Commit 938da13a authored by frederic motte's avatar frederic motte
Browse files

add AuthZ part and corrections

parent 35aee76f
<?xml version="1.0" encoding="UTF-8"?>
<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
<!-- For AuthZForce SchemaHandler -->
<system systemId="http://www.w3.org/2001/xml.xsd" uri="classpath:xml.xsd" />
<uri name="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" uri="classpath:xacml-core-v3-schema-wd-17.xsd" />
<uri name="http://authzforce.github.io/xmlns/pdp/ext/3" uri="classpath:pdp-ext-base.xsd" />
</catalog>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0" version="5.0.0" requestFilter="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax">
<rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/policy.xml" />
</pdp>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">
<xs:annotation>
<xs:documentation>
See http://www.w3.org/XML/1998/namespace.html and
http://www.w3.org/TR/REC-xml for information about this namespace.
This schema document describes the XML namespace, in a form
suitable for import by other schema documents.
Note that local names in this namespace are intended to be defined
only by the World Wide Web Consortium or its subgroups. The
following names are currently defined in this namespace and should
not be used with conflicting semantics by any Working Group,
specification, or document instance:
base (as an attribute name): denotes an attribute whose value
provides a URI to be used as the base for interpreting any
relative URIs in the scope of the element on which it
appears; its value is inherited. This name is reserved
by virtue of its definition in the XML Base specification.
id (as an attribute name): denotes an attribute whose value
should be interpreted as if declared to be of type ID.
The xml:id specification is not yet a W3C Recommendation,
but this attribute is included here to facilitate experimentation
with the mechanisms it proposes. Note that it is _not_ included
in the specialAttrs attribute group.
lang (as an attribute name): denotes an attribute whose value
is a language code for the natural language of the content of
any element; its value is inherited. This name is reserved
by virtue of its definition in the XML specification.
space (as an attribute name): denotes an attribute whose
value is a keyword indicating what whitespace processing
discipline is intended for the content of the element; its
value is inherited. This name is reserved by virtue of its
definition in the XML specification.
Father (in any context at all): denotes Jon Bosak, the chair of
the original XML Working Group. This name is reserved by
the following decision of the W3C XML Plenary and
XML Coordination groups:
In appreciation for his vision, leadership and dedication
the W3C XML Plenary on this 10th day of February, 2000
reserves for Jon Bosak in perpetuity the XML name
xml:Father
</xs:documentation>
</xs:annotation>
<xs:annotation>
<xs:documentation>This schema defines attributes and an attribute group
suitable for use by
schemas wishing to allow xml:base, xml:lang, xml:space or xml:id
attributes on elements they define.
To enable this, such a schema must import this schema
for the XML namespace, e.g. as follows:
&lt;schema . . .>
. . .
&lt;import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
Subsequently, qualified reference to any of the attributes
or the group defined below will have the desired effect, e.g.
&lt;type . . .>
. . .
&lt;attributeGroup ref="xml:specialAttrs"/>
will define a type which will schema-validate an instance
element with any of those attributes</xs:documentation>
</xs:annotation>
<xs:annotation>
<xs:documentation>In keeping with the XML Schema WG's standard versioning
policy, this schema document will persist at
http://www.w3.org/2005/08/xml.xsd.
At the date of issue it can also be found at
http://www.w3.org/2001/xml.xsd.
The schema document at that URI may however change in the future,
in order to remain compatible with the latest version of XML Schema
itself, or with the XML namespace itself. In other words, if the XML
Schema or XML namespaces change, the version of this document at
http://www.w3.org/2001/xml.xsd will change
accordingly; the version at
http://www.w3.org/2005/08/xml.xsd will not change.
</xs:documentation>
</xs:annotation>
<xs:attribute name="lang">
<xs:annotation>
<xs:documentation>Attempting to install the relevant ISO 2- and 3-letter
codes as the enumerated possible values is probably never
going to be a realistic possibility. See
RFC 3066 at http://www.ietf.org/rfc/rfc3066.txt and the IANA registry
at http://www.iana.org/assignments/lang-tag-apps.htm for
further information.
