocalizedResourcesReference" />
1595. </xs:sequence>
1596. <xs:attribute use="optional" name="MergeBehavior" type="tfp:MergeBehavior">
1597. <xs:annotation>
1598. <xs:documentation>
1599. Specifies how the enumeration values will be merged together with any ClaimType present in a parent policy
1600. with the same identifier.
1601. </xs:documentation>
1602. </xs:annotation>
1603. </xs:attribute>
1604. </xs:complexType>
1605. </xs:element>
1606. </xs:sequence>
1607. <xs:attribute use="required" name="Id" type="xs:string">
1608. <xs:annotation>
1609. <xs:documentation>
1610. A machine understandable identifier that is used to uniquely identify this particular Content Definition, and reference it
1611. from other sections of the document.
1612. </xs:documentation>
1613. </xs:annotation>
1614. </xs:attribute>
1615. </xs:complexType>
1616.  
1617. <xs:complexType name="LocalizedResourcesReference">
1618. <xs:attribute use="required" name="Language" type="tfp:Culture" />
1619. <xs:attribute use="optional" name="Url" type="xs:string">
1620. <xs:annotation>
1621. <xs:documentation>
1622. The url to a localized resource hosted on a CORS enabled endpoint. This resource will be fetched by the clientside code.
1623. </xs:documentation>
1624. </xs:annotation>
1625. </xs:attribute>
1626. <xs:attribute use="optional" name="LocalizedResourcesReferenceId" type="xs:string">
1627. <xs:annotation>
1628. <xs:documentation>
1629. A machine understandable identifier that is used to uniquely identify this particular Localized Resource, and reference it
1630. from other sections of the document.
1631. </xs:documentation>
1632. </xs:annotation>
1633. </xs:attribute>
1634. </xs:complexType>
1635.  
1636. <xs:complexType name="ClientDefinition">
1637. <xs:annotation>
1638. <xs:documentation>
1639. Contains settings for a User Journey on a client.
1640. </xs:documentation>
1641. </xs:annotation>
1642. <xs:sequence>
1643. <xs:element minOccurs="1" maxOccurs="1" name="ClientUIFilterFlags" type="xs:string">
1644. <xs:annotation>
1645. <xs:documentation>
1646. These flags are used for indicate the client's UI behavior.
1647. </xs:documentation>
1648. </xs:annotation>
1649. </xs:element>
1650. </xs:sequence>
1651. <xs:attribute use="required" name="Id" type="xs:string">
1652. <xs:annotation>
1653. <xs:documentation>
1654. A unique identifier that allows this client definition to be referenced from a User Journey.
1655. </xs:documentation>
1656. </xs:annotation>
1657. </xs:attribute>
1658. </xs:complexType>
1659.  
1660. <xs:complexType name="ClaimsProvider">
1661. <xs:annotation>
1662. <xs:documentation>
1663. Represents a Claims Provider, along with its technical profiles.
1664. </xs:documentation>
1665. </xs:annotation>
1666. <xs:sequence>
1667. <xs:element minOccurs="0" maxOccurs="1" name="Domains">
1668. <xs:annotation>
1669. <xs:documentation>
1670. Domain names for the claim provider.
1671. </xs:documentation>
1672. </xs:annotation>
1673. <xs:complexType>
1674. <xs:sequence>
1675. <xs:element minOccurs="1" maxOccurs="unbounded" name="Domain" type="tfp:nonemptystring">
1676. <xs:annotation>
1677. <xs:documentation>
1678. The human understandable domain name for the claim provider.
1679. </xs:documentation>
1680. </xs:annotation>
1681. </xs:element>
1682. </xs:sequence>
1683. </xs:complexType>
1684. </xs:element>
1685. <xs:element minOccurs="0" maxOccurs="1" name="Domain" type="xs:string">
1686. <xs:annotation>
1687. <xs:documentation>
1688. The human understandable domain name for the claim provider.
1689. </xs:documentation>
1690. </xs:annotation>
1691. </xs:element>
1692. <xs:element minOccurs="0" maxOccurs="1" name="DisplayName" type="xs:string">
1693. <xs:annotation>
1694. <xs:documentation>
1695. The human understandable name of the claims provider that can be displayed to the users.
1696. </xs:documentation>
1697. </xs:annotation>
1698. </xs:element>
1699. <xs:element name="TechnicalProfiles">
1700. <xs:annotation>
1701. <xs:documentation>
1702. List of Technical Profiles for exchanging claims with this claims provider.
1703. </xs:documentation>
1704. </xs:annotation>
1705. <xs:complexType>
1706. <xs:sequence>
1707. <xs:element minOccurs="0" maxOccurs="unbounded" name="TechnicalProfile" type="tfp:TechnicalProfile" />
1708. </xs:sequence>
1709. </xs:complexType>
1710. </xs:element>
1711. </xs:sequence>
1712. </xs:complexType>
1713.  
1714. <xs:complexType name="Preconditions">
1715. <xs:annotation>
1716. <xs:documentation>
1717. A collection of Precondition elements.
1718. </xs:documentation>
1719. </xs:annotation>
1720. <xs:sequence>
1721. <xs:element minOccurs="1" maxOccurs="unbounded" name="Precondition" type="tfp:Precondition" />
1722. </xs:sequence>
1723. </xs:complexType>
1724.  
1725. <xs:complexType name="Precondition">
1726. <xs:annotation>
1727. <xs:documentation>
1728. Represents a conditional check should is performed to determine if an OrchestrationStep or a validation technical profile should be executed.
1729. </xs:documentation>
1730. </xs:annotation>
1731. <xs:sequence>
1732. <xs:element minOccurs="1" maxOccurs="unbounded" name="Value" type="xs:string">
1733. <xs:annotation>
1734. <xs:documentation>
1735. The data that is used by the check. For example, if the Type of this check is "ClaimsExist", this field
1736. will specify a ClaimTypeReferenceId to query for.
1737. </xs:documentation>
1738. </xs:annotation>
1739. </xs:element>
1740. <xs:element minOccurs="1" maxOccurs="unbounded" name="Action" type="tfp:PreconditionActionType">
1741. <xs:annotation>
1742. <xs:documentation>
1743. Specifies the action that should be taken if the Precondition check is true, such as "SkipThisOrchestrationStep" and "SkipThisValidationTechnicalProfile"
1744. </xs:documentation>
1745. </xs:annotation>
1746. </xs:element>
1747. </xs:sequence>
1748. <xs:attribute use="required" name="Type" type="tfp:PreconditionType" >
1749. <xs:annotation>
1750. <xs:documentation>
1751. The type of check to perform.
1752. </xs:documentation>
1753. </xs:annotation>
1754. </xs:attribute>
1755. <xs:attribute use="required" name="ExecuteActionsIf" type="xs:boolean" >
1756. <xs:annotation>
1757. <xs:documentation>
1758. Specifies if the actions in this precondition should be performed if the test is true or false.
1759. </xs:documentation>
1760. </xs:annotation>
1761. </xs:attribute>
1762. </xs:complexType>
1763.  
1764. <xs:complexType name="PredicateReference">
1765. <xs:annotation>
1766. <xs:documentation>
1767. A reference to a predicate element.
1768. </xs:documentation>
1769. </xs:annotation>
1770. <xs:attribute use="required" name="Id" type="xs:string">
1771. <xs:annotation>
1772. <xs:documentation>
1773. A machine readable identifier that references a predicate in the policy.
1774. </xs:documentation>
1775. </xs:annotation>
1776. </xs:attribute>
1777. </xs:complexType>
1778.  
1779. <xs:complexType name="InputValidation">
1780. <xs:annotation>
1781. <xs:documentation>
1782. A combination of predicate groups and predicates that will define how to validate an input.
1783. </xs:documentation>
1784. </xs:annotation>
1785. <xs:sequence>
1786. <xs:element minOccurs="0" maxOccurs="unbounded" name="PredicateReferences" type="tfp:PredicateReferences" />
1787. </xs:sequence>
1788. <xs:attribute use="required" name="Id" type="xs:string">
1789. <xs:annotation>
1790. <xs:documentation>
1791. A machine readable identifier that can be used to reference the input validation in the policy.
1792. </xs:documentation>
1793. </xs:annotation>
1794. </xs:attribute>
1795. </xs:complexType>
1796.  
1797. <xs:complexType name="PredicateReferences">
1798. <xs:annotation>
1799. <xs:documentation>
1800. A set of predicates.
1801. </xs:documentation>
1802. </xs:annotation>
1803. <xs:sequence>
1804. <xs:element minOccurs="1" maxOccurs="unbounded" name="PredicateReference" type="tfp:PredicateReference" />
1805. </xs:sequence>
1806. <!--This attribute will need to be removed in favor of the id in "PredicateGroup"-->
1807. <xs:attribute name="Id" type="xs:string">
1808. <xs:annotation>
1809. <xs:documentation>
1810. A machine readable identifier for the pattern group that cannot be refrenced.
1811. </xs:documentation>
1812. </xs:annotation>
1813. </xs:attribute>
1814. <!--This attribute will need to be removed in favor of the element type "UserHelpText"-->
1815. <xs:attribute name="HelpText" type="xs:string">
1816. <xs:annotation>
1817. <xs:documentation>
1818. The help text shown for the predicate group in case of an error.
1819. </xs:documentation>
1820. </xs:annotation>
1821. </xs:attribute>
1822. <xs:attribute name="MatchAtLeast" type="xs:integer">
1823. <xs:annotation>
1824. <xs:documentation>
1825. The least number of predicates that must match for the prediate group to take effect.
1826. </xs:documentation>
1827. </xs:annotation>
1828. </xs:attribute>
1829. <xs:attribute name="Reject" type="xs:boolean">
1830. <xs:annotation>
1831. <xs:documentation>
1832. The least number of predicates that must match for the prediate group to take effect.
1833. </xs:documentation>
1834. </xs:annotation>
1835. </xs:attribute>
1836. </xs:complexType>
1837.  
1838. <xs:complexType name="Parameter">
1839. <xs:annotation>
1840. <xs:documentation>
1841. Represents a single parameter that will be passed to a predicate method.
1842. </xs:documentation>
1843. </xs:annotation>
1844. <xs:simpleContent>
1845. <xs:extension base="xs:string">
1846. <xs:annotation>
1847. <xs:documentation>
1848. The value of the parameter.
1849. </xs:documentation>
1850. </xs:annotation>
1851.  
1852. <xs:attribute use="required" name="Id" type="xs:string">
1853. <xs:annotation>
1854. <xs:documentation>
1855. The name of the parameter.
1856. </xs:documentation>
1857. </xs:annotation>
1858. </xs:attribute>
1859. </xs:extension>
1860. </xs:simpleContent>
1861. </xs:complexType>
1862.  
1863. <xs:complexType name="Parameters">
1864. <xs:annotation>
1865. <xs:documentation>
1866. A collection of Parameters passed to a predicate.
1867. </xs:documentation>
1868. </xs:annotation>
1869. <xs:sequence>
1870. <xs:element minOccurs="0" maxOccurs="unbounded" name="Parameter" type="tfp:Parameter" />
1871. </xs:sequence>
1872. </xs:complexType>
1873.  
