Wednesday, January 6, 2010

Oracle Entitlement Server (OES) Web Services SM Demystified

First of all - Happy New Decade - and welcome to the future!

Now, after some well deserved time off, back to it. I was recently visiting with a customer and they asked me for the WSDL associated with the Web Services SM for OES. Seems like a simple request, but what I quickly figured out was that there is no really simple way to get the WSDL (navigating to http://mywssm:8555/someservicename?WSDL). Simpler is definitely better, so this post is not a full-throated defense of how the WebServices SM works, but rather an opportunity to discuss some of the features of the OES client libraries and the PDPProxy specifically. For those who just want to see the WSDL, here it is. I've also included the schema, here. They can also be found in SSM_HOME/webservice-ssm/instance/instancename/config.

Three different SMs - One API - PDP Proxy


There are many different Security Modules (SM) that OES supports but they essentially fall into two categories - centralized or embedded. In the centralized model, applications are making remote calls out to the actual SM service running centrally. OES supports two protocols for centralized SMs - SOAP and RMI. These are affectionately reffered to as the WebServices SM and the RMI SM. In the embededded model, application make calls to the services OES and the authorization enginer is co-located (runs in the same Java process) as the application. This is the Java SM (though when running inside of WLS its called the WLS SM or in WebSphere the WebSphere SM etc.).

When deploying OES into Java applications, you may not know up-front which of the 3 main types of SMs make sense. Initially, you may want to use the WebServices SM because SOAP is a standard and works nicely with the rest of the SOA infrastructure. You may then move to the RMI SM because you need a binary protocol to meet performance requirements. Finally, to get maximium performance, you move to the embedded model and the Java SM. This evolution of SM deployment is natural and to be expected. What would be unatural and unexpected is to have to recode the application just because you were choosing a different SM deployment model. This is the driving thought behind the single Java API.

This is from the SSM_HOME/webservice-ssm/examples/JavaAPIExample/src/java\com\bea\security\examples\JavaAPIExample.java


protected static SecurityRuntime initializeSSM(String configId) {
SecurityRuntime rt = null;

// Initialize this applications configuration
System.out.print("Initializing the Security Runtime ... ");
AppConfig cfg = new AppConfig("Java API Example Application");

cfg.useConfiguration(configId);

// Add this application naming definitions to the config
try {
cfg.addNameAuthorityDefinitionFile("exampleNames.xml");
} catch (FileNotFoundException fnfExc) {
System.out.println(fnfExc.getLocalizedMessage());
return rt;
}

// Initialize the security runtime
try {
SecurityRuntime.initialize(cfg);
} catch (ParameterException pExc) {
// We could not get the policy domain
System.out.println(pExc.getLocalizedMessage());
return rt;
}
catch (Throwable e) {
e.printStackTrace();
return rt;
}

// Get an instance of the runtime
rt = SecurityRuntime.getInstance();
System.out.println("Initialized");

return rt;
}

protected static PolicyDomain tryGetPolicyDomain(SecurityRuntime rt, String configId) {
PolicyDomain pd = null;

try {
pd = rt.getPolicyDomain(configId);
System.out.println("Retrieved Policy Domain");
} catch (ParameterException pExc) {
// We could not get the policy domain
System.out.println(pExc.getLocalizedMessage());
}

return pd;
}

protected static AuthenticationService tryGetAuthenticationService(PolicyDomain pd) {
AuthenticationService atnSvc = null;

try {
atnSvc = (AuthenticationService)pd.getService(ServiceType.AUTHENTICATION);
System.out.println("Retrieved Authentication Service");
} catch (ServiceNotAvailableException naExc) {
// We could not fetch the service
System.out.println(naExc.getLocalizedMessage());
}
return atnSvc;
}

protected static AuthorizationService tryGetAuthorizationService(PolicyDomain pd) {
AuthorizationService atzSvc = null;

try {
atzSvc = (AuthorizationService) pd.getService(ServiceType.AUTHORIZATION);
System.out.println("Retrieved Authorization Service");
} catch (ServiceNotAvailableException naExc) {
// We could not fetch the service
System.out.println(naExc.getLocalizedMessage());
}
return atzSvc;
}



So, the idea is that the SM is just a collection of services - authentication, authorization, roles, audit, credential mapping. These services are accessible from a named configuration called a PolicyDomain. You can see more details of the Java API from the product documentation.. What is interesting is that if you examined the JavaAPIExample from SSM_HOME/java-ssm/examples/JavaAPIExample/src/java\com\bea\security\examples\JavaAPIExample.java, you would see the exact same code. From an API perspective, the type of SM (embedded or centralized) or the protocol (SOAP or RMI) is completely encapsulated.

All of this "magic" is done via what is called the PDPProxy configuration. When an instance of the SM is created with the ConfigTool, a directory is created SSM_HOME/SSM_TYPE/instance/instance-name/config/pdpproxy. In this directory is all of the information (libraries and config), that a client needs to communicate with the SM. At runtime, the Java API looks for a system property -Dpdp.configuration.properties.location to point it to the correct config.


The specific libraries will vary depending on the SM type (axis SOAP library is used for Web Service SM). There is a common configuration file called PDPProxyConfiguration.properties.

# SSM configuration id
SSMConfigID=dt

# Transport indicates underlying transport
# to be used to communicate with the PDP - JAVA / WS / RMI
PDPTransport=WS

# Comma separated list of PDP host & port information.
# For example this could be end point URLs could be,
# http://localhost:9200, or https://localhost:9200
PDPAddress=http://oamwindows:8225

There is more in the file, but this gives the general idea. You can change the PDPTransport and in the case of web-service SM, you define the URL.

Details on the Web Service SM


The basic API pattern is to get a named PolicyDomain and then access the services as needed. The question is, how do you apply this pattern to WebServices? Instead of simply listing each SOAP endpoint in a WSDL, OES uses the concept of the ServiceRegistry. This is basically a service that a client can call to get the location of the other services. With that information in hand, access to the underlying services - authentication, authorization, etc is pretty straight forward. I've included the SOAP Request/Response for the ServiceRegistry which is located at http://WS SM URL/ServiceRegistry.

Service Registry Request


<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><locateService xmlns="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd"><ServiceType>ALES_AUTHORIZATION</ServiceType><SsmId>dt</SsmId></locateService></soapenv:Body></soapenv:Envelope>

Service Registry Response


<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<locateServiceResponse xmlns="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd">
<locateServiceResponse>http://oamwindows:8225/Authorization</locateServiceResponse>
</locateServiceResponse>
</soapenv:Body>
</soapenv:Envelope>

Is this better that just exposing ?WSDL


Personally, I'm not a big fan of "discoverable" security services. For example, I don't like the idea of adding XACML to WS-Policy and making it readily available. Interoperability of WS-Policy as people know from reading this blog is a sore topic for me. In general, I'm OK with a little security by obscurity in this case. Also, in the context of the overall strategy of OES to simplify access via a single Java API, I think this is a good idea, and is in fact easier then using your own tooling to write a SOAP client. And finally, since this pattern is not obvious, OES does certify and provide its own clients for common platforms like MSFT .net.