The union allows for the 'un-declaration' of xml:lang with
the empty string.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:union memberTypes="xs:language">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value=""/>
</xs:restriction>
</xs:simpleType>
</xs:union>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="space">
<xs:simpleType>
<xs:restriction base="xs:NCName">
<xs:enumeration value="default"/>
<xs:enumeration value="preserve"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="base" type="xs:anyURI">
<xs:annotation>
<xs:documentation>See http://www.w3.org/TR/xmlbase/ for
information about this attribute.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="id" type="xs:ID">
<xs:annotation>
<xs:documentation>See http://www.w3.org/TR/xml-id/ for
information about this attribute.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup name="specialAttrs">
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
<xs:attribute ref="xml:space"/>
</xs:attributeGroup>
</xs:schema>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Policy PolicyId="policyID" Version="2.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Description>description</Description>
<Target/>
<Rule RuleId="ruleID" Effect="Permit">
<Description>description</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test1</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test2</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test3</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
</Rule>
</Policy>
......@@ -21,6 +21,7 @@ import org.eclipse.emf.common.util.URI;
import eu.chorevolution.transformations.sfgenerator.SFGeneratorException;
import eu.chorevolution.transformations.sfgenerator.SFType;
import eu.chorevolution.transformations.sfgenerator.impl.utility.Utilities;
import eu.chorevolution.transformations.sfgenerator.impl.utility.XACMLGeneration;
import eu.chorevolution.transformations.sfgenerator.model.SF;
import eu.chorevolution.transformations.sfgenerator.util.SecurityModelUtil;
import eu.chorevolution.modelingnotations.configuration.ObjectFactory;
......@@ -149,6 +150,10 @@ public class SFGeneratorImpl implements SFGenerator {
Utilities.addConfigFileintoWar(destDir, configurationFile);
File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);
Utilities.addWebXmlFileintoWar(destDir, webXml);
File XACMLPolicies = XACMLGeneration.createXACMLFile(destDir, groups);
Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
sf.setWar(Utilities.getBytesFromWar(warResultFile));
Utilities.deleteProjectFolder(destDir);
} catch (IOException e) {
......@@ -173,6 +178,8 @@ public class SFGeneratorImpl implements SFGenerator {
Utilities.addConfigFileintoWar(destDir, configurationFile);
File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);
Utilities.addWebXmlFileintoWar(destDir, webXml);
File XACMLPolicies = XACMLGeneration.createXACMLFile(destDir, groups);
Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
sf.setWar(Utilities.getBytesFromWar(warResultFile));
Utilities.deleteProjectFolder(destDir);
} catch (IOException e) {
......@@ -185,8 +192,8 @@ public class SFGeneratorImpl implements SFGenerator {
public static void main(String[] args) throws IOException {
List<String> groups = new ArrayList<String>();
groups.add("groups1");
groups.add("groups2");
groups.add("group1");
groups.add("group5");
{
System.out.println("Generation of a SF in front of the choreography");
......@@ -195,7 +202,7 @@ public class SFGeneratorImpl implements SFGenerator {
SFGenerator cdGenerator = new SFGeneratorImpl();
String domain = "domain2";
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", domain , groups);
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", domain , groups);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
......@@ -206,7 +213,7 @@ public class SFGeneratorImpl implements SFGenerator {
byte[] securityModel = Files.readAllBytes(securityPath);
SFGenerator cdGenerator = new SFGeneratorImpl();
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", securityModel, groups, null);
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
......@@ -221,7 +228,7 @@ public class SFGeneratorImpl implements SFGenerator {
account.setLogin("root");
account.setPassword("password");
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", securityModel, groups, account);
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
......@@ -232,7 +239,7 @@ public class SFGeneratorImpl implements SFGenerator {
byte[] securityModel = Files.readAllBytes(securityPath);
SFGenerator cdGenerator = new SFGeneratorImpl();
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", securityModel, groups, null);
SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
}
......