1874. <xs:complexType name="Predicate">
1875. <xs:annotation>
1876. <xs:documentation>
1877. Defines a single predicate that will be used to create an input validation.
1878. </xs:documentation>
1879. </xs:annotation>
1880. <xs:sequence>
1881. <xs:element minOccurs="0" maxOccurs="1" name="UserHelpText" type="xs:string">
1882. <xs:annotation>
1883. <xs:documentation>
1884. A description of the predicate that can be helpful for the users to know what password they should type.
1885. </xs:documentation>
1886. </xs:annotation>
1887. </xs:element>
1888. <xs:element minOccurs="0" maxOccurs="1" name="Parameters" type="tfp:Parameters" />
1889. </xs:sequence>
1890. <xs:attribute use="required" name="Id" type="xs:string">
1891. <xs:annotation>
1892. <xs:documentation>
1893. A machine understandable identifier that is used to uniquely identify this particular Predicate, and reference it
1894. from other sections of the document.
1895. </xs:documentation>
1896. </xs:annotation>
1897. </xs:attribute>
1898. <xs:attribute use="required" name="Method" type="xs:string">
1899. <xs:annotation>
1900. <xs:documentation>
1901. The method that will be called to validate this predicate, it takes as input the param elements and a string value and returns a boolean.
1902. </xs:documentation>
1903. </xs:annotation>
1904. </xs:attribute>
1905. <!--This attribute will need to remove in favor of the element type "UserHelpText"-->
1906. <xs:attribute name="HelpText" type="xs:string">
1907. <xs:annotation>
1908. <xs:documentation>
1909. The help text that will be shown to the user if the input validation that the predicate is in fails.
1910. </xs:documentation>
1911. </xs:annotation>
1912. </xs:attribute>
1913. </xs:complexType>
1914.  
1915. <!--New password complexity schema xsd-->
1916. <xs:complexType name="PredicateGroups">
1917. <xs:annotation>
1918. <xs:documentation>
1919. A set of predicate group.
1920. </xs:documentation>
1921. </xs:annotation>
1922. <xs:sequence>
1923. <xs:element minOccurs="1" maxOccurs="unbounded" name="PredicateGroup" type="tfp:PredicateGroup" />
1924. </xs:sequence>
1925. </xs:complexType>
1926.  
1927. <xs:complexType name="PredicateGroup">
1928. <xs:annotation>
1929. <xs:documentation>
1930. A reference to a predicate element.
1931. </xs:documentation>
1932. </xs:annotation>
1933. <xs:sequence>
1934. <xs:element minOccurs="0" maxOccurs="1" name="UserHelpText" type="xs:string">
1935. <xs:annotation>
1936. <xs:documentation>
1937. A description of the predicate that can be helpful for the users to know what password they should type.
1938. </xs:documentation>
1939. </xs:annotation>
1940. </xs:element>
1941. <xs:element minOccurs="0" maxOccurs="unbounded" name="PredicateReferences" type="tfp:PredicateReferences" />
1942. </xs:sequence>
1943. <xs:attribute use="required" name="Id" type="xs:string">
1944. <xs:annotation>
1945. <xs:documentation>
1946. A machine readable identifier that can be used to indicate the name of predicate group, it can not be referenced.
1947. </xs:documentation>
1948. </xs:annotation>
1949. </xs:attribute>
1950. </xs:complexType>
1951.  
1952. <xs:complexType name="PredicateValidation">
1953. <xs:annotation>
1954. <xs:documentation>
1955. A combination of predicate groups and predicates that will define how to validate an input.
1956. </xs:documentation>
1957. </xs:annotation>
1958. <xs:sequence>
1959. <xs:element minOccurs="0" maxOccurs="unbounded" name="PredicateGroups" type="tfp:PredicateGroups" />
1960. </xs:sequence>
1961. <xs:attribute use="required" name="Id" type="xs:string">
1962. <xs:annotation>
1963. <xs:documentation>
1964. A machine readable identifier that can be used to reference the predicate validation in the policy.
1965. </xs:documentation>
1966. </xs:annotation>
1967. </xs:attribute>
1968. </xs:complexType>
1969.  
1970. <xs:complexType name="PredicateValidationReference">
1971. <xs:annotation>
1972. <xs:documentation>
1973. A reference to an predicate validation element.
1974. </xs:documentation>
1975. </xs:annotation>
1976. <xs:attribute use="required" name="Id" type="xs:string">
1977. <xs:annotation>
1978. <xs:documentation>
1979. A machine readable identifier that references a predicate validation in the policy.
1980. </xs:documentation>
1981. </xs:annotation>
1982. </xs:attribute>
1983. </xs:complexType>
1984. <!--End-->
1985.  
1986. <xs:complexType name="ClaimsProviderSelections">
1987. <xs:annotation>
1988. <xs:documentation>
1989. A collection of ClaimsProviderSelection elements.
1990. </xs:documentation>
1991. </xs:annotation>
1992. <xs:sequence>
1993. <xs:element minOccurs="1" maxOccurs="unbounded" name="ClaimsProviderSelection" type="tfp:ClaimsProviderSelection" />
1994. </xs:sequence>
1995. <xs:attribute use="optional" name="DisplayOption" type="tfp:ClaimsProviderSelectionDisplayOption" default="DoNotShowSingleProvider" />
1996. </xs:complexType>
1997.  
1998. <xs:complexType name="ClaimsProviderSelection">
1999. <xs:annotation>
2000. <xs:documentation>
2001. Shows options for the selection between various claims providers in a given step (such as Google/Facebook/Microsoft Account).
2002. </xs:documentation>
2003. </xs:annotation>
2004. <xs:attribute use="optional" name="TargetClaimsExchangeId" type="xs:string" />
2005. <xs:attribute use="optional" name="ValidationClaimsExchangeId" type="xs:string" />
2006. </xs:complexType>
2007.  
2008. <xs:complexType name="ClaimsExchanges">
2009. <xs:annotation>
2010. <xs:documentation>
2011. A collection of ClaimsExchange elements.
2012. </xs:documentation>
2013. </xs:annotation>
2014. <xs:sequence>
2015. <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsExchange" type="tfp:ClaimsExchange" />
2016. </xs:sequence>
2017. <xs:attribute use="optional" name="UserIdentity" type="xs:boolean" default="false" />
2018. </xs:complexType>
2019.  
2020. <xs:complexType name="ClaimsExchange">
2021. <xs:annotation>
2022. <xs:documentation>
2023. Depending on the Technical Profile being used, a Claims Exchange either redirects the user’s client corresponding to the
2024. ClaimsProviderSelection that the user may have selected, or makes a server call to exchange claims.
2025. </xs:documentation>
2026. </xs:annotation>
2027. <xs:attribute use="required" name="Id" type="xs:string">
2028. <xs:annotation>
2029. <xs:documentation>
2030. A machine understandable identifier that is used to uniquely identify this particular Claims Exchange step, and reference
2031. it from a ClaimsProviderSelection step.
2032. </xs:documentation>
2033. </xs:annotation>
2034. </xs:attribute>
2035. <xs:attribute use="required" name="TechnicalProfileReferenceId" type="xs:string">
2036. <xs:annotation>
2037. <xs:documentation>
2038. The unique identifier of the Technical Profile which is used for claims exchange.
2039. </xs:documentation>
2040. </xs:annotation>
2041. </xs:attribute>
2042. </xs:complexType>
2043.  
2044. <xs:complexType name="JourneyList">
2045. <xs:annotation>
2046. <xs:documentation>
2047. A list of SubJourneys that are able to be executed during an Orchestration Step
2048. </xs:documentation>
2049. </xs:annotation>
2050. <xs:sequence>
2051. <xs:element minOccurs="1" maxOccurs="unbounded" name="Candidate" type="tfp:Candidate" />
2052. </xs:sequence>
2053. </xs:complexType>
2054.  
2055. <xs:complexType name="Candidate">
2056. <xs:annotation>
2057. <xs:documentation>
2058. A candidate is a single journey type that can be invoked on it's own during an Orchestration Step
2059. </xs:documentation>
2060. </xs:annotation>
2061. <xs:attribute use="required" name="SubJourneyReferenceId" type="xs:string">
2062. <xs:annotation>
2063. <xs:documentation>
2064. The unique identifier for the SubJourney that can be executed
2065. </xs:documentation>
2066. </xs:annotation>
2067. </xs:attribute>
2068. </xs:complexType>
2069.  
2070. <xs:complexType name="ClaimsTransformationReference">
2071. <xs:annotation>
2072. <xs:documentation>
2073. ClaimsTransformations may be used in a TechnicalProfile for transforming claims when they are sent to and received from a claims
2074. provider. A ClaimsTransformation must be defined in this section before it can be referenced in a TechnicalProfile.
2075. </xs:documentation>
2076. </xs:annotation>
2077. <xs:attribute use="required" name="ReferenceId" type="xs:string" />
2078. </xs:complexType>
2079.  
2080. <xs:complexType name="InputValidationReference">
2081. <xs:annotation>
2082. <xs:documentation>
2083. A reference to an input validation element.
2084. </xs:documentation>
2085. </xs:annotation>
2086. <xs:attribute use="required" name="Id" type="xs:string">
2087. <xs:annotation>
2088. <xs:documentation>
2089. A machine readable identifier that references a predicate in the policy.
2090. </xs:documentation>
2091. </xs:annotation>
2092. </xs:attribute>
2093. </xs:complexType>
2094.  
2095. <xs:complexType name="ClaimType">
2096. <xs:annotation>
2097. <xs:documentation>
2098. Defines a single claim type.
2099. </xs:documentation>
2100. </xs:annotation>
2101. <xs:sequence>
2102. <xs:element minOccurs="0" maxOccurs="1" name="DisplayName" type="xs:string">
2103. <xs:annotation>
2104. <xs:documentation>
2105. The human understandable name of the claim type that is displayed to the users on various screens.
2106. </xs:documentation>
2107. </xs:annotation>
2108. </xs:element>
2109. <xs:element minOccurs="0" maxOccurs="1" name="DataType" type="tfp:DataType">
2110. <xs:annotation>
2111. <xs:documentation>
2112. The type of data stored in the claim type, such as String, Boolean, Int or DateTime. This type may be used by
2113. claims transforms and may thus participate in comparison or arithmetic operations. Associating an appropriate type
2114. ensures that these operations are performed correctly by the transforms.
2115. </xs:documentation>
2116. </xs:annotation>
2117. </xs:element>
2118. <xs:element minOccurs="0" maxOccurs="unbounded" name="DefaultPartnerClaimTypes">
2119. <xs:annotation>
2120. <xs:documentation>
2121. If a partner claim type is not provided in a claim mapping, then these partner claim types are used for
2122. the specified protocol.
2123. </xs:documentation>
2124. </xs:annotation>
2125. <xs:complexType>
2126. <xs:sequence>
2127. <xs:element minOccurs="0" maxOccurs="unbounded" name="Protocol">
2128. <xs:complexType>
2129. <xs:annotation>
2130. <xs:documentation>
2131. The list of technical profiles that is allowed to be used against a claims provider selection.
2132. </xs:documentation>
2133. </xs:annotation>
2134. <xs:attribute use="required" name="Name" type="tfp:ProtocolName" />
2135. <xs:attribute use="optional" name="Handler" type="xs:string" />
2136. <xs:attribute use="required" name="PartnerClaimType" type="xs:string" />
2137. </xs:complexType>
2138. </xs:element>
2139. </xs:sequence>
2140. </xs:complexType>
2141. </xs:element>
2142. <xs:element minOccurs="0" maxOccurs="1" name="Mask" type="tfp:claimMaskTYPE">
2143. <xs:annotation>
2144. <xs:documentation>
2145. An optional string of masking characters that can be applied to the claim when displaying the claim for example phone number
2146. 324-232-4343 masked as XXX-XXX-4343
2147. </xs:documentation>
2148. </xs:annotation>
2149. </xs:element>
2150. <xs:element minOccurs="0" maxOccurs="1" name="AdminHelpText" type="xs:string">
2151. <xs:annotation>
2152. <xs:documentation>
2153. A description of the claim type that can be helpful for the administrators to understand the purpose and/or usage of
2154. the claim type.
