add AuthZ part and corrections

Security-filter-gen/catalog.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
+	<!-- For AuthZForce SchemaHandler -->
+	<system systemId="http://www.w3.org/2001/xml.xsd" uri="classpath:xml.xsd" />
+	<uri name="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" uri="classpath:xacml-core-v3-schema-wd-17.xsd" />
+	<uri name="http://authzforce.github.io/xmlns/pdp/ext/3" uri="classpath:pdp-ext-base.xsd" />
+</catalog>
\ No newline at end of file

Security-filter-gen/pdp.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Testing parameter 'maxPolicySetRefDepth' -->
+<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0" version="5.0.0" requestFilter="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax">
+   <rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/policy.xml" />
+</pdp>
\ No newline at end of file

Security-filter-gen/pdp.xsd

+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+
+ <xs:annotation>
+  <xs:documentation>
+   See http://www.w3.org/XML/1998/namespace.html and
+   http://www.w3.org/TR/REC-xml for information about this namespace.
+
+    This schema document describes the XML namespace, in a form
+    suitable for import by other schema documents.  
+
+    Note that local names in this namespace are intended to be defined
+    only by the World Wide Web Consortium or its subgroups.  The
+    following names are currently defined in this namespace and should
+    not be used with conflicting semantics by any Working Group,
+    specification, or document instance:
+
+    base (as an attribute name): denotes an attribute whose value
+         provides a URI to be used as the base for interpreting any
+         relative URIs in the scope of the element on which it
+         appears; its value is inherited.  This name is reserved
+         by virtue of its definition in the XML Base specification.
+
+    id   (as an attribute name): denotes an attribute whose value
+         should be interpreted as if declared to be of type ID.
+         The xml:id specification is not yet a W3C Recommendation,
+         but this attribute is included here to facilitate experimentation
+         with the mechanisms it proposes.  Note that it is _not_ included
+         in the specialAttrs attribute group.
+
+    lang (as an attribute name): denotes an attribute whose value
+         is a language code for the natural language of the content of
+         any element; its value is inherited.  This name is reserved
+         by virtue of its definition in the XML specification.
+  
+    space (as an attribute name): denotes an attribute whose
+         value is a keyword indicating what whitespace processing
+         discipline is intended for the content of the element; its
+         value is inherited.  This name is reserved by virtue of its
+         definition in the XML specification.
+
+    Father (in any context at all): denotes Jon Bosak, the chair of 
+         the original XML Working Group.  This name is reserved by 
+         the following decision of the W3C XML Plenary and 
+         XML Coordination groups:
+
+             In appreciation for his vision, leadership and dedication
+             the W3C XML Plenary on this 10th day of February, 2000
+             reserves for Jon Bosak in perpetuity the XML name
+             xml:Father
+  </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+  <xs:documentation>This schema defines attributes and an attribute group
+        suitable for use by
+        schemas wishing to allow xml:base, xml:lang, xml:space or xml:id
+        attributes on elements they define.
+
+        To enable this, such a schema must import this schema
+        for the XML namespace, e.g. as follows:
+        &lt;schema . . .>
+         . . .
+         &lt;import namespace="http://www.w3.org/XML/1998/namespace"
+                    schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+
+        Subsequently, qualified reference to any of the attributes
+        or the group defined below will have the desired effect, e.g.
+
+        &lt;type . . .>
+         . . .
+         &lt;attributeGroup ref="xml:specialAttrs"/>
+ 
+         will define a type which will schema-validate an instance
+         element with any of those attributes</xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+  <xs:documentation>In keeping with the XML Schema WG's standard versioning
+   policy, this schema document will persist at
+   http://www.w3.org/2005/08/xml.xsd.
+   At the date of issue it can also be found at
+   http://www.w3.org/2001/xml.xsd.
+   The schema document at that URI may however change in the future,
+   in order to remain compatible with the latest version of XML Schema
+   itself, or with the XML namespace itself.  In other words, if the XML
+   Schema or XML namespaces change, the version of this document at
+   http://www.w3.org/2001/xml.xsd will change
+   accordingly; the version at
+   http://www.w3.org/2005/08/xml.xsd will not change.
+  </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="lang">
+  <xs:annotation>
+   <xs:documentation>Attempting to install the relevant ISO 2- and 3-letter
+         codes as the enumerated possible values is probably never
+         going to be a realistic possibility.  See
+         RFC 3066 at http://www.ietf.org/rfc/rfc3066.txt and the IANA registry
+         at http://www.iana.org/assignments/lang-tag-apps.htm for
+         further information.
+
+         The union allows for the 'un-declaration' of xml:lang with
+         the empty string.</xs:documentation>
+  </xs:annotation>
+  <xs:simpleType>
+   <xs:union memberTypes="xs:language">
+    <xs:simpleType>    
+     <xs:restriction base="xs:string">
+      <xs:enumeration value=""/>
+     </xs:restriction>
+    </xs:simpleType>
+   </xs:union>
+  </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="space">
+  <xs:simpleType>
+   <xs:restriction base="xs:NCName">
+    <xs:enumeration value="default"/>
+    <xs:enumeration value="preserve"/>
+   </xs:restriction>
+  </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="base" type="xs:anyURI">
+  <xs:annotation>
+   <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
+                     information about this attribute.</xs:documentation>
+  </xs:annotation>
+ </xs:attribute>
+ 
+ <xs:attribute name="id" type="xs:ID">
+  <xs:annotation>
+   <xs:documentation>See http://www.w3.org/TR/xml-id/ for
+                     information about this attribute.</xs:documentation>
+  </xs:annotation>
+ </xs:attribute>
+
+ <xs:attributeGroup name="specialAttrs">
+  <xs:attribute ref="xml:base"/>
+  <xs:attribute ref="xml:lang"/>
+  <xs:attribute ref="xml:space"/>
+ </xs:attributeGroup>
+
+</xs:schema>