Reference: WSDL and Schema for Web Services SM


SSM-SOAPWS.wsdl



<?xml version="1.0" encoding="UTF-8"?>

<wsdl:definitions

name="SSM-SOAP-WebService"

targetNamespace="http://security.bea.com/ssmws/ssm-ws-1.0.wsdl"

xmlns="http://www.w3.org/2001/XMLSchema"

xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"

xmlns:ssm="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd"

xmlns:tns="http://security.bea.com/ssmws/ssm-ws-1.0.wsdl"

xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"

xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines SOAP WebService public interface for SSM component.</wsdl:documentation>



<!-- WSDL Types Section -->

<wsdl:types>



<xsd:import namespace="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd" schemaLocation="ssm-soap-types.xsd"/>



</wsdl:types>



<!-- WSDL Messages Section -->



<wsdl:message name="serviceFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports a generic server-side error.</wsdl:documentation>

<wsdl:part element="ssm:serviceFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Generic error information</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="authenticationFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports an authentication error.</wsdl:documentation>

<wsdl:part element="ssm:authenticationFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authentication error information.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="authorizationFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports an authorization error.</wsdl:documentation>

<wsdl:part element="ssm:authorizationFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization error information.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="credentialMappingFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports a credential mapping error.</wsdl:documentation>

<wsdl:part element="ssm:credentialMappingFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Credential mapping error information.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="roleMappingFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports a role mapping error.</wsdl:documentation>

<wsdl:part element="ssm:roleMappingFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Role mapping error information.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="auditingFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports an auduting error.</wsdl:documentation>

<wsdl:part element="ssm:auditingFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Auditing error information.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="registryFault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Reports a registry error.</wsdl:documentation>

<wsdl:part element="ssm:registryFailure" name="fault">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Registry error information.</wsdl:documentation>

</wsdl:part>

</wsdl:message>



<wsdl:message name="authenticateRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to authenticate a user. Accepts any credential type supported by the authentication provider or a response to an earlier authentication challenge, and, optionally, the type of requested identity assertion that represents the identity and application context of the authenticated user.</wsdl:documentation>

<wsdl:part element="ssm:authenticate" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for authenticate operation</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="authenticateResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user's authentication. Returns either the requested identity assertion token, an authentication challenge, or additional context requests, if a challenge is required by the specific authentication provider or the authentication protocol.</wsdl:documentation>

<wsdl:part element="ssm:authenticateResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies authentication response</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="assertIdentityRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to assert user's identity. Accepts any supported identity assertion type or a response to an earlier authentication challenge, and, optionally, the type of requested identity assertion that represents the identity and application context of the authenticated user.</wsdl:documentation>

<wsdl:part element="ssm:assertIdentity" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for assertIdentity operation</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="assertIdentityResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user's authentication. Returns either the requested identity assertion token, an authentication challenge, or additional context requests, if required by the specific authentication provider or the authentication protocol.</wsdl:documentation>

<wsdl:part element="ssm:assertIdentityResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies authentication response</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getServiceTypeRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to get service type. Takes an empty request.</wsdl:documentation>

<wsdl:part element="ssm:getServiceType" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for getServiceType operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getServiceTypeResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response containing service's type. Returns a structure that contains the service. The Web Services SSM supports five security service types: authentication, auditing, authorization, credential mapping, and role mapping.</wsdl:documentation>

<wsdl:part element="ssm:getServiceTypeResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains the service type.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getVersionRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to get service version. Takes an empty request.</wsdl:documentation>

<wsdl:part element="ssm:getVersion" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the getVersion operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getVersionResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response containing service version. Returns a structure that contains the version of the service.</wsdl:documentation>

<wsdl:part element="ssm:getVersionResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains the service version.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAssertionTokenSupportedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to check for of the assertion token type. Accepts the token type of the identity assertion token that represents the identity of the authenticated user.</wsdl:documentation>

<wsdl:part element="ssm:isAssertionTokenSupported" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the isAssertionTokenSupported operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAssertionTokenSupportedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response about assertion token support. Returns a Boolean value (true or false) to indicate whether this token is supported by this instance of the Security Service Module.</wsdl:documentation>

<wsdl:part element="ssm:isAssertionTokenSupportedResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Indicates whether an token type is supported.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isCompatibleRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to check service compatibility. Accepts service version information. You use this method to determine whether the version of the service interface specified in the web services client is compatible with the current version of the service interface in the instance of the Security Service Module.</wsdl:documentation>

<wsdl:part element="ssm:isCompatible" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the isCompatible operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isCompatibleResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response about service compatibility. Returns compatibility information.</wsdl:documentation>

<wsdl:part element="ssm:isCompatibleResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Specifies service's compatibility.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="validateIdentityRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to verify assertion token. Accepts any supported identity assertion type that represents the identity of the authenticated user.</wsdl:documentation>

<wsdl:part element="ssm:validateIdentity" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for validateIdentity operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="validateIdentityResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response about assertion token validity. Returns a structure with a Boolean value (true or false) that indicates the authenticity of the token.</wsdl:documentation>

<wsdl:part element="ssm:validateIdentityResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Specifies assertion token's validity.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAccessAllowedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to authorize user access. Accepts a supported type of an identity assertion token, and a runtime resource and action structures. Optionally, it can accept type of the requested identity assertion token, (representing the authenticated user's identity), application context, and authorization direction parameters.</wsdl:documentation>

<wsdl:part element="ssm:isAccessAllowed" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the isAccessAllowed operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAccessAllowedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user authorization. Returns the authorization decision (optionally accompanied by the time-to-live (TTL) value), an identity Assertion token, and a list of user roles, or, if required by the authorization provider, additional context requests.</wsdl:documentation>

<wsdl:part element="ssm:isAccessAllowedResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies authorization response.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAccessAllowedDebugRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug request to authorize user access. Accepts a supported type of an identity assertion token, and a runtime resource and action structures. Optionally, it can accept type of the requested identity assertion token, (representing the authenticated user's identity), application context.</wsdl:documentation>

<wsdl:part element="ssm:isAccessAllowedDebug" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the isAccessAllowed_Debug operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAccessAllowedDebugResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug response from user authorization. Returns the authorization decision, evaluation debug information, (optionally accompanied by the time-to-live (TTL) value), an identity Assertion token, and a list of user roles, or, if required by the authorization provider, additional context requests.</wsdl:documentation>

<wsdl:part element="ssm:isAccessAllowedDebugResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies debug authorization response.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getRolesDebugRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug request for user roles. Accepts a supported type of an identity token, and, optionally, runtime resource and action structures and an application context.</wsdl:documentation>

<wsdl:part element="ssm:getRolesDebug" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for getRoles operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getRolesDebugResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug response with user roles. Returns either a list of user roles associated for the identity or, if such is required by the Role Mapping provider, additional context requests and evaluation debug information. If the identity provided is invalid or not properly authenticated, this method returns a SOAP fault.</wsdl:documentation>

<wsdl:part element="ssm:getRolesDebugResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains the requested user roles.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isBulkAccessAllowedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to bulk authorize user access. Accepts a supported type of an identity assertion token, and a list of runtime resource and action structures. Optionally, it can accept type of the requested identity assertion token, (representing the authenticated user's identity), application context, and authorization direction parameters.</wsdl:documentation>

<wsdl:part element="ssm:isBulkAccessAllowed" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the isBulkAccessAllowed operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isBulkAccessAllowedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user authorization. Returns a list of the following information, the authorization decision (optionally accompanied by the time-to-live (TTL) value), an identity Assertion token, and a list of user roles, or, if required by the authorization provider, additional context requests.</wsdl:documentation>