2155. </xs:documentation>
2156. </xs:annotation>
2157. </xs:element>
2158. <xs:element minOccurs="0" maxOccurs="1" name="UserHelpText" type="xs:string">
2159. <xs:annotation>
2160. <xs:documentation>
2161. A description of the claim type that can be helpful for the users to understand the purpose and/or usage of the claim type.
2162. </xs:documentation>
2163. </xs:annotation>
2164. </xs:element>
2165. <xs:element minOccurs="0" maxOccurs="1" name="UserInputType" type="tfp:UserInputType">
2166. <xs:annotation>
2167. <xs:documentation>
2168. The type of input control that should be available to the user when manually entering claim data for this claim type.
2169. </xs:documentation>
2170. </xs:annotation>
2171. </xs:element>
2172. <xs:element minOccurs="0" maxOccurs="1" name="Restriction" type="tfp:Restriction">
2173. <xs:annotation>
2174. <xs:documentation>
2175. The value restrictions for this claim, such as a regular expression or a list of acceptable values.
2176. </xs:documentation>
2177. </xs:annotation>
2178. </xs:element>
2179. <xs:element minOccurs="0" maxOccurs="1" name="InputValidationReference" type="tfp:InputValidationReference" />
2180. <xs:element minOccurs="0" maxOccurs="1" name="PredicateValidationReference" type="tfp:PredicateValidationReference" />
2181. </xs:sequence>
2182. <xs:attribute use="required" name="Id" type="xs:string">
2183. <xs:annotation>
2184. <xs:documentation>
2185. A machine understandable identifier that is used to uniquely identify this particular Claim Type, and reference it
2186. from other sections of the document.
2187. </xs:documentation>
2188. </xs:annotation>
2189. </xs:attribute>
2190. <xs:attribute name="StatementType" type="tfp:StatementType" default="Attribute">
2191. <xs:annotation>
2192. <xs:documentation>
2193. The type of statement the claim type represents, such as Attribute, Authentication or Subject, the default being Attribute. This type may be used by
2194. claims transforms and may thus participate in comparison or arithmetic operations. Associating an appropriate type
2195. ensures that these operations are performed correctly by the transforms.
2196. </xs:documentation>
2197. </xs:annotation>
2198. </xs:attribute>
2199. </xs:complexType>
2200.  
2201. <xs:complexType name="Contact">
2202. <xs:sequence>
2203. <xs:element minOccurs="1" maxOccurs="1" name="DisplayName" type="xs:string">
2204. <xs:annotation>
2205. <xs:documentation>
2206. The display name.
2207. </xs:documentation>
2208. </xs:annotation>
2209. </xs:element>
2210. <xs:element minOccurs="1" maxOccurs="1" name="TelephoneNumber" type="xs:string">
2211. <xs:annotation>
2212. <xs:documentation>
2213. The telephone number.
2214. </xs:documentation>
2215. </xs:annotation>
2216. </xs:element>
2217. <xs:element minOccurs="1" maxOccurs="1" name="Email" type="xs:string">
2218. <xs:annotation>
2219. <xs:documentation>
2220. The email address.
2221. </xs:documentation>
2222. </xs:annotation>
2223. </xs:element>
2224. <xs:element minOccurs="1" maxOccurs="1" name="Role" type="xs:string">
2225. <xs:annotation>
2226. <xs:documentation>
2227. The role of the contact.
2228. </xs:documentation>
2229. </xs:annotation>
2230. </xs:element>
2231. </xs:sequence>
2232. <xs:attribute use="required" name="Id" type="xs:string">
2233. <xs:annotation>
2234. <xs:documentation>
2235. A machine understandable identifier that is used to uniquely identify this particular Contact.
2236. </xs:documentation>
2237. </xs:annotation>
2238. </xs:attribute>
2239. </xs:complexType>
2240.  
2241. <xs:complexType name="DocumentReference">
2242. <xs:annotation>
2243. <xs:documentation>
2244. Certain documents, such as terms of use or privacy policy, may be made available to the Relying Parties or even the
2245. users before they sign up to the use one of the services provided by CPIM. The RPs may use these documents to determine
2246. whether the TF is appropriate for the purposes it intends to use it for. The users may view these documents to look at
2247. the parameters within which RPs and the TF will operate and determine whether they want to participate or not.
2248. </xs:documentation>
2249. </xs:annotation>
2250. <xs:sequence>
2251. <xs:element minOccurs="1" maxOccurs="1" name="DisplayName" type="xs:string">
2252. <xs:annotation>
2253. <xs:documentation>
2254. The display name of the document.
2255. </xs:documentation>
2256. </xs:annotation>
2257. </xs:element>
2258. <xs:element minOccurs="1" maxOccurs="1" name="Url" type="xs:anyURI">
2259. <xs:annotation>
2260. <xs:documentation>
2261. The url where the document is located.
2262. </xs:documentation>
2263. </xs:annotation>
2264. </xs:element>
2265. </xs:sequence>
2266. <xs:attribute use="required" name="Id" type="xs:string" />
2267. </xs:complexType>
2268. <xs:complexType name="OrchestrationStep">
2269. <xs:annotation>
2270. <xs:documentation>
2271. Specifies the orchestration step.
2272. </xs:documentation>
2273. </xs:annotation>
2274. <xs:sequence>
2275. <xs:element minOccurs="0" maxOccurs="unbounded" name="Preconditions" type="tfp:Preconditions">
2276. <xs:annotation>
2277. <xs:documentation>
2278. A list of preconditions that must be satisfied for the step to execute.
2279. </xs:documentation>
2280. </xs:annotation>
2281. </xs:element>
2282. <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsProviderSelections" type="tfp:ClaimsProviderSelections">
2283. <xs:annotation>
2284. <xs:documentation>
2285. A list of Claims Provider Selection options for the Orchestration Step.
2286. </xs:documentation>
2287. </xs:annotation>
2288. </xs:element>
2289. <xs:element minOccurs="0" maxOccurs="unbounded" name="ClaimsExchanges" type="tfp:ClaimsExchanges">
2290. <xs:annotation>
2291. <xs:documentation>
2292. A list of Claims Exchanges for the Orchestration Step.
2293. </xs:documentation>
2294. </xs:annotation>
2295. </xs:element>
2296. <xs:element minOccurs="0" maxOccurs="unbounded" name="JourneyList" type="tfp:JourneyList">
2297. <xs:annotation>
2298. <xs:documentation>
2299. A list of available journeys that can be invoked by the Orchestration Step.
2300. </xs:documentation>
2301. </xs:annotation>
2302. </xs:element>
2303. </xs:sequence>
2304. <xs:attribute use="required" name="Order" type="xs:int">
2305. <xs:annotation>
2306. <xs:documentation>
2307. The order of the Orchestration Step. Orchestration Steps must appear in increasing order, in which they are executed.
2308. </xs:documentation>
2309. </xs:annotation>
2310. </xs:attribute>
2311. <xs:attribute use="required" name="Type" type="tfp:OrchestrationStepType">
2312. <xs:annotation>
2313. <xs:documentation>
2314. The type of the Orchestration Step.
2315. </xs:documentation>
2316. </xs:annotation>
2317. </xs:attribute>
2318. <xs:attribute use="optional" name="ContentDefinitionReferenceId" type="xs:string">
2319. <xs:annotation>
2320. <xs:documentation>
2321. A reference to the Content that the Orchestration Step can display to the user.
2322. </xs:documentation>
2323. </xs:annotation>
2324. </xs:attribute>
2325. <xs:attribute use="optional" name="CpimIssuerTechnicalProfileReferenceId" type="xs:string">
2326. <xs:annotation>
2327. <xs:documentation>
2328. Used on SendClaims steps to define the TechnicalProfileId of the claims provider
2329. that will mint the token for the relyingParty. If absent no RP token will be created.
2330. </xs:documentation>
2331. </xs:annotation>
2332. </xs:attribute>
2333. </xs:complexType>
2334.  
2335. <xs:complexType name="InputTokenSources">
2336. <xs:annotation>
2337. <xs:documentation>
2338. A list of sources for that can be the input assertions for the current technical profile.
2339. </xs:documentation>
2340. </xs:annotation>
2341. <xs:sequence>
2342. <xs:element minOccurs="1" maxOccurs="unbounded" name="TechnicalProfile">
2343. <xs:complexType>
2344. <xs:attribute use="required" name="Id" type="xs:string">
2345. <xs:annotation>
2346. <xs:documentation>
2347. A machine understandable identifier that is used to uniquely identify this particular technical policy.
2348. </xs:documentation>
2349. </xs:annotation>
2350. </xs:attribute>
2351. </xs:complexType>
2352. </xs:element>
2353. </xs:sequence>
2354. </xs:complexType>
2355.  
2356. <xs:complexType name="CryptographicKeys">
2357. <xs:annotation>
2358. <xs:documentation>
2359. Represents the CryptographicKeys that are used within the Policy. Since these are sensitive secrets, the actual cryptographic
2360. keys are stored outside of the Trust Framework Policy and would generally reside in a system deemed secure for
2361. cryptographic storage, such as in a hardware security module (HSM) or a key management service (KMS).
2362. </xs:documentation>
2363. </xs:annotation>
2364. <xs:sequence>
2365. <xs:element minOccurs="1" maxOccurs="unbounded" name="Key">
2366. <xs:complexType>
2367. <xs:attribute use="required" name="Id" type="xs:string">
2368. <xs:annotation>
2369. <xs:documentation>
2370. A machine understandable identifier that is used to uniquely identify this particular Cryptographic Key.
2371. </xs:documentation>
2372. </xs:annotation>
2373. </xs:attribute>
2374. <xs:attribute use="required" name="StorageReferenceId" type="xs:string">
2375. <xs:annotation>
2376. <xs:documentation>
2377. An identifier that references the key in the underlying key storage.
2378. </xs:documentation>
2379. </xs:annotation>
2380. </xs:attribute>
2381. </xs:complexType>
2382. </xs:element>
2383. </xs:sequence>
2384. </xs:complexType>
2385. <xs:complexType name="metadataTYPE">
2386. <xs:annotation>
2387. <xs:documentation>
2388. Defines the element for the protocol provider metadata.
2389. </xs:documentation>
2390. </xs:annotation>
2391. <xs:sequence>
2392. <xs:element name="Item" maxOccurs="unbounded" type="tfp:metadataItemTYPE">
2393. <xs:key name="UniqueMetadataItemKey">
2394. <xs:selector xpath="tfp:metadataItemTYPE"/>
2395. <xs:field xpath="@Key"/>
2396. </xs:key>
2397. </xs:element>
2398. </xs:sequence>
2399. </xs:complexType>
2400.  