Security-filter-gen/policy.xml

+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy PolicyId="policyID" Version="2.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
+    <Description>description</Description>
+    <Target/>
+    <Rule RuleId="ruleID" Effect="Permit">
+        <Description>description</Description>
+        <Target>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test1</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                 </AllOf>
+                <AllOf>
+                     <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test2</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                 </AllOf>
+                <AllOf>
+                     <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test3</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                 </AllOf>
+            </AnyOf>
+        </Target>
+    </Rule>
+</Policy>

Security-filter-gen/src/main/java/eu/chorevolution/transformations/sfgenerator/impl/SFGeneratorImpl.java

@@ -21,6 +21,7 @@ import org.eclipse.emf.common.util.URI;
 import eu.chorevolution.transformations.sfgenerator.SFGeneratorException;
 import eu.chorevolution.transformations.sfgenerator.SFType;
 import eu.chorevolution.transformations.sfgenerator.impl.utility.Utilities;
+import eu.chorevolution.transformations.sfgenerator.impl.utility.XACMLGeneration;
 import eu.chorevolution.transformations.sfgenerator.model.SF;
 import eu.chorevolution.transformations.sfgenerator.util.SecurityModelUtil;
 import eu.chorevolution.modelingnotations.configuration.ObjectFactory;
@@ -149,6 +150,10 @@ public class SFGeneratorImpl implements SFGenerator {
 			Utilities.addConfigFileintoWar(destDir, configurationFile);
 			File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);
 			Utilities.addWebXmlFileintoWar(destDir, webXml);
+			
+			File XACMLPolicies = XACMLGeneration.createXACMLFile(destDir, groups);
+			Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
+			
 			sf.setWar(Utilities.getBytesFromWar(warResultFile));
 			Utilities.deleteProjectFolder(destDir);
 		} catch (IOException e) {
@@ -173,6 +178,8 @@ public class SFGeneratorImpl implements SFGenerator {
 			Utilities.addConfigFileintoWar(destDir, configurationFile);
 			File webXml = Utilities.createWebXml(destDir, sf.getName(), STSUrl);
 			Utilities.addWebXmlFileintoWar(destDir, webXml);
+			File XACMLPolicies = XACMLGeneration.createXACMLFile(destDir, groups);
+			Utilities.addXACMLPoliciesFileintoWar(destDir, XACMLPolicies);
 			sf.setWar(Utilities.getBytesFromWar(warResultFile));
 			Utilities.deleteProjectFolder(destDir);
 		} catch (IOException e) {
@@ -185,8 +192,8 @@ public class SFGeneratorImpl implements SFGenerator {
 
 	public static void main(String[] args) throws IOException {
 		List<String> groups = new ArrayList<String>();
-		groups.add("groups1");
-		groups.add("groups2");
+		groups.add("group1");
+		groups.add("group5");
  