<wsdl:part element="ssm:isBulkAccessAllowedResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies bulk authorization response.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isChildResourceAccessAllowedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to bulk authorize (child resources) user access. Accepts a supported type of an identity assertion token, and a runtime resource and action structures. Optionally, it can accept type of the requested identity assertion token, (representing the authenticated user's identity), application context, and authorization direction parameters.</wsdl:documentation>

<wsdl:part element="ssm:isChildResourceAccessAllowed" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the isChildResourceAccessAllowed operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isChildResourceAccessAllowedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user authorization. Returns a list of the following information, authorization decision (optionally accompanied by the time-to-live (TTL) value), an identity Assertion token, and a list of user roles, or, if required by the authorization provider, additional context requests.</wsdl:documentation>

<wsdl:part element="ssm:isChildResourceAccessAllowedResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies bulk authorization (child resources) response.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="queryActionsOnResourceRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to query actions on resource. Accepts a supported type of an identity assertion token, and a runtime resource. Optionally, it can accept requested actions, application context parameters.</wsdl:documentation>

<wsdl:part element="ssm:queryActionsOnResource" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the queryActionsOnResource operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="queryActionsOnResourceResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user authorization. Returns the allowed and denied actions</wsdl:documentation>

<wsdl:part element="ssm:queryActionsOnResourceResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies query actions on resource response.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="queryActionsOnChildResourceRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to query actions on resource clipping node and all child resource nodes. Accepts a supported type of an identity assertion token, and a runtime resource clipping node. Optionally, it can accept requested actions, application context parameters.</wsdl:documentation>

<wsdl:part element="ssm:queryActionsOnChildResource" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the queryActionsOnChildResource operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="queryActionsOnChildResourceResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response from user authorization. Returns the allowed and denied actions for the resource and the children of that resource</wsdl:documentation>

<wsdl:part element="ssm:queryActionsOnChildResourceResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies response for query actions on resource clipping node and all child resource nodes.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAuthenticationRequiredRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to check whether a resource is protected. Accepts a runtime resource and a runtime action.</wsdl:documentation>

<wsdl:part element="ssm:isAuthenticationRequired" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for isAuthenticationRequired operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="isAuthenticationRequiredResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response whether authentication is required. Returns a Boolean value (true or false) that indicates whether authentication is require to access this resource. The web services client uses this method to test whether privileges are required to access a particular resource.</wsdl:documentation>

<wsdl:part element="ssm:isAuthenticationRequiredResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Identifies authentication requirements for a resource.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getCredentialsRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for credentials mapping. Accepts a supported type of an identity assertion token and a list of requested credential types. Optionally, this method can accept an identity assertion token that represents the identity of a different user and a runtime resource structure, which includes the requested resource and action and the application context.</wsdl:documentation>

<wsdl:part element="ssm:getCredentials" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for the getCredentials operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getCredentialsResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with requested credentials. Returns either a list of requested user credentials, identity assertion tokens, or, if required by the ALES Credential Mapping provider, context requests.</wsdl:documentation>

<wsdl:part element="ssm:getCredentialsResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains the requested user credentials.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getRolesRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for user roles. Accepts a supported type of an identity token, and, optionally, runtime resource and action structures and an application context.</wsdl:documentation>

<wsdl:part element="ssm:getRoles" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for getRoles operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getRolesResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with user roles. Returns either a list of user roles associated for the identity or, if such is required by the Role Mapping provider, additional context requests. If the identity provided is invalid or not properly authenticated, this method returns a SOAP fault.</wsdl:documentation>

<wsdl:part element="ssm:getRolesResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains the requested user roles.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="recordEventRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to record auditing message. Accepts an audit record, and, optionally, an identity assertion token, representing the auditing user, and an application context. Returns either an empty response or, if required by the provider, additional context requests.</wsdl:documentation>

<wsdl:part element="ssm:recordEvent" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for recordEvent operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="recordEventResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Returns a Boolean value (true or false) confirming recording an audit event.</wsdl:documentation>

<wsdl:part element="ssm:recordEventResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains True or false.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="locateServiceRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service URL. Accepts the requested service type and SSM Configuration ID of the Web Services SSM that provides the service.</wsdl:documentation>

<wsdl:part element="ssm:locateService" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for locateService operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="locateServiceResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with service's URL. Returns the fully qualified URL for the endpoint of the requested service.</wsdl:documentation>

<wsdl:part element="ssm:locateServiceResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains requested service's URL.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="doesServiceExistRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to check the existence of the service. Accepts the requested service type and SSM Configuration ID of the Web Services Security Service Module that provides the service.</wsdl:documentation>

<wsdl:part element="ssm:doesServiceExist" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input parameters for doesServiceExist operation.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="doesServiceExistResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response inidicating whether the service exists. Returns a Boolean value (true or false) that indicates whether the service exists and can be requested.</wsdl:documentation>

<wsdl:part element="ssm:doesServiceExistResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Contains True or false.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getParameterValueRequest">

<wsdl:part element="ssm:getParameterValue" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Name of the requested parameter.</wsdl:documentation>

</wsdl:part>

</wsdl:message>

<wsdl:message name="getParameterValueResponse">

<wsdl:part element="ssm:getParameterValueResponse" name="parameters">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">The requested parameter value.</wsdl:documentation>

</wsdl:part>

</wsdl:message>



<!-- WSDL Ports Section -->



<wsdl:portType name="AuthenticationPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines authentication operations.</wsdl:documentation>

<wsdl:operation name="authenticate">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the authentication method.</wsdl:documentation>

<wsdl:input message="tns:authenticateRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authentication request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:authenticateResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authentication response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authenticationFault" message="tns:authenticationFault" />

</wsdl:operation>

<wsdl:operation name="assertIdentity">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the identity assertion method.</wsdl:documentation>

<wsdl:input message="tns:assertIdentityRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Assertion request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:assertIdentityResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Assertion response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authenticationFault" message="tns:authenticationFault" />

</wsdl:operation>

<wsdl:operation name="isAssertionTokenSupported">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether an assertion token type is supported.</wsdl:documentation>

<wsdl:input message="tns:isAssertionTokenSupportedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for support check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isAssertionTokenSupportedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating token type support.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authenticationFault" message="tns:authenticationFault" />

</wsdl:operation>

<wsdl:operation name="validateIdentity">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Validates identity token.</wsdl:documentation>

<wsdl:input message="tns:validateIdentityRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for validating identity token.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:validateIdentityResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating token validity.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service type.</wsdl:documentation>

<wsdl:input message="tns:getServiceTypeRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service type.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getServiceTypeResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with service type.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service version.</wsdl:documentation>

<wsdl:input message="tns:getVersionRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service version.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getVersionResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with service version.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether the service version is compatible.</wsdl:documentation>

<wsdl:input message="tns:isCompatibleRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for compatibility check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isCompatibleResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating compatibility.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

</wsdl:portType>

<wsdl:portType name="AuthorizationPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines authorization operations.</wsdl:documentation>

<wsdl:operation name="isAccessAllowed">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the access control method.</wsdl:documentation>

<wsdl:input message="tns:isAccessAllowedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isAccessAllowedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

<wsdl:operation name="isAccessAllowed_Debug">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the debug access control method.</wsdl:documentation>

<wsdl:input message="tns:isAccessAllowedDebugRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug Authorization request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isAccessAllowedDebugResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug Authorization response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