2401. <!-- Type for a keyed string value that allows large string values
2402. such as CDATA or simple strings such as URLs -->
2403. <xs:complexType name="metadataItemTYPE">
2404. <xs:annotation>
2405. <xs:documentation>
2406. Defines a single metadata item for the protocol provider metadata.
2407. </xs:documentation>
2408. </xs:annotation>
2409. <xs:simpleContent>
2410. <xs:extension base="xs:string">
2411. <xs:attribute name="Key" type="xs:string" use="required"/>
2412. </xs:extension>
2413. </xs:simpleContent>
2414. </xs:complexType>
2415.  
2416. <xs:complexType name="ItemGroup">
2417. <xs:annotation>
2418. <xs:documentation>
2419. Defines a group of items of key/value pairs.
2420. </xs:documentation>
2421. </xs:annotation>
2422. <xs:sequence>
2423. <xs:element minOccurs="1" maxOccurs="unbounded" name="Item" type="tfp:Item"/>
2424. </xs:sequence>
2425. </xs:complexType>
2426.  
2427. <xs:complexType name="Item">
2428. <xs:annotation>
2429. <xs:documentation>
2430. Defines a single key/value pair item.
2431. </xs:documentation>
2432. </xs:annotation>
2433. <xs:attribute use="required" name="Key" type="xs:string">
2434. <xs:annotation>
2435. <xs:documentation>
2436. A key that uniquely identifies the item.
2437. </xs:documentation>
2438. </xs:annotation>
2439. </xs:attribute>
2440. <xs:attribute use="required" name="Value" type="xs:string">
2441. <xs:annotation>
2442. <xs:documentation>
2443. The value to hold in the item.
2444. </xs:documentation>
2445. </xs:annotation>
2446. </xs:attribute>
2447. </xs:complexType>
2448.  
2449. <xs:complexType name="PersistedClaim">
2450. <xs:annotation>
2451. <xs:documentation>
2452. The claim type in the normalized schema that is sent to the claims provider. The claim mappings are used to determine the
2453. provider claim type before sending to the claims provider.
2454. </xs:documentation>
2455. </xs:annotation>
2456. <xs:attribute use="required" name="ClaimTypeReferenceId" type="xs:string">
2457. <xs:annotation>
2458. <xs:documentation>
2459. Identifies a Claim Type specified in the Claims Schema.
2460. </xs:documentation>
2461. </xs:annotation>
2462. </xs:attribute>
2463. <xs:attribute use="optional" name="PartnerClaimType" type="xs:string">
2464. <xs:annotation>
2465. <xs:documentation>
2466. Identifies the claim type of the external partner that the specified policy claim type maps to. If the PartnerClaimType attribute
2467. is not specified, then the specified policy claim type is mapped to the partner claim type of the same name.
2468. </xs:documentation>
2469. </xs:annotation>
2470. </xs:attribute>
2471. <xs:attribute use="optional" name="DefaultValue" type="xs:string">
2472. <xs:annotation>
2473. <xs:documentation>
2474. If the claim indicated by ClaimTypeReferenceId does not exist, then the DefaultValue is used to create one so it can be used as an
2475. input claim by the technical profile.
2476. </xs:documentation>
2477. </xs:annotation>
2478. </xs:attribute>
2479. <xs:attribute use="optional" name="OverwriteIfExists" type="xs:boolean">
2480. <xs:annotation>
2481. <xs:documentation>
2482. Provides an optional property to the claims provider indicating whether the claim can be overwritten in the claims providers
2483. records if the claim provider supports overwriting.
2484. </xs:documentation>
2485. </xs:annotation>
2486. </xs:attribute>
2487. <xs:attribute use="optional" name="AlwaysUseDefaultValue" type="xs:boolean">
2488. <xs:annotation>
2489. <xs:documentation>
2490. Provides an optional property indicating whether the default claim value should always for the value of the claim.
2491. </xs:documentation>
2492. </xs:annotation>
2493. </xs:attribute>
2494. </xs:complexType>
2495.  
2496. <xs:complexType name="DisplayControl">
2497. <xs:annotation>
2498. <xs:documentation>
2499. A group of display elements in self asserted page that allows special interaction with the back-end.
2500. </xs:documentation>
2501. </xs:annotation>
2502. <xs:sequence>
2503. <xs:element name="InputClaims" minOccurs="0" maxOccurs="1">
2504. <xs:annotation>
2505. <xs:documentation>A list of input claims that indicate the prefilled values for user interface controls.</xs:documentation>
2506. </xs:annotation>
2507. <xs:complexType>
2508. <xs:sequence>
2509. <xs:element name="InputClaim" type="DisplayControlClaimTypeReference" minOccurs="0" maxOccurs="unbounded">
2510. <xs:annotation>
2511. <xs:documentation>The input claim that indicates the prefilled value for user interface control.</xs:documentation>
2512. </xs:annotation>
2513. </xs:element>
2514. </xs:sequence>
2515. </xs:complexType>
2516. </xs:element>
2517. <xs:element name="DisplayClaims" minOccurs="0" maxOccurs="1">
2518. <xs:annotation>
2519. <xs:documentation>A list of display claims to be displayed as user interface controls.</xs:documentation>
2520. </xs:annotation>
2521. <xs:complexType>
2522. <xs:sequence>
2523. <xs:element name="DisplayClaim" type="DisplayControlDisplayClaimReference" minOccurs="0" maxOccurs="unbounded">
2524. <xs:annotation>
2525. <xs:documentation>The display claim to be displayed as user interface control.</xs:documentation>
2526. </xs:annotation>
2527. </xs:element>
2528. </xs:sequence>
2529. </xs:complexType>
2530. </xs:element>
2531. <xs:element name="OutputClaims" minOccurs="0" maxOccurs="1">
2532. <xs:annotation>
2533. <xs:documentation>A list of output claims to be used by the relying technical profile.</xs:documentation>
2534. </xs:annotation>
2535. <xs:complexType>
2536. <xs:sequence>
2537. <xs:element name="OutputClaim" type="DisplayControlClaimTypeReference" minOccurs="0" maxOccurs="unbounded">
2538. <xs:annotation>
2539. <xs:documentation>The output claim to be used by the replying technical profile.</xs:documentation>
2540. </xs:annotation>
2541. </xs:element>
2542. </xs:sequence>
2543. </xs:complexType>
2544. </xs:element>
2545. <xs:element name="Actions" minOccurs="0" maxOccurs="1">
2546. <xs:annotation>
2547. <xs:documentation>A list of actions corresponding to front-end user control scenarios.</xs:documentation>
2548. </xs:annotation>
2549. <xs:complexType>
2550. <xs:sequence>
2551. <xs:element name="Action" type="DisplayControlAction" minOccurs="0" maxOccurs="unbounded">
2552. <xs:annotation>
2553. <xs:documentation>The display control action corresponding to a front-end user control scenario.</xs:documentation>
2554. </xs:annotation>
2555. </xs:element>
2556. </xs:sequence>
2557. </xs:complexType>
2558. </xs:element>
2559. </xs:sequence>
2560. <xs:attribute name="Id" type="xs:string" use="required">
2561. <xs:annotation>
2562. <xs:documentation>The identifier of the display control.</xs:documentation>
2563. </xs:annotation>
2564. </xs:attribute>
2565. <xs:attribute name="UserInterfaceControlType" type="UserInterfaceControlType" use="required">
2566. <xs:annotation>
2567. <xs:documentation>Type of user interface control that allows users to enter and verify claims.</xs:documentation>
2568. </xs:annotation>
2569. </xs:attribute>
2570. </xs:complexType>
2571.  
2572. <xs:complexType name="DisplayControlAction">
2573. <xs:sequence>
2574. <xs:element name="ValidationClaimsExchange" minOccurs="1" maxOccurs="1">
2575. <xs:annotation>
2576. <xs:documentation>
2577. A list of technical profiles to execute sequentially when the action is invoked.
2578. </xs:documentation>
2579. </xs:annotation>
2580. <xs:complexType>
2581. <xs:sequence>
2582. <xs:element name="ValidationClaimsExchangeTechnicalProfile" minOccurs="1" maxOccurs="unbounded">
2583. <xs:annotation>
2584. <xs:documentation>
2585. The technical profile reference to execute when action is invoked.
2586. </xs:documentation>
2587. </xs:annotation>
2588. <xs:complexType>
2589. <xs:sequence>
2590. <xs:element minOccurs="0" maxOccurs="unbounded" name="Preconditions" type="tfp:Preconditions">
2591. <xs:annotation>
2592. <xs:documentation>
2593. A list of preconditions that must be satisfied for the validation technical profile to execute.
2594. </xs:documentation>
2595. </xs:annotation>
2596. </xs:element>
2597. </xs:sequence>
2598. <xs:attribute name="TechnicalProfileReferenceId" type="xs:string" use="required">
2599. <xs:annotation>
2600. <xs:documentation>
2601. An identifier that is a reference to a Technical Profile specified in the one of the Claims Providers.
2602. </xs:documentation>
2603. </xs:annotation>
2604. </xs:attribute>
2605. <xs:attribute use="optional" name="ContinueOnSuccess" type="xs:boolean">
2606. <xs:annotation>
2607. <xs:documentation>
2608. A boolean indicating whether validation of any subsequent validation profiles should continue if this
2609. profile succeeds. The default is true, meaning that the processing of further validation profiles will continue.
2610. </xs:documentation>
2611. </xs:annotation>
2612. </xs:attribute>
2613. <xs:attribute use="optional" name="ContinueOnError" type="xs:boolean">
2614. <xs:annotation>
2615. <xs:documentation>
2616. A boolean indicating whether validation of any subsequent validation profiles should continue if this
2617. profile errors. The default is false, meaning that processing of further validation profiles will stop and
2618. an error returned.
2619. </xs:documentation>
2620. </xs:annotation>
2621. </xs:attribute>
2622. </xs:complexType>
2623. </xs:element>
2624. </xs:sequence>
2625. </xs:complexType>
2626. </xs:element>
2627. </xs:sequence>
2628. <xs:attribute name="Id" type="xs:string" use="required">
2629. <xs:annotation>
2630. <xs:documentation>
2631. The identifier of the display control action associated with a user interface scenario.
2632. </xs:documentation>
2633. </xs:annotation>
2634. </xs:attribute>
2635. </xs:complexType>
2636.  
2637. <xs:complexType name="DisplayClaimReference">
2638. <xs:attribute name="ClaimTypeReferenceId" type="xs:string" use="optional">
2639. <xs:annotation>
2640. <xs:documentation>
2641. An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
2642. </xs:documentation>
2643. </xs:annotation>
2644. </xs:attribute>
2645. <xs:attribute name="DisplayControlReferenceId" type="xs:string" use="optional">
2646. <xs:annotation>
2647. <xs:documentation>An identifier that is a reference to a defined DisplayControl.</xs:documentation>
2648. </xs:annotation>
2649. </xs:attribute>
2650. <xs:attribute use="optional" name="Required" type="xs:boolean">
2651. <xs:annotation>
2652. <xs:documentation>
2653. Identifies whether or not the user input is required for further actions.
2654. </xs:documentation>
2655. </xs:annotation>
2656. </xs:attribute>
2657. </xs:complexType>
2658.  
2659. <xs:complexType name="DisplayControlClaimTypeReference">
2660. <xs:attribute name="ClaimTypeReferenceId" type="xs:string" use="optional">
2661. <xs:annotation>
2662. <xs:documentation>
2663. An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
2664. </xs:documentation>
2665. </xs:annotation>
2666. </xs:attribute>
2667. <xs:attribute use="optional" name="Required" type="xs:boolean">
2668. <xs:annotation>
2669. <xs:documentation>
2670. Identifies whether or not the claim is required for this technical profile. If this property is not specified, false is assumed,
2671. meaning that the given claim may be utilized if available, but its absence does not indicate an error. For claims that are user
2672. asserted, this property controls whether or not the user is required to fill out the associated field before continuing.