......@@ -99,7 +99,7 @@ public class Utilities {
.append("\t\t <filter-class>eu.chorevolution.SecurityFilter</filter-class>").append(System.getProperty("line.separator"))
.append("\t\t <init-param>").append(System.getProperty("line.separator"))
.append("\t\t\t <param-name>STS-URL</param-name>").append(System.getProperty("line.separator"))
.append("\t\t\t <param-value>"+sTSUrl+"?wsdl</param-value>").append(System.getProperty("line.separator"))
.append("\t\t\t <param-value>"+sTSUrl+"</param-value>").append(System.getProperty("line.separator"))
.append("\t\t </init-param>").append(System.getProperty("line.separator"))
.append("\t </filter>").append(System.getProperty("line.separator"))
......@@ -283,4 +283,19 @@ public class Utilities {
e2.printStackTrace();
}
}
public static void addXACMLPoliciesFileintoWar(String projectDir, File xACMLPolicies) {
Map<String, String> env = new HashMap<>();
env.put("create", "true");
Path path = Paths.get(projectDir +System.getProperty("file.separator") + WARTEMPLATENAME);
URI uri = URI.create("jar:" + path.toUri());
try (FileSystem fs = FileSystems.newFileSystem(uri, env))
{
Files.copy(xACMLPolicies.toPath(), fs.getPath( "/WEB-INF/policy.xml" ), StandardCopyOption.REPLACE_EXISTING);
} catch (IOException e2) {
// TODO Auto-generated catch block
e2.printStackTrace();
}
}
}
package eu.chorevolution.transformations.sfgenerator.impl.utility;
import java.io.File;
import java.io.Serializable;
import java.io.StringWriter;
import java.math.BigInteger;
......@@ -8,11 +9,14 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.swing.text.html.HTMLDocument.Iterator;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.namespace.QName;
import org.apache.commons.io.FileUtils;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOf;
......@@ -35,14 +39,22 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Target;;
public class XACMLGeneration {
public static void main(String[] args) {
XACMLGeneration c = new XACMLGeneration();
c.generateXACML();
List<String> groups = new ArrayList<String>();
groups.add("group1");
groups.add("group2");
groups.add("group3");
String destDir = FileUtils.getTempDirectoryPath();
XACMLGeneration.createXACMLFile(destDir, groups);
}
public void generateXACML(){
public static File createXACMLFile(String destDir, List<String> groups){
File XACMLPolicies = new File(destDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"policy.xml");;
String description = "description";
List<Serializable> content = new ArrayList<Serializable>();
content.add("test");
PolicyIssuer policyIssuer = null;
Target target = new Target(null);
ObligationExpressions obligationExpressions = null;
......@@ -58,26 +70,36 @@ public class XACMLGeneration {
String ruleId = "ruleID";
EffectType effect = EffectType.PERMIT;
List<AnyOf> anyOves = new ArrayList<AnyOf>();
List<AllOf> allOves = new ArrayList<AllOf>();
List<Match> matches = new ArrayList<Match>();
String matchId = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
String category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
String attributeId = "attributeId";
String dataType = "http://www.w3.org/2001/XMLSchema#string";
String issuer = null;
boolean mustBePresent = false;
AttributeDesignatorType attributeDesignator = new AttributeDesignatorType(category, attributeId, dataType, issuer, mustBePresent);
AttributeSelectorType attributeSelector = null;
Map<QName, String> otherAttributes = new HashMap<QName, String>();
AttributeValueType attributeValue = new AttributeValueType(content, dataType, otherAttributes);
Match match = new Match(attributeValue, attributeSelector, attributeDesignator, matchId);
matches.add(match );
matches.add(match );
AllOf e2 = new AllOf(matches);
allOves.add(e2);
for (java.util.Iterator iterator = groups.iterator(); iterator.hasNext();) {
String group = (String) iterator.next();
List<Match> matches = new ArrayList<Match>();
String matchId = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
String category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
String attributeId = "group";
String dataType = "http://www.w3.org/2001/XMLSchema#string";
String issuer = null;
boolean mustBePresent = false;
AttributeDesignatorType attributeDesignator = new AttributeDesignatorType(category, attributeId, dataType, issuer, mustBePresent);
AttributeSelectorType attributeSelector = null;
Map<QName, String> otherAttributes = new HashMap<QName, String>();
List<Serializable> content = new ArrayList<Serializable>();
content.add(group);
AttributeValueType attributeValue = new AttributeValueType(content, dataType, otherAttributes);
Match match = new Match(attributeValue, attributeSelector, attributeDesignator, matchId);
matches.add(match );
AllOf e2 = new AllOf(matches);
allOves.add(e2);
}
AnyOf e = new AnyOf(allOves);
anyOves.add(e);