<wsdl:operation name="isBulkAccessAllowed">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the access control method.</wsdl:documentation>

<wsdl:input message="tns:isBulkAccessAllowedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isBulkAccessAllowedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

<wsdl:operation name="isChildResourceAccessAllowed">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the access control method.</wsdl:documentation>

<wsdl:input message="tns:isChildResourceAccessAllowedRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isChildResourceAccessAllowedResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Authorization response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

<wsdl:operation name="isAuthenticationRequired">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether authentication is required on a resource.</wsdl:documentation>

<wsdl:input message="tns:isAuthenticationRequiredRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request to check resource protection.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isAuthenticationRequiredResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating whether a resource is protected.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service type.</wsdl:documentation>

<wsdl:input message="tns:getServiceTypeRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service type.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getServiceTypeResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with service type.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service version.</wsdl:documentation>

<wsdl:input message="tns:getVersionRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service version.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getVersionResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with service version.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether the service version is compatible.</wsdl:documentation>

<wsdl:input message="tns:isCompatibleRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for compatibility check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isCompatibleResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating compatibility.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="queryActionsOnResource">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the query actions on resource method.</wsdl:documentation>

<wsdl:input message="tns:queryActionsOnResourceRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Query actions on resource request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:queryActionsOnResourceResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Query actions on resource response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

<wsdl:operation name="queryActionsOnChildResource">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the query actions on child resource method.</wsdl:documentation>

<wsdl:input message="tns:queryActionsOnChildResourceRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Query actions on child resource request input.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:queryActionsOnChildResourceResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Query actions on child resource response result.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="authorizationFault" message="tns:authorizationFault" />

</wsdl:operation>

</wsdl:portType>

<wsdl:portType name="CredentialMappingPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines credential mapping operations.</wsdl:documentation>

<wsdl:operation name="getCredentials">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the method for mapping credentials.</wsdl:documentation>

<wsdl:input message="tns:getCredentialsRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for credentials maping.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getCredentialsResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Credential mapping results.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="credentialMappingFault" message="tns:credentialMappingFault" />

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service type.</wsdl:documentation>

<wsdl:input message="tns:getServiceTypeRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service type.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getServiceTypeResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with service type.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service version.</wsdl:documentation>

<wsdl:input message="tns:getVersionRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for the service version.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getVersionResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with the service version.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether the service version is compatible.</wsdl:documentation>

<wsdl:input message="tns:isCompatibleRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for compatibility check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isCompatibleResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating compatibility.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

</wsdl:portType>

<wsdl:portType name="RoleMappingPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the role mapping operations.</wsdl:documentation>

<wsdl:operation name="getRoles">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the method for mapping roles.</wsdl:documentation>

<wsdl:input message="tns:getRolesRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for roles maping.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getRolesResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Role mapping results.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="roleMappingFault" message="tns:roleMappingFault" />

</wsdl:operation>

<wsdl:operation name="getRoles_Debug">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the debug method for mapping roles.</wsdl:documentation>

<wsdl:input message="tns:getRolesDebugRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for debug roles maping.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getRolesDebugResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Debug role mapping results.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="roleMappingFault" message="tns:roleMappingFault" />

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service type.</wsdl:documentation>

<wsdl:input message="tns:getServiceTypeRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for the service type.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getServiceTypeResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with the service type.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service version.</wsdl:documentation>

<wsdl:input message="tns:getVersionRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for the service version.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getVersionResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with the service version.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether the service version is compatible.</wsdl:documentation>

<wsdl:input message="tns:isCompatibleRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for compatibility check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isCompatibleResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating compatibility.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

</wsdl:portType>

<wsdl:portType name="AuditingPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines auditing operations.</wsdl:documentation>

<wsdl:operation name="recordEvent">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the method for recording an audit event.</wsdl:documentation>

<wsdl:input message="tns:recordEventRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input for recording an audit event.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:recordEventResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with true or false.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="auditingFault" message="tns:auditingFault" />

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service type.</wsdl:documentation>

<wsdl:input message="tns:getServiceTypeRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for the service type.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getServiceTypeResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with the service type.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains the service version.</wsdl:documentation>

<wsdl:input message="tns:getVersionRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for the service version.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getVersionResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with the service version.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether the service version is compatible.</wsdl:documentation>

<wsdl:input message="tns:isCompatibleRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for a compatibility check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:isCompatibleResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response indicating compatibility.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

</wsdl:operation>

</wsdl:portType>

<wsdl:portType name="ServiceRegistryPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the service registry operations.</wsdl:documentation>

<wsdl:operation name="locateService">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the method for locating a service by service type.</wsdl:documentation>

<wsdl:input message="tns:locateServiceRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Input for locating a service.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:locateServiceResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with the service URL.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="registryFault" message="tns:registryFault" />

</wsdl:operation>

<wsdl:operation name="doesServiceExist">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Checks whether a service of this service type exists.</wsdl:documentation>

<wsdl:input message="tns:doesServiceExistRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Request for service check.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:doesServiceExistResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Response with true or false.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="registryFault" message="tns:registryFault" />

</wsdl:operation>

</wsdl:portType>

<wsdl:portType name="ManagementPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines management operations.</wsdl:documentation>

<wsdl:operation name="getParameterValue">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Obtains value of a requested parameter</wsdl:documentation>

<wsdl:input message="tns:getParameterValueRequest">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Name of the requested parameter.</wsdl:documentation>

</wsdl:input>

<wsdl:output message="tns:getParameterValueResponse">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">The requested parameter value.</wsdl:documentation>

</wsdl:output>

<wsdl:fault name="serviceFault" message="tns:serviceFault" />

<wsdl:fault name="credentialMappingFault" message="tns:credentialMappingFault" />

</wsdl:operation>

</wsdl:portType>



<!-- WSDL Bindings Section -->



<wsdl:binding name="AuthenticationBinding" type="tns:AuthenticationPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Authentication</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="authenticate">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the authentication method</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#authenticate"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authenticationFault">

<soap:fault name="authenticationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="assertIdentity">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the assertIdentity method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#assertIdentity"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authenticationFault">

<soap:fault name="authenticationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isAssertionTokenSupported">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isAssertionTokenSupported method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#isAssertionTokenSupported"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authenticationFault">

<soap:fault name="authenticationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="validateIdentity">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the validateIdentity method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#validateIdentity"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getServiceType method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#getServiceType"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getVersion method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#getVersion"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isCompatible method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authentication#isCompatible"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>

<wsdl:binding name="AuthorizationBinding" type="tns:AuthorizationPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Authorization</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="isAccessAllowed">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the isAccessAllowed method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#isAccessAllowed"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isAccessAllowed_Debug">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the isAccessAllowed_Debug method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#isAccessAllowed_Debug"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isBulkAccessAllowed">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the isBulkAccessAllowed method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#isBulkAccessAllowed"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isChildResourceAccessAllowed">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the isChildResourceAccessAllowed method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#isChildResourceAccessAllowed"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isAuthenticationRequired">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isAuthenticationRequired method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#isAuthenticationRequired"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getServiceType method.s</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#getServiceType"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getVersion method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#getVersion"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isCompatible method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#isCompatible"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="queryActionsOnResource">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the queryActionsOnResource method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#queryActionsOnResource"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="queryActionsOnChildResource">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines binding for the queryActionsOnChildResource method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Authorization#queryActionsOnChildResource"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="authorizationFault">