2673. </xs:documentation>
2674. </xs:annotation>
2675. </xs:attribute>
2676. <xs:attribute use="optional" name="DefaultValue" type="xs:string">
2677. <xs:annotation>
2678. <xs:documentation>
2679. If the claim indicated by ClaimTypeReferenceId does not exist, then the DefaultValue is used to create one so it can be used as an
2680. input claim by the technical profile.
2681. </xs:documentation>
2682. </xs:annotation>
2683. </xs:attribute>
2684. <xs:attribute use="optional" name="AlwaysUseDefaultValue" type="xs:boolean">
2685. <xs:annotation>
2686. <xs:documentation>
2687. Provides an optional property indicating whether the default claim value should always for the value of the claim.
2688. </xs:documentation>
2689. </xs:annotation>
2690. </xs:attribute>
2691. </xs:complexType>
2692.  
2693. <xs:complexType name="DisplayControlDisplayClaimReference">
2694. <xs:attribute name="ClaimTypeReferenceId" type="xs:string" use="optional">
2695. <xs:annotation>
2696. <xs:documentation>
2697. An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
2698. </xs:documentation>
2699. </xs:annotation>
2700. </xs:attribute>
2701. <xs:attribute name="ControlClaimType" type="xs:string" use="optional">
2702. <xs:annotation>
2703. <xs:documentation>
2704. Identifies the control type of the display control that is mapped to the specified policy claim type.
2705. </xs:documentation>
2706. </xs:annotation>
2707. </xs:attribute>
2708. <xs:attribute use="optional" name="Required" type="xs:boolean">
2709. <xs:annotation>
2710. <xs:documentation>
2711. Identifies whether or not the user input is required for further actions.
2712. </xs:documentation>
2713. </xs:annotation>
2714. </xs:attribute>
2715. </xs:complexType>
2716.  
2717. <xs:complexType name="ClaimsSchemaClaimTypeReference">
2718. <xs:sequence>
2719. <xs:element name="From" type="tfp:FromTechnicalProfileReference" maxOccurs="unbounded" minOccurs="0">
2720. <xs:annotation>
2721. <xs:documentation>
2722. A reference to a Technical Profile which constrains the source of the claim to one or more
2723. technical profiles. If no from is specified then the claim can be sourced from any technical
2724. profile.
2725. </xs:documentation>
2726. </xs:annotation>
2727. </xs:element>
2728. </xs:sequence>
2729. <xs:attribute use="required" name="ClaimTypeReferenceId" type="xs:string">
2730. <xs:annotation>
2731. <xs:documentation>
2732. An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
2733. </xs:documentation>
2734. </xs:annotation>
2735. </xs:attribute>
2736. <xs:attribute use="optional" name="PartnerClaimType" type="xs:string">
2737. <xs:annotation>
2738. <xs:documentation>
2739. Identifies the claim type of the external partner that is mapped to the specified policy claim type. If the PartnerClaimType
2740. attribute is not specified, then the partner claim type of the same name as the specified policy claim type is mapped instead.
2741. </xs:documentation>
2742. </xs:annotation>
2743. </xs:attribute>
2744. <xs:attribute use="optional" name="Required" type="xs:boolean">
2745. <xs:annotation>
2746. <xs:documentation>
2747. Identifies whether or not the claim is required for this technical profile. If this property is not specified, false is assumed,
2748. meaning that the given claim may be utilized if available, but its absence does not indicate an error. For claims that are user
2749. asserted, this property controls whether or not the user is required to fill out the associated field before continuing.
2750. </xs:documentation>
2751. </xs:annotation>
2752. </xs:attribute>
2753. <xs:attribute use="optional" name="DefaultValue" type="xs:string">
2754. <xs:annotation>
2755. <xs:documentation>
2756. If the claim indicated by ClaimTypeReferenceId does not exist, then the DefaultValue is used to create one so it can be used as an
2757. input claim by the technical profile.
2758. </xs:documentation>
2759. </xs:annotation>
2760. </xs:attribute>
2761. <xs:attribute use="optional" name="AlwaysUseDefaultValue" type="xs:boolean">
2762. <xs:annotation>
2763. <xs:documentation>
2764. Provides an optional property indicating whether the default claim value should always for the value of the claim.
2765. </xs:documentation>
2766. </xs:annotation>
2767. </xs:attribute>
2768. </xs:complexType>
2769.  
2770. <xs:complexType name="ClaimsTransformationClaimTypeReference">
2771. <xs:attribute use="required" name="ClaimTypeReferenceId" type="xs:string">
2772. <xs:annotation>
2773. <xs:documentation>
2774. An identifier that is a reference to a ClaimType specified in the ClaimsSchema.
2775. </xs:documentation>
2776. </xs:annotation>
2777. </xs:attribute>
2778. <xs:attribute use="optional" name="TransformationClaimType" type="xs:string">
2779. <xs:annotation>
2780. <xs:documentation>
2781. Identifies the claim type of the transformation that is mapped to the specified policy claim type. If the TransformationClaimType
2782. attribute is not specified, then the transformation claim type of the same name as the specified policy claim type is mapped instead.
2783. </xs:documentation>
2784. </xs:annotation>
2785. </xs:attribute>
2786. </xs:complexType>
2787.  
2788. <xs:complexType name="FromTechnicalProfileReference">
2789. <xs:attribute use="required" name="TechnicalProfileReferenceId" type="xs:string">
2790. <xs:annotation>
2791. <xs:documentation>
2792. An identifier that is a reference to a Technical Profile specified in the one of the Claims Providers.
2793. </xs:documentation>
2794. </xs:annotation>
2795. </xs:attribute>
2796. </xs:complexType>
2797.  
2798. <xs:complexType name="claimMaskTYPE">
2799. <xs:annotation>
2800. <xs:documentation>
2801. An optional string for masking a claim when displaying the claim for example phone number
2802. 324-232-4343 masked as XXX-XXX-4343. Can either be a simple substitution mask or a regular
2803. expression which uses named groups
2804. </xs:documentation>
2805. </xs:annotation>
2806. <xs:simpleContent>
2807. <xs:extension base="xs:string">
2808. <xs:attribute name="Type" type="tfp:MaskTypeTYPE" use="required"/>
2809. <xs:attribute name="Regex" type="xs:string" use="optional"/>
2810. </xs:extension>
2811. </xs:simpleContent>
2812. </xs:complexType>
2813.  
2814. <xs:complexType name="EnumerationItem">
2815. <xs:annotation>
2816. <xs:documentation>
2817. Defines an available option for the user to select for a claim in the UI, such as a value in a dropdown.
2818. </xs:documentation>
2819. </xs:annotation>
2820. <xs:simpleContent>
2821. <xs:extension base="xs:string">
2822. <xs:attribute use="required" name="Text" type="xs:string">
2823. <xs:annotation>
2824. <xs:documentation>
2825. The user-friendly display string that should be shown to the user in the UI for this option.
2826. </xs:documentation>
2827. </xs:annotation>
2828. </xs:attribute>
2829. <xs:attribute use="required" name="Value" type="xs:string">
2830. <xs:annotation>
2831. <xs:documentation>
2832. The claim value associated with selecting this option.
2833. </xs:documentation>
2834. </xs:annotation>
2835. </xs:attribute>
2836. <xs:attribute use="optional" name="SelectByDefault" type="xs:boolean">
2837. <xs:annotation>
2838. <xs:documentation>
2839. A value indicating whether or not this option should be selected by default in the UI.
2840. </xs:documentation>
2841. </xs:annotation>
2842. </xs:attribute>
2843. </xs:extension>
2844. </xs:simpleContent>
2845. </xs:complexType>
2846.  
2847. <xs:complexType name="Pattern">
2848. <xs:annotation>
2849. <xs:documentation>
2850. Defines a pattern restriction, such as a regular expression, to be placed on values for a specific claim type.
2851. </xs:documentation>
2852. </xs:annotation>
2853. <xs:attribute use="required" name="RegularExpression" type="xs:string">
2854. <xs:annotation>
2855. <xs:documentation>
2856. A regular expression that claims of this type must match in order to be valid.
2857. </xs:documentation>
2858. </xs:annotation>
2859. </xs:attribute>
2860. <xs:attribute use="optional" name="HelpText" type="xs:string">
2861. <xs:annotation>
2862. <xs:documentation>
2863. A string that can describe the pattern/regular expression for this claim to the user.
2864. </xs:documentation>
2865. </xs:annotation>
2866. </xs:attribute>
2867. </xs:complexType>
2868.  
2869. <xs:complexType name="Restriction">
2870. <xs:annotation>
2871. <xs:documentation>
2872. Defines the element for specifying value restrictions for a claim, such as regular expressions or a list of acceptable values.
2873. </xs:documentation>
2874. </xs:annotation>
2875. <xs:choice minOccurs="1">
2876. <xs:sequence>
2877. <xs:element minOccurs="0" maxOccurs="unbounded" name="Enumeration" type="tfp:EnumerationItem" />
2878. </xs:sequence>
2879. <xs:element minOccurs="0" maxOccurs="1" name="Pattern" type="tfp:Pattern" />
2880. </xs:choice>
2881. <xs:attribute use="optional" name="MergeBehavior" type="tfp:MergeBehavior">
2882. <xs:annotation>
2883. <xs:documentation>
2884. Specifies how the enumeration values will be merged together with any ClaimType present in a parent policy
2885. with the same identifier. If no value is given for this we use replaceAll by default.
2886. </xs:documentation>
2887. </xs:annotation>
2888. </xs:attribute>
2889. </xs:complexType>
2890.  
2891. <xs:complexType name="TenantListType">
2892. <xs:annotation>
2893. <xs:documentation>
2894. A list of tenant references used when the inheritance rule is an allow or deny list.
2895. </xs:documentation>
2896. </xs:annotation>
2897. <xs:sequence>
2898. <xs:element minOccurs="1" maxOccurs="unbounded" name="Tenant" type="tfp:TenantReferenceType" />
2899. </xs:sequence>
2900. </xs:complexType>
2901.  
2902. <xs:complexType name="PolicyIdPatternType">
2903. <xs:annotation>
2904. <xs:documentation>
2905. A list of tenant references used when the inheritance rule is an allow or deny list.
2906. </xs:documentation>
2907. </xs:annotation>
2908. <xs:attribute use="required" name="Type" type="tfp:PatternTYPE">
2909. <xs:annotation>
2910. <xs:documentation>
2911. The type of pattern constraint to apply to the policy id.
2912. </xs:documentation>
2913. </xs:annotation>
2914. </xs:attribute>
2915. <xs:attribute use="required" name="Pattern" type="xs:string">
2916. <xs:annotation>
2917. <xs:documentation>
2918. The actual pattern to be applied to the policy id.
2919. </xs:documentation>
2920. </xs:annotation>
2921. </xs:attribute>
2922. </xs:complexType>
2923.  
2924. <xs:complexType name="TenantReferenceType">
2925. <xs:annotation>
2926. <xs:documentation>
2927. Defines a reference to a tenant using the tenant guid as the reference id.
2928. </xs:documentation>
2929. </xs:annotation>
2930. <xs:attribute use="required" name="ReferenceId" type="tfp:TenantObjectId">
2931. <xs:annotation>
2932. <xs:documentation>
2933. The unique identifier of the object ID of the Azure tenant.
2934. </xs:documentation>
2935. </xs:annotation>
2936. </xs:attribute>
2937. </xs:complexType>
2938.  