Target targetrule = new Target(anyOves);
Rule rule1 = new Rule(description, targetrule, condition, obligationExpressions, adviceExpressions, ruleId, effect);
combinerParametersAndRuleCombinerParametersAndVariableDefinitions.add(rule1);
......@@ -95,10 +117,6 @@ public class XACMLGeneration {
ObjectFactory xacmlFactory = new ObjectFactory();
//PolicySet policySet = xacmlFactory.createPolicySet();
try {
StringWriter writer = new StringWriter();
......@@ -106,14 +124,16 @@ public class XACMLGeneration {
context = JAXBContext.newInstance(PolicySet.class);
Marshaller m = context.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
m.marshal(policy, writer);
m.marshal(policy, XACMLPolicies);
String theXML = writer.toString();
System.out.println(theXML);
// String theXML = writer.toString();
// System.out.println(theXML);
} catch (JAXBException ex) {
// TODO Auto-generated catch block
ex.printStackTrace();
}
return XACMLPolicies;
}
}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Policy PolicyId="policyID" Version="2.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Description>description</Description>
<Target/>
<Rule RuleId="ruleID" Effect="Permit">
<Description>description</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test1</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test2</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test3</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
</Rule>
</Policy>
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright OASIS Open 2010. All Rights Reserved. -->
<xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<xs:element name="Request" type="xacml:RequestType"/>
<xs:complexType name="RequestType">
<xs:sequence>
<xs:element ref="xacml:RequestDefaults" minOccurs="0"/>
<xs:element ref="xacml:Attributes" maxOccurs="unbounded"/>
<xs:element ref="xacml:MultiRequests" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="ReturnPolicyIdList" type="xs:boolean" use="required" />
<xs:attribute name="CombinedDecision" type="xs:boolean" use="required" />
</xs:complexType>
<xs:element name="RequestDefaults" type="xacml:RequestDefaultsType"/>
<xs:complexType name="RequestDefaultsType">
<xs:sequence>
<xs:choice>
<xs:element ref="xacml:XPathVersion"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:element name="Response" type="xacml:ResponseType"/>
<xs:complexType name="ResponseType">
<xs:sequence>
<xs:element ref="xacml:Result" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Content" type="xacml:ContentType"/>
<xs:complexType name="ContentType" mixed="true">
<xs:sequence>
<xs:any namespace="##any" processContents="lax"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Result" type="xacml:ResultType"/>
<xs:complexType name="ResultType">
<xs:sequence>
<xs:element ref="xacml:Decision"/>
<xs:element ref="xacml:Status" minOccurs="0"/>
<xs:element ref="xacml:Obligations" minOccurs="0"/>
<xs:element ref="xacml:AssociatedAdvice" minOccurs="0"/>
<xs:element ref="xacml:Attributes" minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="xacml:PolicyIdentifierList" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:element name="PolicyIdentifierList" type="xacml:PolicyIdentifierListType"/>
<xs:complexType name="PolicyIdentifierListType">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml:PolicyIdReference"/>
<xs:element ref="xacml:PolicySetIdReference"/>
</xs:choice>
</xs:complexType>
<xs:element name="Decision" type="xacml:DecisionType"/>
<xs:simpleType name="DecisionType">
<xs:restriction base="xs:string">
<xs:enumeration value="Permit"/>
<xs:enumeration value="Deny"/>
<xs:enumeration value="Indeterminate"/>
<xs:enumeration value="NotApplicable"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="Status" type="xacml:StatusType"/>
<xs:complexType name="StatusType">
<xs:sequence>
<xs:element ref="xacml:StatusCode"/>
<xs:element ref="xacml:StatusMessage" minOccurs="0"/>
<xs:element ref="xacml:StatusDetail" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:element name="StatusCode" type="xacml:StatusCodeType"/>
<xs:complexType name="StatusCodeType">
<xs:sequence>
<xs:element ref="xacml:StatusCode" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="Value" type="xs:anyURI" use="required"/>
</xs:complexType>
<xs:element name="StatusMessage" type="xs:string"/>
<xs:element name="StatusDetail" type="xacml:StatusDetailType"/>
<xs:complexType name="StatusDetailType">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:element name="MissingAttributeDetail" type="xacml:MissingAttributeDetailType"/>
<xs:complexType name="MissingAttributeDetailType">
<xs:sequence>
<xs:element ref="xacml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="Category" type="xs:anyURI" use="required"/>
<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="Issuer" type="xs:string" use="optional"/>