<soap:fault name="authorizationFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>

<wsdl:binding name="CredentialMappingBinding" type="tns:CredentialMappingPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Credential mapping</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="getCredentials">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getCredentials method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:CredentialMapping#getCredentials"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="credentialMappingFault">

<soap:fault name="credentialMappingFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getServiceType method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:CredentialMapping#getServiceType"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getVersion method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:CredentialMapping#getVersion"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isCompatible method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:CredentialMapping#isCompatible"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>

<wsdl:binding name="RoleMappingBinding" type="tns:RoleMappingPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Role mapping</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="getRoles">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getRoles method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:RoleMapping#getRoles"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="roleMappingFault">

<soap:fault name="roleMappingFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getRoles_Debug">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getRoles_Debug method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:RoleMapping#getRoles_Debug"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="roleMappingFault">

<soap:fault name="roleMappingFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getServiceType method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:RoleMapping#getServiceType"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getVersion method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:RoleMapping#getVersion"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isCompatible method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:RoleMapping#isCompatible"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>

<wsdl:binding name="AuditingBinding" type="tns:AuditingPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Auditing</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="recordEvent">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the recordEvent method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Auditing#recordEvent"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="auditingFault">

<soap:fault name="auditingFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getServiceType">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getServiceType method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Auditing#getServiceType"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="getVersion">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getVersion method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Auditing#getVersion"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="isCompatible">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the isCompatible method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Auditing#isCompatible"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>

<wsdl:binding name="ServiceRegistryBinding" type="tns:ServiceRegistryPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Service manager</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="locateService">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the locateService method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:ServiceRegistry#locateService"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="registryFault">

<soap:fault name="registryFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

<wsdl:operation name="doesServiceExist">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the doesServiceExist method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:ServiceRegistry#doesServiceExist"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

<wsdl:fault name="registryFault">

<soap:fault name="registryFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>

<wsdl:binding name="ManagementBinding" type="tns:ManagementPort">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">SOAP/HTTP binding for Management</wsdl:documentation>

<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="getParameterValue">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines the binding for the getParameterValue method.</wsdl:documentation>

<soap:operation soapAction="security:ssmws:Management#getParameterValue"/>

<wsdl:input>

<soap:body use="literal"/>

</wsdl:input>

<wsdl:output>

<soap:body use="literal"/>

</wsdl:output>

<wsdl:fault name="serviceFault">

<soap:fault name="serviceFault" use="literal"/>

</wsdl:fault>

</wsdl:operation>

</wsdl:binding>



<!-- WSDL Services Section -->



<wsdl:service name="Ssmws">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Defines an instance of SSM Web Service</wsdl:documentation>

<wsdl:port binding="tns:AuthenticationBinding" name="Authentication">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the Authentication Web service on the specified HTTP port.</wsdl:documentation>

<soap:address location="http://Authentication"/>

</wsdl:port>

<wsdl:port binding="tns:AuthorizationBinding" name="Authorization">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the Authorization Web service on the specified HTTP port</wsdl:documentation>

<soap:address location="http://Authorization"/>

</wsdl:port>

<wsdl:port binding="tns:CredentialMappingBinding" name="CredentialMapping">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the CredentialMapping web service on the specified HTTP port.</wsdl:documentation>

<soap:address location="http://CredentialMapping"/>

</wsdl:port>

<wsdl:port binding="tns:RoleMappingBinding" name="RoleMapping">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the RoleMapping web service on the specified HTTP port.</wsdl:documentation>

<soap:address location="http://RoleMapping"/>

</wsdl:port>

<wsdl:port binding="tns:AuditingBinding" name="Auditing">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the Auditing web service on the specified HTTP port.</wsdl:documentation>

<soap:address location="http://Auditing"/>

</wsdl:port>

<wsdl:port binding="tns:ServiceRegistryBinding" name="ServiceRegistry">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the ServiceRegistry web service on the specified HTTP port.</wsdl:documentation>

<soap:address location="http://ServiceRegistry"/>

</wsdl:port>

<wsdl:port binding="tns:ManagementBinding" name="Management">

<wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Exposes the management Web service on the specified HTTP port</wsdl:documentation>

<soap:address location="http://Management"/>

</wsdl:port>

</wsdl:service>



</wsdl:definitions>

ssm-soap-types.xsd



<?xml version="1.0" encoding="UTF-8"?>



<!--

Main SSM schema; it defines all relevant data structures used in the SSM's public SOAP interface

NOTE: All elements in type declarations are local (no 'ref' attributes) for gSOAP compatibility

-->



<xsd:schema

attributeFormDefault="unqualified"

elementFormDefault="qualified"

targetNamespace="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd"

version="0.1"

xmlns="http://www.w3.org/2001/XMLSchema"

xmlns:ssm="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd"

xmlns:xsd="http://www.w3.org/2001/XMLSchema">



<xsd:simpleType name="ServiceTypeEnum">

<xsd:annotation>

<xsd:documentation>One of the defined SSM services</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:enumeration value="ALES_AUDIT"/>

<xsd:enumeration value="ALES_AUTHENTICATION"/>

<xsd:enumeration value="ALES_AUTHORIZATION"/>

<xsd:enumeration value="ALES_CREDENTIAL"/>

<xsd:enumeration value="ALES_ROLE"/>

<xsd:enumeration value="ALES_MANAGEMENT"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="ServiceCompatibilityEnum">

<xsd:annotation>

<xsd:documentation>Defines service compatibility results</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:enumeration value="ALES_NOT_COMPATIBLE"/>

<xsd:enumeration value="ALES_COMPATIBLE"/>

<xsd:enumeration value="ALES_COMPATIBLE_DEPRECATED"/>

<xsd:enumeration value="ALES_COMPATIBLE_UNKNOWN"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="AtzDirectionEnum">

<xsd:annotation>

<xsd:documentation>Specifies authorization direction</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:enumeration value="ALES_ONCE"/>

<xsd:enumeration value="ALES_POST"/>

<xsd:enumeration value="ALES_PRIOR"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="AuditSeverityEnum">

<xsd:annotation>

<xsd:documentation>Specifies severity of an audit record</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:enumeration value="ALES_AUDIT_FAILURE"/>

<xsd:enumeration value="ALES_ERROR"/>

<xsd:enumeration value="ALES_FAILURE"/>

<xsd:enumeration value="ALES_INFORMATIONAL"/>

<xsd:enumeration value="ALES_SUCCESS"/>

<xsd:enumeration value="ALES_WARNING"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="TokenEncodingEnum">

<xsd:annotation>

<xsd:documentation>Specifies acceptable token encoding</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:enumeration value="ALES_BASE64"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="CredentialMethodEnum">

<xsd:annotation>

<xsd:documentation>Specifies a supported method of gathering credentials</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:enumeration value="ALES_CHOICE"/>

<xsd:enumeration value="ALES_CONFIRMATION"/>

<xsd:enumeration value="ALES_LANGUAGE"/>

<xsd:enumeration value="ALES_NAME"/>

<xsd:enumeration value="ALES_PASSWORD"/>

<xsd:enumeration value="ALES_TEXTINPUT"/>

<xsd:enumeration value="ALES_TEXTOUTPUT"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="CredentialTypeType">

<xsd:annotation>

<xsd:documentation>Describes names for supported credential types. It can be any non-empty string consisting of any number of alphanumeric characters and separators '.',':','_'</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:pattern value="[A-Za-z][A-Za-z0-9_:\.]*"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="SAMLAssertionType">

<xsd:annotation>

<xsd:documentation>Represents an element for SAML Identity Assertion.</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<maxLength value='32768'/>

</xsd:restriction>

</xsd:simpleType>

<xsd:simpleType name="ALESIdentityAssertionType">

<xsd:annotation>

<xsd:documentation>Represents an element for proprietary ALES Identity Assertion.</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<maxLength value='4096'/>

</xsd:restriction>

</xsd:simpleType>

<xsd:complexType name="IdentityAssertionType">

<xsd:annotation>

<xsd:documentation>

An acceptable user's identity assertion token with an extensibility element.