 		{
 			System.out.println("Generation of a SF in front of the choreography");
@@ -195,7 +202,7 @@ public class SFGeneratorImpl implements SFGenerator {
 			SFGenerator cdGenerator = new SFGeneratorImpl();
 			
 			String domain = "domain2";
-			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", domain , groups);
+			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", domain , groups);
 			FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
 		}
 
@@ -206,7 +213,7 @@ public class SFGeneratorImpl implements SFGenerator {
 			byte[] securityModel = Files.readAllBytes(securityPath);
 
 			SFGenerator cdGenerator = new SFGeneratorImpl();		
-			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", securityModel, groups, null);
+			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
 			FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
 		}
 
@@ -221,7 +228,7 @@ public class SFGeneratorImpl implements SFGenerator {
 			account.setLogin("root");
 			account.setPassword("password");
 			
-			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", securityModel, groups, account);
+			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, account);
 			FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
 		}
 
@@ -232,7 +239,7 @@ public class SFGeneratorImpl implements SFGenerator {
 			byte[] securityModel = Files.readAllBytes(securityPath);
 
 			SFGenerator cdGenerator = new SFGeneratorImpl();
-			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService/services/securitytokenservice", securityModel, groups, null);
+			SF cd = cdGenerator.generateSecurityFilter(SFName,"SF", "http://127.0.0.1:8080/SecurityTokenService", securityModel, groups, null);
 			FileUtils.writeByteArrayToFile(new File( "." + File.separatorChar + SFName + File.separatorChar + "SecurityfilterServletProxy.war"), cd.getWar());
 		}
 

Security-filter-gen/src/main/java/eu/chorevolution/transformations/sfgenerator/impl/utility/Utilities.java

@@ -99,7 +99,7 @@ public class Utilities {
 				.append("\t\t <filter-class>eu.chorevolution.SecurityFilter</filter-class>").append(System.getProperty("line.separator"))
 				.append("\t\t <init-param>").append(System.getProperty("line.separator"))
 				.append("\t\t\t <param-name>STS-URL</param-name>").append(System.getProperty("line.separator"))
-				.append("\t\t\t <param-value>"+sTSUrl+"?wsdl</param-value>").append(System.getProperty("line.separator"))
+				.append("\t\t\t <param-value>"+sTSUrl+"</param-value>").append(System.getProperty("line.separator"))
 				.append("\t\t </init-param>").append(System.getProperty("line.separator"))
 				.append("\t </filter>").append(System.getProperty("line.separator"))
 
@@ -283,4 +283,19 @@ public class Utilities {
 			e2.printStackTrace();
 		}
 	}
+
+	public static void addXACMLPoliciesFileintoWar(String projectDir, File xACMLPolicies) {
+		Map<String, String> env = new HashMap<>();
+		env.put("create", "true");
+		Path path = Paths.get(projectDir +System.getProperty("file.separator") + WARTEMPLATENAME);
+		URI uri = URI.create("jar:" + path.toUri());
+		try (FileSystem fs = FileSystems.newFileSystem(uri, env))
+		{
+			Files.copy(xACMLPolicies.toPath(), fs.getPath( "/WEB-INF/policy.xml" ), StandardCopyOption.REPLACE_EXISTING);
+		} catch (IOException e2) {
+			// TODO Auto-generated catch block
+			e2.printStackTrace();
+		}
+		
+	}
 }

Security-filter-gen/src/main/java/eu/chorevolution/transformations/sfgenerator/impl/utility/XACMLGeneration.java

 package eu.chorevolution.transformations.sfgenerator.impl.utility;
 
+import java.io.File;
 import java.io.Serializable;
 import java.io.StringWriter;
 import java.math.BigInteger;
@@ -8,11 +9,14 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.swing.text.html.HTMLDocument.Iterator;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Marshaller;
 import javax.xml.namespace.QName;
 
+import org.apache.commons.io.FileUtils;
+
 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressions;
 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf;
 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOf;
@@ -35,14 +39,22 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Target;;
 