2939. <xs:complexType name="ClaimsTransformationParameter">
2940. <xs:attribute use="required" name="Id" type="xs:string">
2941. <xs:annotation>
2942. <xs:documentation>
2943. An identifier that is a reference to a parameter of the TransformationMethod.
2944. </xs:documentation>
2945. </xs:annotation>
2946. </xs:attribute>
2947. <xs:attribute use="required" name="DataType" type="tfp:DataType">
2948. <xs:annotation>
2949. <xs:documentation>
2950. The type of data of the parameter, such as String, Boolean, Int or DateTime. This type is used to perform arithmetic
2951. operations correctly.
2952. </xs:documentation>
2953. </xs:annotation>
2954. </xs:attribute>
2955. <xs:attribute use="required" name="Value" type="xs:string">
2956. <xs:annotation>
2957. <xs:documentation>
2958. The value that is to be provided to the TransformationMethod when invoked.
2959. </xs:documentation>
2960. </xs:annotation>
2961. </xs:attribute>
2962. </xs:complexType>
2963.  
2964. <xs:complexType name="Extensions" mixed="false">
2965. <xs:annotation>
2966. <xs:documentation>
2967. An extension point for elements that allows any xml from any namespace outside of
2968. the document namespaces to be included in the element
2969. </xs:documentation>
2970. </xs:annotation>
2971. <xs:sequence>
2972. <xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded"/>
2973. </xs:sequence>
2974. </xs:complexType>
2975.  
2976. <xs:complexType name="LocalizedCollection">
2977. <xs:annotation>
2978. <xs:documentation>
2979.  
2980. </xs:documentation>
2981. </xs:annotation>
2982. <xs:sequence>
2983. <xs:element minOccurs="1" maxOccurs="unbounded" name="Item" type="tfp:EnumerationItem" />
2984. </xs:sequence>
2985. <xs:attribute use="required" name="ElementType" type="xs:string">
2986. <xs:annotation>
2987. <xs:documentation>
2988.  
2989. </xs:documentation>
2990. </xs:annotation>
2991. </xs:attribute>
2992. <xs:attribute use="required" name="ElementId" type="xs:string">
2993. <xs:annotation>
2994. <xs:documentation>
2995.  
2996. </xs:documentation>
2997. </xs:annotation>
2998. </xs:attribute>
2999. <xs:attribute use="required" name="TargetCollection" type="xs:string">
3000. <xs:annotation>
3001. <xs:documentation>
3002.  
3003. </xs:documentation>
3004. </xs:annotation>
3005. </xs:attribute>
3006.  
3007. </xs:complexType>
3008.  
3009. <xs:complexType name="LocalizedString">
3010. <xs:annotation>
3011. <xs:documentation>
3012.  
3013. </xs:documentation>
3014. </xs:annotation>
3015. <xs:simpleContent>
3016. <xs:extension base="xs:string">
3017. <xs:attribute use="required" name="ElementType" type="xs:string">
3018. <xs:annotation>
3019. <xs:documentation>
3020.  
3021. </xs:documentation>
3022. </xs:annotation>
3023. </xs:attribute>
3024. <xs:attribute name="ElementId" type="xs:string">
3025. <xs:annotation>
3026. <xs:documentation>
3027.  
3028. </xs:documentation>
3029. </xs:annotation>
3030. </xs:attribute>
3031. <xs:attribute use="required" name="StringId" type="xs:string">
3032. <xs:annotation>
3033. <xs:documentation>
3034.  
3035. </xs:documentation>
3036. </xs:annotation>
3037. </xs:attribute>
3038. </xs:extension>
3039. </xs:simpleContent>
3040. </xs:complexType>
3041.  
3042. <!--
3043. Enumerations and pattern restrictions
3044. -->
3045.  
3046. <xs:simpleType name="ErrorResponseFormat">
3047. <xs:annotation>
3048. <xs:documentation>
3049. Specifies to format type of error response
3050. </xs:documentation>
3051. </xs:annotation>
3052. <xs:restriction base="xs:string">
3053. <xs:enumeration value="json" />
3054. </xs:restriction>
3055. </xs:simpleType>
3056.  
3057. <xs:simpleType name="JourneyOnErrorModeType">
3058. <xs:annotation>
3059. <xs:documentation>
3060. Specifies how journey errors are to be communicated to the user/requestor.
3061. </xs:documentation>
3062. </xs:annotation>
3063. <xs:restriction base="xs:string">
3064. <xs:enumeration value="ReturnToRequestor">
3065. <xs:annotation>
3066. <xs:documentation>
3067. Error is returned to the requestor using protocol semantics.
3068. </xs:documentation>
3069. </xs:annotation>
3070. </xs:enumeration>
3071. <xs:enumeration value="DisplayInService">
3072. <xs:annotation>
3073. <xs:documentation>
3074. Display the error message in the service.
3075. </xs:documentation>
3076. </xs:annotation>
3077. </xs:enumeration>
3078. </xs:restriction>
3079. </xs:simpleType>
3080.  
3081. <xs:simpleType name="ErrorHandlingAction">
3082. <xs:annotation>
3083. <xs:documentation>
3084. Specifies to handle error responses.
3085. </xs:documentation>
3086. </xs:annotation>
3087. <xs:restriction base="xs:string">
3088. <xs:enumeration value="Reauthenticate">
3089. <xs:annotation>
3090. <xs:documentation>
3091. Ask the user to reauthenticate for a specific error case
3092. </xs:documentation>
3093. </xs:annotation>
3094. </xs:enumeration>
3095. <xs:enumeration value="InvalidClient">
3096. <xs:annotation>
3097. <xs:documentation>
3098. Display the message indicating client key/secret is not configured properly
3099. </xs:documentation>
3100. </xs:annotation>
3101. </xs:enumeration>
3102. </xs:restriction>
3103. </xs:simpleType>
3104.  
3105. <xs:simpleType name="MergeBehavior">
3106. <xs:annotation>
3107. <xs:documentation>
3108. Specifies how the contents of the node will be merged together with data from parent policies
3109. with the same unique identifer.
3110. </xs:documentation>
3111. </xs:annotation>
3112. <xs:restriction base="xs:string">
3113. <xs:enumeration value="Append">
3114. <xs:annotation>
3115. <xs:documentation>
3116. Specifies that the collection of data present should be appended to the end of the
3117. collection specified in the parent policy.
3118. </xs:documentation>
3119. </xs:annotation>
3120. </xs:enumeration>
3121. <xs:enumeration value="Prepend">
3122. <xs:annotation>
3123. <xs:documentation>
3124. Specifies that the collection of data present should be added before the
3125. collection specified in the parent policy.
3126. </xs:documentation>
3127. </xs:annotation>
3128. </xs:enumeration>
3129. <xs:enumeration value="ReplaceAll">
3130. <xs:annotation>
3131. <xs:documentation>
3132. Specifies that the collection of data specified in the parent policy should be ignored,
3133. using instead the data specified in the current policy.
3134. </xs:documentation>
3135. </xs:annotation>
3136. </xs:enumeration>
3137. </xs:restriction>
3138. </xs:simpleType>
3139.  
3140. <xs:simpleType name="MaskTypeTYPE">
3141. <xs:annotation>
3142. <xs:documentation>
3143. The types of claim masks
3144. 1. Simple, a simple text mask that is
3145. applied to the leading portion of a string claim.
3146. 2. A regular expression that can be applied
3147. to the string claim as whole
3148. </xs:documentation>
3149. </xs:annotation>
3150. <xs:restriction base="xs:string">
3151. <xs:enumeration value="Simple" />
3152. <xs:enumeration value="Regex" />
3153. </xs:restriction>
3154. </xs:simpleType>
3155.  
3156. <xs:simpleType name="ProtocolName">
3157. <xs:annotation>
3158. <xs:documentation>
3159. The names of the valid protocols supported by CPIM.
3160. </xs:documentation>
3161. </xs:annotation>
3162. <xs:restriction base="xs:string">
3163. <xs:enumeration value="None" />
3164. <xs:enumeration value="OAuth1" />
3165. <xs:enumeration value="OAuth2" />
3166. <xs:enumeration value="SAML2" />
3167. <xs:enumeration value="OpenIdConnect" />
3168. <xs:enumeration value="WsFed" />
3169. <xs:enumeration value="WsTrust" />
3170. <xs:enumeration value="UProve11" />
3171. <xs:enumeration value="Proprietary" />
3172. </xs:restriction>
3173. </xs:simpleType>
3174.  
3175. <xs:simpleType name="EnabledForUserJourneysValues">
3176. <xs:annotation>
3177. <xs:documentation>
3178. The list of acceptable values for "EnabledForUserJourneys" property: true and Always will execute the technical profile, false and Never will
3179. always skip it, and OnClaimsExistence will only execute the technical profile if the claim specified in the technical profile's metadata is
3180. present in the user journey storage.
3181. </xs:documentation>
3182. </xs:annotation>
3183. <xs:restriction base="xs:string">
3184. <xs:enumeration value="true" />
3185. <xs:enumeration value="false" />
3186. <xs:enumeration value="OnClaimsExistence" />
3187. <xs:enumeration value="Always" />
3188. <xs:enumeration value="Never" />
3189. <xs:enumeration value="OnItemExistenceInStringCollectionClaim" />
3190. <xs:enumeration value="OnItemAbsenceInStringCollectionClaim" />
3191. </xs:restriction>
3192. </xs:simpleType>
3193.  
3194. <xs:simpleType name="ClaimsProviderSelectionDisplayOption">
3195. <xs:annotation>
3196. <xs:documentation>
3197. The list of acceptable values for how the claims provider selection page should be displayed
3198. </xs:documentation>
3199. </xs:annotation>
3200. <xs:restriction base="xs:string">
3201. <xs:enumeration value="DoNotShowSingleProvider" />
3202. <xs:enumeration value="ShowSingleProvider" />
3203. </xs:restriction>
3204. </xs:simpleType>
3205.  
3206. <xs:simpleType name="TokenFormat">
3207. <xs:annotation>
3208. <xs:documentation>
3209. The token formats supported by CPIM.
3210. </xs:documentation>
3211. </xs:annotation>
3212. <xs:restriction base="xs:string">
3213. <xs:enumeration value="JSON" />
3214. <xs:enumeration value="JWT" />
3215. <xs:enumeration value="SAML11" />
3216. <xs:enumeration value="SAML2" />
3217. <xs:enumeration value="CpimUnsigned" />
3218. <xs:enumeration value="UProve11" />
3219. </xs:restriction>
3220. </xs:simpleType>
3221.  
3222. <xs:simpleType name="ScriptExecutionType">
3223. <xs:annotation>
3224. <xs:documentation>
3225. Describes the supported script execution modes.
3226. </xs:documentation>
3227. </xs:annotation>
3228. <xs:restriction base="xs:string">
3229. <xs:enumeration value="Disallow">
3230. <xs:annotation>
3231. <xs:documentation>
3232. Script execution is not allowed on the client and any 3rd party content containing script will be blocked.
3233. </xs:documentation>
3234. </xs:annotation>
3235. </xs:enumeration>
3236. <xs:enumeration value="Allow">
3237. <xs:annotation>
3238. <xs:documentation>
3239. Script execution is permitted
3240. </xs:documentation>
3241. </xs:annotation>
3242. </xs:enumeration>
3243. </xs:restriction>
3244. </xs:simpleType>
3245.  