Name of the passed element should match one of the registered credential types.

Encoding rules are determined by the token type.

</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:any namespace="##any" maxOccurs="1" minOccurs="0" processContents="strict" />

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="CredentialType">

<xsd:annotation>

<xsd:documentation>Additionals types of credentials</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="0" name="Info" type="xsd:string"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="Value" type="xsd:string"/>

</xsd:sequence>

<xsd:attribute name="Type" type="ssm:CredentialMethodEnum"/>

<!--

<xsd:anyAttribute namespace="##other" processContents="lax"/>

-->

</xsd:complexType>

<xsd:complexType name="IdentityCredentialType">

<xsd:annotation>

<xsd:documentation>Acceptable user's credentials</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="Credential" type="ssm:CredentialType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="IdentityRoleType">

<xsd:annotation>

<xsd:documentation>Represents a role assigned to an identity</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="Name" type="xsd:QName"/>

<xsd:element maxOccurs="1" minOccurs="0" name="Description" type="xsd:string"/>

</xsd:sequence>

<!--

<xsd:anyAttribute namespace="##other" processContents="lax"/>

-->

</xsd:complexType>

<xsd:complexType name="IdentityRolesType">

<xsd:annotation>

<xsd:documentation>Represents a role collection</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="Roles" type="ssm:IdentityRoleType"/>

<xsd:element maxOccurs="1" minOccurs="0" name="RolesTtlAdvice" type="xsd:int"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="CredentialTypesType">

<xsd:annotation>

<xsd:documentation>Array of credential types</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="CredentialType" type="ssm:CredentialTypeType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="ChallengeType">

<xsd:annotation>

<xsd:documentation>Challenge for authentication handshake</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="1" name="ChallengeCode" type="xsd:NCName"/>

<xsd:element maxOccurs="1" minOccurs="0" name="ChallengeState" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="0" name="Blob" type="xsd:base64Binary"/>

</xsd:all>

<!--

<xsd:attribute name="Algorithm" type="xsd:QName" use="optional"/>

<xsd:anyAttribute namespace="##other" processContents="lax"/>

-->

</xsd:complexType>

<xsd:complexType name="ContextRequestsType">

<xsd:annotation>

<xsd:documentation>Array of context challenges</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="ContextAttribute" type="xsd:QName"/>

</xsd:sequence>

<!--

<xsd:anyAttribute namespace="##other" processContents="lax"/>

-->

</xsd:complexType>

<xsd:simpleType name="IpType">

<xsd:annotation>

<xsd:documentation>This type represents an IP address XXX.XXX.XXX.XXX</xsd:documentation>

</xsd:annotation>

<xsd:restriction base="xsd:string">

<xsd:pattern value="(\d{1,3}\.){3}\d{1,3}"/>

</xsd:restriction>

</xsd:simpleType>

<xsd:complexType name="ContextRecordType">

<xsd:annotation>

<xsd:documentation>Name/value pair to pass context data</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="RecordName" type="xsd:QName"/>

<xsd:choice>

<xsd:element maxOccurs="1" minOccurs="1" name="StringValue" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="BoolValue" type="xsd:boolean"/>

<xsd:element maxOccurs="1" minOccurs="1" name="DateTimeValue" type="xsd:dateTime"/>

<xsd:element maxOccurs="1" minOccurs="1" name="TimeValue" type="xsd:time"/>

<xsd:element maxOccurs="1" minOccurs="1" name="IntValue" type="xsd:int"/>

<xsd:element maxOccurs="1" minOccurs="1" name="IpValue" type="ssm:IpType"/>

</xsd:choice>

</xsd:sequence>

<!--

<xsd:anyAttribute namespace="##other" processContents="lax"/>

-->

</xsd:complexType>

<xsd:complexType name="ContextType">

<xsd:annotation>

<xsd:documentation>Structure for passing context data</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="Record" type="ssm:ContextRecordType"/>

</xsd:sequence>

<!--

<xsd:attribute name="Type" type="xsd:QName" use="optional"/>

<xsd:anyAttribute namespace="##other" processContents="lax"/>

-->

</xsd:complexType>

<xsd:complexType name="ServiceVersionType">

<xsd:annotation>

<xsd:documentation>Used to pass service version information</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="1" name="MajorVersion" type="xsd:int"/>

<xsd:element maxOccurs="1" minOccurs="1" name="MinorVersion" type="xsd:int"/>

<xsd:element maxOccurs="1" minOccurs="1" name="PatchLevel" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Version" type="xsd:long"/>

</xsd:all>

</xsd:complexType>

<xsd:complexType name="EmptyAttributedType">

<xsd:annotation>

<xsd:documentation>Specifies an empty type with any attribute</xsd:documentation>

</xsd:annotation>

<!--

<xsd:anyAttribute namespace="##any" processContents="lax"/>

-->

</xsd:complexType>

<xsd:complexType name="RuntimeActionType">

<xsd:annotation>

<xsd:documentation>Represents a runtime action</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="1" name="ActionString" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="AuthorityName" type="xsd:string"/>

</xsd:all>

</xsd:complexType>

<xsd:complexType name="RuntimeResourceType">

<xsd:annotation>

<xsd:documentation>Represents a runtime resource</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="1" name="ResourceString" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="AuthorityName" type="xsd:string"/>

</xsd:all>

</xsd:complexType>

<xsd:complexType name="AuditRecordType">

<xsd:annotation>

<xsd:documentation>Represents an audit record</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="1" name="AuthorityName" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Severity" type="ssm:AuditSeverityEnum"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Message" type="xsd:string"/>

</xsd:all>

</xsd:complexType>

<xsd:complexType name="FaultInfoType">

<xsd:annotation>

<xsd:documentation>Represents a server-side error</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="0" name="Description" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="0" name="TextInfo" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="0" name="BinInfo" type="xsd:base64Binary"/>

</xsd:all>

</xsd:complexType>

<xsd:complexType name="AtzDecisionDataType">

<xsd:annotation>

<xsd:documentation>Represents data accompanying authorization decisions</xsd:documentation>

</xsd:annotation>

<xsd:all>

<xsd:element maxOccurs="1" minOccurs="0" name="AtzTtlAdvice" type="xsd:int"/>

<xsd:element maxOccurs="1" minOccurs="0" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="0" name="IdentityRoles" type="ssm:IdentityRolesType"/>

<xsd:element maxOccurs="1" minOccurs="0" name="Responses" type="ssm:ContextType"/>

</xsd:all>

</xsd:complexType>



<!-- Types for "wrapped" document style

NOTE: nillable="true" is used instead of minOccurs="0" to indicate optional elements. This is done to accomodate buggy

implementation of optional parameters in Axis 1.1

-->

<xsd:complexType name="IsCompatibleType">

<xsd:annotation>

<xsd:documentation>Service compatibility check request's wrapper</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="ServiceVersion" type="ssm:ServiceVersionType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AuthenticateType">