 public class XACMLGeneration {
 	public static void main(String[] args) {
-		XACMLGeneration c = new XACMLGeneration();
-		c.generateXACML();
+		List<String> groups = new ArrayList<String>();
+		groups.add("group1");
+		groups.add("group2");
+		groups.add("group3");
+		String destDir = FileUtils.getTempDirectoryPath();
+		XACMLGeneration.createXACMLFile(destDir, groups);
 	}
-
-	public void generateXACML(){
+	
+	
+	
+	
+	public static File createXACMLFile(String destDir, List<String> groups){
+		
+		File XACMLPolicies = new File(destDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"policy.xml");;
 		String description = "description";
-		List<Serializable> content = new ArrayList<Serializable>();
-		content.add("test");
+
 		PolicyIssuer policyIssuer = null;
 		Target target = new Target(null);
 		ObligationExpressions obligationExpressions = null;
@@ -58,26 +70,36 @@ public class XACMLGeneration {
 		String ruleId = "ruleID";
 		EffectType effect = EffectType.PERMIT;
 		List<AnyOf> anyOves = new ArrayList<AnyOf>();
+		
 		List<AllOf> allOves = new ArrayList<AllOf>();
-		List<Match> matches = new ArrayList<Match>();
-		String matchId = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
-		String category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
-		String attributeId = "attributeId";
-		String dataType = "http://www.w3.org/2001/XMLSchema#string";
-		String issuer = null;
-		boolean mustBePresent  = false;
-		AttributeDesignatorType attributeDesignator = new AttributeDesignatorType(category, attributeId, dataType, issuer, mustBePresent);
-		AttributeSelectorType attributeSelector = null;
-		Map<QName, String> otherAttributes = new HashMap<QName, String>();
-		AttributeValueType attributeValue = new AttributeValueType(content, dataType, otherAttributes);
-		Match match = new Match(attributeValue, attributeSelector, attributeDesignator, matchId);
-		matches.add(match );
-		matches.add(match );
-		AllOf e2 = new AllOf(matches);
 		
-		allOves.add(e2);
+		
+		for (java.util.Iterator iterator = groups.iterator(); iterator.hasNext();) {
+			String group = (String) iterator.next();
+			
+			List<Match> matches = new ArrayList<Match>();
+			String matchId = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
+			String category = "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
+			String attributeId = "group";
+			String dataType = "http://www.w3.org/2001/XMLSchema#string";
+			String issuer = null;
+			boolean mustBePresent  = false;
+			AttributeDesignatorType attributeDesignator = new AttributeDesignatorType(category, attributeId, dataType, issuer, mustBePresent);
+			AttributeSelectorType attributeSelector = null;
+			Map<QName, String> otherAttributes = new HashMap<QName, String>();
+			List<Serializable> content = new ArrayList<Serializable>();
+			content.add(group);
+			AttributeValueType attributeValue = new AttributeValueType(content, dataType, otherAttributes);
+			Match match = new Match(attributeValue, attributeSelector, attributeDesignator, matchId);
+			matches.add(match );
+			AllOf e2 = new AllOf(matches);
+			allOves.add(e2);
+
+			
+		}
 		AnyOf e = new AnyOf(allOves);
 		anyOves.add(e);
+
 		Target targetrule = new Target(anyOves);
 		Rule rule1 = new Rule(description, targetrule, condition, obligationExpressions, adviceExpressions, ruleId, effect);
 		combinerParametersAndRuleCombinerParametersAndVariableDefinitions.add(rule1);
@@ -95,10 +117,6 @@ public class XACMLGeneration {
 
 
 		ObjectFactory xacmlFactory = new ObjectFactory();
-		//PolicySet policySet = xacmlFactory.createPolicySet();
-
-
-
 
 		try {
 			StringWriter writer = new StringWriter();
@@ -106,14 +124,16 @@ public class XACMLGeneration {
 			context = JAXBContext.newInstance(PolicySet.class);
 			Marshaller m = context.createMarshaller();
 			m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
-			m.marshal(policy, writer);
+			m.marshal(policy, XACMLPolicies);
 
-			String theXML = writer.toString();
-			System.out.println(theXML);
+//			String theXML = writer.toString();
+//			System.out.println(theXML);
 		} catch (JAXBException ex) {
 			// TODO Auto-generated catch block
 			ex.printStackTrace();
 		}
 
+		return XACMLPolicies;
 	}
+
 }

Security-filter-gen/test.xml

+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy PolicyId="policyID" Version="2.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
+    <Description>description</Description>
+    <Target/>
+    <Rule RuleId="ruleID" Effect="Permit">
+        <Description>description</Description>
+        <Target>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test1</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                 </AllOf>
+            </AnyOf>
+            <AnyOf>
+                <AllOf>
+                     <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test2</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                 </AllOf>
+            </AnyOf>
+            <AnyOf>
+                <AllOf>
+                     <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">test3</AttributeValue>
+                        <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                 </AllOf>
+            </AnyOf>
+        </Target>
+    </Rule>
+</Policy>