3246. <xs:simpleType name="OrchestrationStepType">
3247. <xs:annotation>
3248. <xs:documentation>
3249. Specifies the type of the Orchestration Step.
3250. </xs:documentation>
3251. </xs:annotation>
3252. <xs:restriction base="xs:string">
3253. <xs:enumeration value="ConsentScreen">
3254. <xs:annotation>
3255. <xs:documentation>
3256. Indicates that the Orchestration Step presents text to the user to which the user must consent.
3257. </xs:documentation>
3258. </xs:annotation>
3259. </xs:enumeration>
3260. <xs:enumeration value="ClaimsProviderSelection">
3261. <xs:annotation>
3262. <xs:documentation>
3263. Indicates that the Orchestration Step presents various Claims Providers to the user for the user to select one.
3264. </xs:documentation>
3265. </xs:annotation>
3266. </xs:enumeration>
3267. <xs:enumeration value="CombinedSignInAndSignUp">
3268. <xs:annotation>
3269. <xs:documentation>
3270. Indicates that the Orchestration Step presents a combined social provider signin and local account signup page.
3271. </xs:documentation>
3272. </xs:annotation>
3273. </xs:enumeration>
3274. <xs:enumeration value="ClaimsExchange">
3275. <xs:annotation>
3276. <xs:documentation>
3277. Indicates that the Orchestration Step exchanges Claims with a Claims Provider.
3278. </xs:documentation>
3279. </xs:annotation>
3280. </xs:enumeration>
3281. <xs:enumeration value="ReviewScreen">
3282. <xs:annotation>
3283. <xs:documentation>
3284. Indicates that the Orchestration Step presents a review screen for the user to review the claims which the user
3285. must accept.
3286. </xs:documentation>
3287. </xs:annotation>
3288. </xs:enumeration>
3289. <xs:enumeration value="SendClaims">
3290. <xs:annotation>
3291. <xs:documentation>
3292. Indicates that the Orchestration Step sends the claims to the Relying Party.
3293. </xs:documentation>
3294. </xs:annotation>
3295. </xs:enumeration>
3296. <xs:enumeration value="GetClaims">
3297. <xs:annotation>
3298. <xs:documentation>
3299. Indicates that the Orchestration Step processes claim data sent to the service from the relying party.
3300. </xs:documentation>
3301. </xs:annotation>
3302. </xs:enumeration>
3303. <xs:enumeration value="UserDialog">
3304. <xs:annotation>
3305. <xs:documentation>
3306. Indicates that the Orchestration Step presents a user dialog to the user for the capturing of information.
3307. </xs:documentation>
3308. </xs:annotation>
3309. </xs:enumeration>
3310. <xs:enumeration value="InvokeSubJourney">
3311. <xs:annotation>
3312. <xs:documentation>
3313. Indicates that the Orchestration Step has the ability to invoke one or more SubJourneys.
3314. </xs:documentation>
3315. </xs:annotation>
3316. </xs:enumeration>
3317. <xs:enumeration value="Noop">
3318. <xs:annotation>
3319. <xs:documentation>
3320. Indicates that the Orchestration Step does nothing and is included to cope with errors in layering.
3321. </xs:documentation>
3322. </xs:annotation>
3323. </xs:enumeration>
3324. </xs:restriction>
3325. </xs:simpleType>
3326.  
3327. <xs:simpleType name="UserJourneyBehaviorScopeType">
3328. <xs:annotation>
3329. <xs:documentation>
3330. Defines the scope of single sign-on behavior in the user journey.
3331. </xs:documentation>
3332. </xs:annotation>
3333. <xs:restriction base="xs:string">
3334. <xs:enumeration value="Suppressed">
3335. <xs:annotation>
3336. <xs:documentation>
3337. Indicates that the behavior is suppressed. For exmaple in the case of SSO no session is maintained for the user and the user will always
3338. be prompted for identity provider selection.
3339. </xs:documentation>
3340. </xs:annotation>
3341. </xs:enumeration>
3342. <xs:enumeration value="TrustFramework">
3343. <xs:annotation>
3344. <xs:documentation>
3345. Indicates that the behavior is applied for all policies in the trust framework. For example a user being put through two policy journeys
3346. for a given trust framework will not be prompted for identity provider selection.
3347. </xs:documentation>
3348. </xs:annotation>
3349. </xs:enumeration>
3350. <xs:enumeration value="Tenant">
3351. <xs:annotation>
3352. <xs:documentation>
3353. Indicates that the behavior is applied for all policies in the tenant. For example a user being put through two policy journeys
3354. for a given tenant will not be prompted for identity provider selection.
3355. </xs:documentation>
3356. </xs:annotation>
3357. </xs:enumeration>
3358. <xs:enumeration value="Application">
3359. <xs:annotation>
3360. <xs:documentation>
3361. Indicates that the behavior is applied for all policies for the application making the request. For example a user being put through two policy journeys
3362. for a given application will not be prompted for identity provider selection.
3363. </xs:documentation>
3364. </xs:annotation>
3365. </xs:enumeration>
3366. <xs:enumeration value="Policy">
3367. <xs:annotation>
3368. <xs:documentation>
3369. Indicates that the behavior only applies to a policy. For example a user being put through two policy journeys
3370. for a given trust framework will be prompted for identity provider selection when switching between policies.
3371. </xs:documentation>
3372. </xs:annotation>
3373. </xs:enumeration>
3374. </xs:restriction>
3375. </xs:simpleType>
3376.  
3377. <xs:simpleType name="PreconditionType">
3378. <xs:annotation>
3379. <xs:documentation>
3380. Specifies the type of query that is being performed for this precondition.
3381. </xs:documentation>
3382. </xs:annotation>
3383. <xs:restriction base="xs:string">
3384. <xs:enumeration value="ClaimsExist">
3385. <xs:annotation>
3386. <xs:documentation>
3387. Specifies that the actions should be performed if the specified Claims exist in the
3388. user's current Claim set.
3389. </xs:documentation>
3390. </xs:annotation>
3391. </xs:enumeration>
3392. <xs:enumeration value="ClaimEquals">
3393. <xs:annotation>
3394. <xs:documentation>
3395. Specifies that the actions should be performed if the specified Claim exists and its
3396. values is equal to the specified value.
3397. </xs:documentation>
3398. </xs:annotation>
3399. </xs:enumeration>
3400. </xs:restriction>
3401. </xs:simpleType>
3402.  
3403. <xs:simpleType name="PreconditionActionType">
3404. <xs:annotation>
3405. <xs:documentation>
3406. Specifies the action that should be taken if the Precondition check within
3407. an OrchestrationStep is true.
3408. </xs:documentation>
3409. </xs:annotation>
3410. <xs:restriction base="xs:string">
3411. <xs:enumeration value="SkipThisOrchestrationStep">
3412. <xs:annotation>
3413. <xs:documentation>
3414. Specifies that the associated OrchestrationStep should not be executed.
3415. </xs:documentation>
3416. </xs:annotation>
3417. </xs:enumeration>
3418. <xs:enumeration value="SkipThisValidationTechnicalProfile">
3419. <xs:annotation>
3420. <xs:documentation>
3421. Specifies that the associated validation technical profile should not be executed.
3422. </xs:documentation>
3423. </xs:annotation>
3424. </xs:enumeration>
3425. </xs:restriction>
3426. </xs:simpleType>
3427.  
3428. <xs:simpleType name="DataType">
3429. <xs:annotation>
3430. <xs:documentation>
3431. The supported data types that the claims or parameters can have. These types are a subset of the types specified by
3432. W3C XML Schema documentation, which can be found at http://www.w3.org/TR/xmlschema-2.
3433. </xs:documentation>
3434. </xs:annotation>
3435. <xs:restriction base="xs:string">
3436. <xs:enumeration value="boolean"/>
3437. <xs:enumeration value="date"/>
3438. <xs:enumeration value="dateTime"/>
3439. <xs:enumeration value="duration"/>
3440. <xs:enumeration value="int"/>
3441. <xs:enumeration value="long"/>
3442. <xs:enumeration value="string"/>
3443. <xs:enumeration value="stringCollection"/>
3444. <xs:enumeration value="alternativeSecurityIdCollection"/>
3445. <xs:enumeration value="userIdentityCollection"/>
3446. <xs:enumeration value="userIdentity"/>
3447. <xs:enumeration value="phoneNumber"/>
3448. </xs:restriction>
3449. </xs:simpleType>
3450.  
3451. <xs:simpleType name="UserInputType">
3452. <xs:annotation>
3453. <xs:documentation>
3454. Represents the type of input controls that should be available to the user when manually entering claim data.
3455. </xs:documentation>
3456. </xs:annotation>
3457. <xs:restriction base="xs:string">
3458. <xs:enumeration value="TextBox"/>
3459. <xs:enumeration value="EmailBox"/>
3460. <xs:enumeration value="DateTimeDropdown"/>
3461. <xs:enumeration value="RadioSingleSelect"/>
3462. <xs:enumeration value="DropdownSingleSelect"/>
3463. <xs:enumeration value="CheckboxMultiSelect"/>
3464. <xs:enumeration value="Password"/>
3465. <xs:enumeration value="Readonly"/>
3466. <xs:enumeration value="Button"/>
3467. <xs:enumeration value="Paragraph"/>
3468. </xs:restriction>
3469. </xs:simpleType>
3470.  
3471. <xs:simpleType name="UserInterfaceControlType">
3472. <xs:annotation>
3473. <xs:documentation>
3474. Represents the type of input controls that should be available to the user when manually entering claim data. This is successor of "UserInputType".
3475. </xs:documentation>
3476. </xs:annotation>
3477. <xs:restriction base="xs:string">
3478. <xs:enumeration value="VerificationControl" />
3479. </xs:restriction>
3480. </xs:simpleType>
3481.  
3482. <xs:simpleType name="TelemetryEngineType">
3483. <xs:annotation>
3484. <xs:documentation>
3485. Represents the telemetry engines that can be used as part of journey insights.
3486. </xs:documentation>
3487. </xs:annotation>
3488. <xs:restriction base="xs:string">
3489. <xs:enumeration value="ApplicationInsights"/>
3490. </xs:restriction>
3491. </xs:simpleType>
3492.  
3493. <xs:simpleType name="StatementType">
3494. <xs:annotation>
3495. <xs:documentation>
3496. Describes the category of statement that the claim belongs to, used for comapring authentication contexts
3497. and issuing tokens
3498. </xs:documentation>
3499. </xs:annotation>
3500. <xs:restriction base="xs:string">
3501. <xs:enumeration value="Attribute">
3502. <xs:annotation>
3503. <xs:documentation>
3504. A general claim about the authenticated individual
3505. </xs:documentation>
3506. </xs:annotation>
3507. </xs:enumeration>
3508. <xs:enumeration value="Authentication">
3509. <xs:annotation>
3510. <xs:documentation>
3511. A claim providing information about how the individual
3512. was authenticated
3513. </xs:documentation>
3514. </xs:annotation>
3515. </xs:enumeration>
3516. <xs:enumeration value="Subject">
3517. <xs:annotation>
3518. <xs:documentation>
3519. A claim providing a means of identifying an individual
3520. </xs:documentation>
3521. </xs:annotation>
3522. </xs:enumeration>
3523. </xs:restriction>
3524. </xs:simpleType>
3525.  