<xsd:annotation>

<xsd:documentation>Authentication request's wrapper</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityCredential" type="ssm:IdentityCredentialType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RequestedCredentialType" type="ssm:CredentialTypeType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AssertIdentityType">

<xsd:annotation>

<xsd:documentation>Identity assertion request's wrapper</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedCredentialType" type="ssm:CredentialTypeType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="IsAssertionTokenSupportedType">

<xsd:annotation>

<xsd:documentation>Token type check request's wrapper</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="AssertionCredentialType" type="ssm:CredentialTypeType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="ValidateIdentityType">

<xsd:annotation>

<xsd:documentation>Token validation request's wrapper</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="IsAccessAllowedType">

<xsd:annotation>

<xsd:documentation>Authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedCredentialType" type="ssm:CredentialTypeType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AtzDirection" type="ssm:AtzDirectionEnum"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="IsChildResourceAccessAllowedType">

<xsd:annotation>

<xsd:documentation>Authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="ResourceAction" type="ssm:ResourceActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedCredentialType" type="ssm:CredentialTypeType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="ResourceActionType">

<xsd:annotation>

<xsd:documentation>Resource Action Pair</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="IsBulkAccessAllowedType">

<xsd:annotation>

<xsd:documentation>Bulk Authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="ResourceAction" type="ssm:ResourceActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedCredentialType" type="ssm:CredentialTypeType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="IsAuthenticationRequiredType">

<xsd:annotation>

<xsd:documentation>Request to check whether resource is protected</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="GetCredentialsType">

<xsd:annotation>

<xsd:documentation>Credential mapping request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RequestedCredentialTypes" type="ssm:CredentialTypesType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="GetRolesType">

<xsd:annotation>

<xsd:documentation>Request for user roles</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="RecordEventType">

<xsd:annotation>

<xsd:documentation>Auditing request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="AuditRecord" type="ssm:AuditRecordType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="SsmIdType">

<xsd:annotation>

<xsd:documentation>Service locating request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="ServiceType" type="ssm:ServiceTypeEnum"/>

<xsd:element maxOccurs="1" minOccurs="1" name="SsmId" type="xsd:string"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AuthenticationResultType">

<xsd:annotation>

<xsd:documentation>Response to an authentication request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:choice>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Challenge" type="ssm:ChallengeType" />

</xsd:choice>

<xsd:element maxOccurs="unbounded" minOccurs="1" nillable="true" name="StatusInfo" type="xsd:string"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AuthorizationResultType">

<xsd:annotation>

<xsd:documentation>Response to an authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="AccessAllowed" type="xsd:boolean"/>

<xsd:choice>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AtzDecisionData" type="ssm:AtzDecisionDataType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="ContextRequests" type="ssm:ContextRequestsType"/>

</xsd:choice>

</xsd:sequence>

</xsd:complexType>



<!-- for bulk authorization API -->

<xsd:complexType name="ExtendedAuthorizationResultType">

<xsd:annotation>

<xsd:documentation>Response to a bulk authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AtzResult" type="ssm:AuthorizationResultType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="BulkChildAuthorizationResultType">

<xsd:annotation>

<xsd:documentation>Response to a bulk authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" nillable="true" name="AtzResult" type="ssm:ExtendedAuthorizationResultType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="BulkAuthorizationResultType">

<xsd:annotation>

<xsd:documentation>Response to a bulk authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" nillable="true" name="AtzResult" type="ssm:ExtendedAuthorizationResultType"/>

</xsd:sequence>

</xsd:complexType>





<xsd:complexType name="GetCredentialsResultType">

<xsd:annotation>

<xsd:documentation>Response to a credential mapping request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" nillable="true" name="MissingTypes" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="IdentityCredential" type="ssm:IdentityCredentialType"/>

<xsd:element maxOccurs="unbounded" minOccurs="1" nillable="true" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="DoesServiceExistResponseType">

<xsd:annotation>

<xsd:documentation>Response to an authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="doesServiceExistResponse" type="xsd:boolean"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="getParameterValueType">

<xsd:annotation>

<xsd:documentation>Request parameter of getParameterValue request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="getParameterValue" type="xsd:string"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="getParameterValueResponseType">

<xsd:annotation>

<xsd:documentation>Response to an getParameterValue request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="getParameterValueResponse" type="xsd:string"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="RecordEventResponseType">

<xsd:annotation>

<xsd:documentation>Response to a record event request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="recordEventResponse" type="xsd:boolean"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AuthenticationRequiredResponseType">

<xsd:annotation>

<xsd:documentation>Response to an authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="isAuthenticationRequiredResponse" type="xsd:boolean"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AssertionTokenSupportedResponseType">

<xsd:annotation>

<xsd:documentation>Response to an authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="isAssertionTokenSupportedResponse" type="xsd:boolean"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="ValidateIdentityResponseType">

<xsd:annotation>

<xsd:documentation>Response to an authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="validateIdentityResponse" type="xsd:boolean"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="ComplexAnyURI">

<xsd:annotation>

<xsd:documentation>A complex URI</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="locateServiceResponse" type="xsd:anyURI"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="GetServiceTypeReturnType">

<xsd:annotation>

<xsd:documentation>Return type from the getServiceType method</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="ServiceType" type="ssm:ServiceTypeEnum"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="IsCompatibleReturnType">

<xsd:annotation>

<xsd:documentation>Return type from the isCompatible method</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="Value" type="ssm:ServiceCompatibilityEnum"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="RequestedActionsType">

<xsd:annotation>

<xsd:documentation>Wrapper the requested actions</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="Actions" type="ssm:RuntimeActionType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="QueryActionsOnResourceType">

<xsd:annotation>

<xsd:documentation>Query actions on resource request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedActions" type="ssm:RequestedActionsType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="QueryActionsOnResourceResultType">

<xsd:annotation>

<xsd:documentation>Response to an Query actions on resource request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeEntitlement" type="ssm:RuntimeEntitlementType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="ResponseContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="RuntimeEntitlementType">

<xsd:annotation>

<xsd:documentation>Represents a set of granted and denied actions on a resource</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="GrantedActions" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="DeniedActions" type="ssm:RuntimeActionType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="QueryActionsOnChildResourceType">

<xsd:annotation>

<xsd:documentation>Query actions on child resource request </xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedActions" type="ssm:RequestedActionsType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="QueryActionsOnChildResourceResultType">

<xsd:annotation>

<xsd:documentation>Response to an Query actions on child resource request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="EntitlementList" type="ssm:RuntimeEntitlementType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="ResponseContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>



<xsd:complexType name="ConstraintAttributeType">

<xsd:annotation>

<xsd:documentation>Represents attribute and its value used in a policy constraint</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="Name" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Type" type="xsd:int"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Value" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="DataType" type="xsd:string"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AuthorizationPolicyType">

<xsd:annotation>

<xsd:documentation>Represents evaluated Authorization policy</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="PolicyEvaluationResult" type="xsd:boolean"/>

<xsd:element maxOccurs="1" minOccurs="1" name="PolicyType" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Privilege" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Resource" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Subject" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Constraints" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Delegator" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Notes" type="xsd:string"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="AttributeList" type="ssm:ConstraintAttributeType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="RolePolicyType">

<xsd:annotation>

<xsd:documentation>Represents evaluated Role policy</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="PolicyEvaluationResult" type="xsd:boolean"/>