Security-filter-gen/xacml-core-v3-schema-wd-17.xsd

+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright OASIS Open 2010. All Rights Reserved. -->
+<xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+	xmlns:xs="http://www.w3.org/2001/XMLSchema"
+	targetNamespace="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+	elementFormDefault="qualified" attributeFormDefault="unqualified">
+
+	<xs:import namespace="http://www.w3.org/XML/1998/namespace"
+		schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+
+	<xs:element name="Request" type="xacml:RequestType"/>
+	<xs:complexType name="RequestType">
+		<xs:sequence>
+			<xs:element ref="xacml:RequestDefaults" minOccurs="0"/>
+			<xs:element ref="xacml:Attributes" maxOccurs="unbounded"/>
+			<xs:element ref="xacml:MultiRequests" minOccurs="0"/>
+		</xs:sequence>
+		<xs:attribute name="ReturnPolicyIdList" type="xs:boolean" use="required" />
+		<xs:attribute name="CombinedDecision" type="xs:boolean" use="required" />
+	</xs:complexType>
+
+	<xs:element name="RequestDefaults" type="xacml:RequestDefaultsType"/>
+	<xs:complexType name="RequestDefaultsType">
+		<xs:sequence>
+			<xs:choice>
+				<xs:element ref="xacml:XPathVersion"/>
+			</xs:choice>
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:element name="Response" type="xacml:ResponseType"/>
+	<xs:complexType name="ResponseType">
+		<xs:sequence>
+			<xs:element ref="xacml:Result" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:element name="Content" type="xacml:ContentType"/>
+	<xs:complexType name="ContentType" mixed="true">
+		<xs:sequence>
+			<xs:any namespace="##any" processContents="lax"/>
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:element name="Result" type="xacml:ResultType"/>
+	<xs:complexType name="ResultType">
+		<xs:sequence>
+			<xs:element ref="xacml:Decision"/>
+			<xs:element ref="xacml:Status" minOccurs="0"/>
+			<xs:element ref="xacml:Obligations" minOccurs="0"/>
+			<xs:element ref="xacml:AssociatedAdvice" minOccurs="0"/>
+			<xs:element ref="xacml:Attributes" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element ref="xacml:PolicyIdentifierList" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:element name="PolicyIdentifierList" type="xacml:PolicyIdentifierListType"/>
+	<xs:complexType name="PolicyIdentifierListType">
+		<xs:choice minOccurs="0" maxOccurs="unbounded">
+			<xs:element ref="xacml:PolicyIdReference"/>
+			<xs:element ref="xacml:PolicySetIdReference"/>
+		</xs:choice>
+	</xs:complexType>
+
+	<xs:element name="Decision" type="xacml:DecisionType"/>
+	<xs:simpleType name="DecisionType">
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="Permit"/>
+			<xs:enumeration value="Deny"/>
+			<xs:enumeration value="Indeterminate"/>
+			<xs:enumeration value="NotApplicable"/>
+		</xs:restriction>
+	</xs:simpleType>
+
+	<xs:element name="Status" type="xacml:StatusType"/>
+	<xs:complexType name="StatusType">
+		<xs:sequence>
+			<xs:element ref="xacml:StatusCode"/>
+			<xs:element ref="xacml:StatusMessage" minOccurs="0"/>
+			<xs:element ref="xacml:StatusDetail" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:element name="StatusCode" type="xacml:StatusCodeType"/>
+	<xs:complexType name="StatusCodeType">
+		<xs:sequence>
+			<xs:element ref="xacml:StatusCode" minOccurs="0"/>
+		</xs:sequence>
+		<xs:attribute name="Value" type="xs:anyURI" use="required"/>
+	</xs:complexType>
+
+	<xs:element name="StatusMessage" type="xs:string"/>
+
+	<xs:element name="StatusDetail" type="xacml:StatusDetailType"/>
+	<xs:complexType name="StatusDetailType">
+		<xs:sequence>
+			<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+
+	<xs:element name="MissingAttributeDetail" type="xacml:MissingAttributeDetailType"/>
+	<xs:complexType name="MissingAttributeDetailType">
+		<xs:sequence>
+			<xs:element ref="xacml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+		<xs:attribute name="Category" type="xs:anyURI" use="required"/>
+		<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
+		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
+		<xs:attribute name="Issuer" type="xs:string" use="optional"/>