3526. <xs:simpleType name="Culture">
3527. <xs:annotation>
3528. <xs:documentation>
3529. Represents a culture for displaying content.
3530. </xs:documentation>
3531. </xs:annotation>
3532. <xs:restriction base="xs:string">
3533. <xs:pattern value="[a-z]{1,3}(-[a-zA-Z0-9]{2,4}){0,2}" />
3534. </xs:restriction>
3535. </xs:simpleType>
3536.  
3537. <xs:simpleType name="TenantId">
3538. <xs:annotation>
3539. <xs:documentation>
3540. Represents a tenant id.
3541. </xs:documentation>
3542. </xs:annotation>
3543. <xs:restriction base="xs:string">
3544. <xs:pattern value="[A-Za-z0-9\.]{3,63}" />
3545. </xs:restriction>
3546. </xs:simpleType>
3547.  
3548. <xs:simpleType name="TenantObjectId">
3549. <xs:annotation>
3550. <xs:documentation>
3551. Represents the object id of an Azure tenant.
3552. </xs:documentation>
3553. </xs:annotation>
3554. <xs:restriction base="xs:string">
3555. <xs:pattern value="([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}"/>
3556. </xs:restriction>
3557. </xs:simpleType>
3558.  
3559. <xs:simpleType name="InstrumentationKey">
3560. <xs:annotation>
3561. <xs:documentation>
3562. Represents the instrumentation key for an Azure Application insights instance.
3563. </xs:documentation>
3564. </xs:annotation>
3565. <xs:restriction base="xs:string">
3566. <xs:pattern value="([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}"/>
3567. </xs:restriction>
3568. </xs:simpleType>
3569.  
3570. <xs:simpleType name="PolicyId">
3571. <xs:annotation>
3572. <xs:documentation>
3573. Represents the pattern to which a policyId must conform.
3574. </xs:documentation>
3575. </xs:annotation>
3576. <xs:restriction base="xs:string">
3577. <xs:minLength value="1"/>
3578. <xs:pattern value="[A-Za-z0-9_\-\.]*[A-Za-z0-9_\-]+" />
3579. </xs:restriction>
3580. </xs:simpleType>
3581.  
3582. <xs:simpleType name="PolicyIdPattern">
3583. <xs:annotation>
3584. <xs:documentation>
3585. Represents a pattern that can be used to construct a valid policyId. This field supports dynamic parameters.
3586. </xs:documentation>
3587. </xs:annotation>
3588. <xs:restriction base="xs:string">
3589. <xs:minLength value="1"/>
3590. <xs:pattern value="[A-Za-z0-9_\-{}\.]*[A-Za-z0-9_\-{}]+" />
3591. </xs:restriction>
3592. </xs:simpleType>
3593.  
3594. <xs:simpleType name="Weight">
3595. <xs:annotation>
3596. <xs:documentation>
3597. Represents weight of a policy.
3598. </xs:documentation>
3599. </xs:annotation>
3600. <xs:restriction base="xs:int">
3601. </xs:restriction>
3602. </xs:simpleType>
3603.  
3604. <xs:simpleType name="Match">
3605. <xs:annotation>
3606. <xs:documentation>
3607. Defines an attribute that can be passed into the query string, that will match the policy to be redirected to.
3608. </xs:documentation>
3609. </xs:annotation>
3610. <xs:restriction base="xs:string">
3611. <xs:minLength value="1"/>
3612. </xs:restriction>
3613. </xs:simpleType>
3614.  
3615. <xs:simpleType name="FourPartVersionNumber">
3616. <xs:annotation>
3617. <xs:documentation>
3618. Represents a four part version number in the format 9.9.9.9.
3619. </xs:documentation>
3620. </xs:annotation>
3621. <xs:restriction base="xs:string">
3622. <xs:maxLength value="256"/>
3623. <xs:minLength value="1" />
3624. <xs:pattern value="[0-9][.][0-9][.][0-9][.][0-9]" />
3625. </xs:restriction>
3626. </xs:simpleType>
3627.  
3628. <xs:simpleType name="ThreePartVersionNumber">
3629. <xs:annotation>
3630. <xs:documentation>
3631. Represents a three part version number in the format 9.9.9.
3632. </xs:documentation>
3633. </xs:annotation>
3634. <xs:restriction base="xs:string">
3635. <xs:maxLength value="256"/>
3636. <xs:minLength value="1" />
3637. <xs:pattern value="[0-9][.][0-9][.][0-9]" />
3638. </xs:restriction>
3639. </xs:simpleType>
3640.  
3641. <xs:simpleType name="CryptographicKeyType" >
3642. <xs:annotation>
3643. <xs:documentation>
3644. Contains an enumeration of the key types supported by CPIM.
3645. </xs:documentation>
3646. </xs:annotation>
3647. <xs:restriction base="xs:string">
3648. <xs:enumeration value="UProveKey">
3649. <xs:annotation>
3650. <xs:documentation>
3651. A U-Prove Key.
3652. </xs:documentation>
3653. </xs:annotation>
3654. </xs:enumeration>
3655. <xs:enumeration value="X509Certificate">
3656. <xs:annotation>
3657. <xs:documentation>
3658. A X-509 Certificate.
3659. </xs:documentation>
3660. </xs:annotation>
3661. </xs:enumeration>
3662. <xs:enumeration value="Secret">
3663. <xs:annotation>
3664. <xs:documentation>
3665. A secret key.
3666. </xs:documentation>
3667. </xs:annotation>
3668. </xs:enumeration>
3669. </xs:restriction>
3670. </xs:simpleType>
3671.  
3672. <xs:simpleType name="ContentUriTYPE" >
3673. <xs:annotation>
3674. <xs:documentation>
3675. Type that restricts a string to either an absolute or
3676. relative URL. Matches https://domain/path, http://domain/path
3677. and ~/path
3678. </xs:documentation>
3679. </xs:annotation>
3680. <xs:restriction base="xs:string">
3681. <xs:pattern value="^(http://|https://|~/)([\w.,@?^=%&amp;:~+#\-_$!’();]+/)*([\w.,@?^=%&amp;:~+#\-_$!’();]+/?)$" />
3682. <xs:pattern value="^urn:[a-z0-9][a-z0-9-]{0,31}:[a-z0-9()+,\/\-.:=@;$_!*'%\/?#]+$" />
3683. </xs:restriction>
3684. </xs:simpleType>
3685.  
3686. <xs:simpleType name="urlTYPE" >
3687. <xs:annotation>
3688. <xs:documentation>
3689. Type that restricts a string to either an absolute https URL. Matches https://domain/path.
3690. </xs:documentation>
3691. </xs:annotation>
3692. <xs:restriction base="xs:string">
3693. <xs:pattern value="^(https://)([\w.,@?^=%&amp;:~+#\-_$!’();]+/)*([\w.,@?^=%&amp;:~+#\-_$!’();]+/?)$" />
3694. </xs:restriction>
3695. </xs:simpleType>
3696.  
3697. <xs:simpleType name="DeploymentModeType">
3698. <xs:annotation>
3699. <xs:documentation>
3700. The names of the valid values for a policy's DeploymentMode attribute.
3701. </xs:documentation>
3702. </xs:annotation>
3703. <xs:restriction base="xs:string">
3704. <xs:enumeration value="Development" />
3705. <xs:enumeration value="Production" />
3706. <xs:enumeration value="Debugging" />
3707. </xs:restriction>
3708. </xs:simpleType>
3709.  
3710. <xs:simpleType name="SessionExpiryTypeTYPE">
3711. <xs:annotation>
3712. <xs:documentation>
3713. The names of the valid values the single sign on session type.
3714. </xs:documentation>
3715. </xs:annotation>
3716. <xs:restriction base="xs:string">
3717. <xs:enumeration value="Rolling" />
3718. <xs:enumeration value="Absolute" />
3719. </xs:restriction>
3720. </xs:simpleType>
3721.  
3722. <xs:simpleType name="DerivingPoliciesType">
3723. <xs:annotation>
3724. <xs:documentation>
3725. Represents the type of deriving policies that can be specified for policy inheritance.
3726. </xs:documentation>
3727. </xs:annotation>
3728. <xs:restriction base="xs:string">
3729. <xs:enumeration value="All">
3730. <xs:annotation>
3731. <xs:documentation>Any policy can inherit from this policy.</xs:documentation>
3732. </xs:annotation>
3733. </xs:enumeration>
3734. <xs:enumeration value="SameTenant">
3735. <xs:annotation>
3736. <xs:documentation>Only policies in the same tenant can inherit from this policy. The default.</xs:documentation>
3737. </xs:annotation>
3738. </xs:enumeration>
3739. <xs:enumeration value="AllowList">
3740. <xs:annotation>
3741. <xs:documentation>Only tenants explicitly listed in the tenants list can inherit from this policy.</xs:documentation>
3742. </xs:annotation>
3743. </xs:enumeration>
3744. <xs:enumeration value="DenyList">
3745. <xs:annotation>
3746. <xs:documentation>Only tenants explicitly listed in the tenants list are blocked from inheriting from this policy. Anyone else can.</xs:documentation>
3747. </xs:annotation>
3748. </xs:enumeration>
3749. </xs:restriction>
3750. </xs:simpleType>
3751.  
3752. <xs:simpleType name="PatternTYPE">
3753. <xs:annotation>
3754. <xs:documentation>
3755. The types of pattern constraints that can be used when
3756. constraining policies.
3757. </xs:documentation>
3758. </xs:annotation>
3759. <xs:restriction base="xs:string">
3760. <xs:enumeration value="Prefix" >
3761. <xs:annotation>
3762. <xs:documentation>
3763. Specifies that a policy id needs to start with the specified prefix.
3764. </xs:documentation>
3765. </xs:annotation>
3766. </xs:enumeration>
3767. </xs:restriction>
3768. </xs:simpleType>
3769.  
3770. <xs:simpleType name="SubJourneyTYPE">
3771. <xs:annotation>
3772. <xs:documentation>
3773. Represents the types of SubJourneys that can be constructed in policy.
3774. </xs:documentation>
3775. </xs:annotation>
3776. <xs:restriction base="xs:string">
3777. <xs:enumeration value="Transfer">
3778. <xs:annotation>
3779. <xs:documentation>
3780. Represents a type of SubJourney that transfer control from the current execution context, either a SubJourney or UserJourney, into a new SubJourney execution context.
3781. </xs:documentation>
3782. </xs:annotation>
3783. </xs:enumeration>
3784. <xs:enumeration value="Call">
3785. <xs:annotation>
3786. <xs:documentation>
3787. Represents a type of SubJourney that is executed inside of the current User Journey. The invoked SubJourney yields control back to the original User Journey or SubJourney upon completion
3788. </xs:documentation>
3789. </xs:annotation>
3790. </xs:enumeration>
3791. </xs:restriction>
3792. </xs:simpleType>
3793.  
3794. <xs:simpleType name="nonemptystring">
3795. <xs:annotation>
3796. <xs:documentation>
3797. Represents a string which cannot be empty.
3798. </xs:documentation>
3799. </xs:annotation>
3800. <xs:restriction base="xs:string">
3801. <xs:maxLength value="256"/>
3802. <xs:minLength value="1" />
3803. </xs:restriction>
3804. </xs:simpleType>
3805.  
3806. </xs:schema>