<xsd:element maxOccurs="1" minOccurs="1" name="PolicyType" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Role" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Resource" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" name="Subject" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Constraints" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Delegator" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="Notes" type="xsd:string"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="AttributeList" type="ssm:ConstraintAttributeType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="UserInfoType">

<xsd:annotation>

<xsd:documentation>Information about "user" making request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="QualifiedGroupNameList" type="xsd:string"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="QualifiedUserName" type="xsd:string"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="DebugInfoType">

<xsd:annotation>

<xsd:documentation>Store the evaluation results for Authorization and user roles request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="AuthorizationPolicyList" type="ssm:AuthorizationPolicyType"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="GrantedRoleList" type="xsd:string"/>

<xsd:element maxOccurs="unbounded" minOccurs="0" name="RolePolicyList" type="ssm:RolePolicyType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="UserInfo" type="ssm:UserInfoType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="ResourceLocated" type="xsd:boolean"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="IsAccessAllowedDebugType">

<xsd:annotation>

<xsd:documentation>Debug Authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="RequestedCredentialType" type="ssm:CredentialTypeType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="AuthorizationDebugResultType">

<xsd:annotation>

<xsd:documentation>Response to a debug authorization request</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="AccessAllowed" type="xsd:boolean"/>

<xsd:choice>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AtzDecisionData" type="ssm:AtzDecisionDataType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="ContextRequests" type="ssm:ContextRequestsType"/>

</xsd:choice>

<xsd:element maxOccurs="1" minOccurs="1" name="DebugInfo" type="ssm:DebugInfoType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="GetRolesDebugType">

<xsd:annotation>

<xsd:documentation>Debug request for user roles</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="1" minOccurs="1" name="IdentityAssertion" type="ssm:IdentityAssertionType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeResource" type="ssm:RuntimeResourceType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="RuntimeAction" type="ssm:RuntimeActionType"/>

<xsd:element maxOccurs="1" minOccurs="1" nillable="true" name="AppContext" type="ssm:ContextType"/>

</xsd:sequence>

</xsd:complexType>

<xsd:complexType name="GetRolesDebugResponseType">

<xsd:annotation>

<xsd:documentation>Represents a role collection</xsd:documentation>

</xsd:annotation>

<xsd:sequence>

<xsd:element maxOccurs="unbounded" minOccurs="1" name="Roles" type="ssm:IdentityRoleType"/>

<xsd:element maxOccurs="1" minOccurs="1" name="DebugInfo" type="ssm:DebugInfoType"/>

<xsd:element maxOccurs="1" minOccurs="0" name="RolesTtlAdvice" type="xsd:int"/>

</xsd:sequence>

</xsd:complexType>



<!-- Elements for "wrapped" document style -->

<xsd:element name="getServiceType" type="ssm:EmptyAttributedType"/>

<xsd:element name="getVersion" type="ssm:EmptyAttributedType"/>

<xsd:element name="isCompatible" type="ssm:IsCompatibleType"/>

<xsd:element name="authenticate" type="ssm:AuthenticateType"/>

<xsd:element name="assertIdentity" type="ssm:AssertIdentityType"/>

<xsd:element name="isAssertionTokenSupported" type="ssm:IsAssertionTokenSupportedType"/>

<xsd:element name="validateIdentity" type="ssm:ValidateIdentityType"/>

<xsd:element name="isAccessAllowed" type="ssm:IsAccessAllowedType"/>

<xsd:element name="isAuthenticationRequired" type="ssm:IsAuthenticationRequiredType"/>

<xsd:element name="getCredentials" type="ssm:GetCredentialsType"/>

<xsd:element name="getRoles" type="ssm:GetRolesType"/>

<xsd:element name="recordEvent" type="ssm:RecordEventType"/>

<xsd:element name="locateService" type="ssm:SsmIdType"/>

<xsd:element name="doesServiceExist" type="ssm:SsmIdType"/>

<xsd:element name="getServiceTypeResponse" type="ssm:GetServiceTypeReturnType"/>

<xsd:element name="getVersionResponse" type="ssm:ServiceVersionType"/>

<xsd:element name="isCompatibleResponse" type="ssm:IsCompatibleReturnType"/>

<xsd:element name="authenticateResponse" type="ssm:AuthenticationResultType"/>

<xsd:element name="assertIdentityResponse" type="ssm:AuthenticationResultType"/>

<xsd:element name="isAssertionTokenSupportedResponse" type="ssm:AssertionTokenSupportedResponseType"/>

<xsd:element name="validateIdentityResponse" type="ssm:ValidateIdentityResponseType"/>

<xsd:element name="isAccessAllowedResponse" type="ssm:AuthorizationResultType"/>

<xsd:element name="isAuthenticationRequiredResponse" type="ssm:AuthenticationRequiredResponseType"/>

<xsd:element name="getCredentialsResponse" type="ssm:GetCredentialsResultType"/>

<xsd:element name="getRolesResponse" type="ssm:IdentityRolesType"/>

<xsd:element name="locateServiceResponse" type="ssm:ComplexAnyURI"/>

<xsd:element name="doesServiceExistResponse" type="ssm:DoesServiceExistResponseType"/>

<xsd:element name="recordEventResponse" type="ssm:RecordEventResponseType"/>

<xsd:element name="getParameterValue" type="ssm:getParameterValueType"/>

<xsd:element name="getParameterValueResponse" type="ssm:getParameterValueResponseType"/>

<xsd:element name="queryActionsOnResource" type="ssm:QueryActionsOnResourceType"/>

<xsd:element name="queryActionsOnChildResource" type="ssm:QueryActionsOnChildResourceType"/>

<xsd:element name="queryActionsOnResourceResponse" type="ssm:QueryActionsOnResourceResultType"/>

<xsd:element name="queryActionsOnChildResourceResponse" type="ssm:QueryActionsOnChildResourceResultType"/>



<xsd:element name="serviceFailure" type="ssm:FaultInfoType"/>

<xsd:element name="authenticationFailure" type="ssm:FaultInfoType"/>

<xsd:element name="authorizationFailure" type="ssm:FaultInfoType"/>

<xsd:element name="credentialMappingFailure" type="ssm:FaultInfoType"/>

<xsd:element name="roleMappingFailure" type="ssm:FaultInfoType"/>

<xsd:element name="auditingFailure" type="ssm:FaultInfoType"/>

<xsd:element name="registryFailure" type="ssm:FaultInfoType"/>

<xsd:element name="xacmlFailure" type="ssm:FaultInfoType"/>



<!-- for bulk authorization API -->

<xsd:element name="isBulkAccessAllowed" type="ssm:IsBulkAccessAllowedType"/>

<xsd:element name="isBulkAccessAllowedResponse" type="ssm:BulkAuthorizationResultType"/>

<xsd:element name="isChildResourceAccessAllowed" type="ssm:IsChildResourceAccessAllowedType"/>

<xsd:element name="isChildResourceAccessAllowedResponse" type="ssm:BulkChildAuthorizationResultType"/>



<!-- for debug authorization and get roles API -->

<xsd:element name="isAccessAllowedDebug" type="ssm:IsAccessAllowedDebugType"/>

<xsd:element name="isAccessAllowedDebugResponse" type="ssm:AuthorizationDebugResultType"/>

<xsd:element name="getRolesDebug" type="ssm:GetRolesDebugType"/>

<xsd:element name="getRolesDebugResponse" type="ssm:GetRolesDebugResponseType"/>



</xsd:schema>

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.