<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XML Spy v4.1 U (http://www.xmlspy.com) by Tim Moses (private) -->
<!--

Change record: changes made by Tim Moses, date: 10 April 2002.
1. Added the predicate "true" with a single parameter that must be of type boolean.  The function is of type boolean also, it takes the same value as the parameter.
2. Added the attributeFunction "union" with parameters that must be of type "list".  The function is of type list also, it takes the value of the union of the parameters.
3. Added the attributeFunction "intersection" with parameters that must be of type "list".  The function is of type list also, it takes the value of the intersection of the parameters.
4. Added the attributeFunction "setOrder" with a single parameter that must be of type "list".  The function is of type nonNegativeInteger, it takes the value of the number of elements in the parameter.

Change record: changes made by Tim Moses, date: 14 June 2002.
1. Removed policySetName, PolicyName and ruleName elements.
2. Capitalized the first letter of the name of locally-defined attributes and elements.
3. Replaced references to the <saml:Attribute> and <saml:AttributeDesignator> elements to references to the xacml equivalents.

Change record: changes made by Tim Moses, date: 10 July 2002.
1. Redefined FunctionType 

-->
<xs:schema targetNamespace="urn:oasis:names:tc:xacml:0.15g:policy" xmlns:xacml="urn:oasis:names:tc:xacml:0.15g:policy" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" elementFormDefault="qualified" attributeFormDefault="unqualified">
	<xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="D:\My Documents\Standards\Xacml\v15\cs-sstc-schema-assertion-01.xsd"/>
	<!-- -->
	<xs:element name="PolicySetStatement" type="xacml:PolicySetStatementType"/>
	<xs:element name="PolicyStatement" type="xacml:PolicyStatementType"/>
	<xs:element name="Rule" type="xacml:RuleType"/>
	<!-- -->
	<xs:complexType name="PolicySetStatementType">
		<xs:complexContent>
			<xs:extension base="saml:StatementAbstractType">
				<xs:sequence>
					<xs:element name="Description" type="xs:string" minOccurs="0"/>
					<xs:element name="Target" type="xacml:TargetType"/>
					<xs:element name="PolicySet" type="xacml:PolicySetType" maxOccurs="unbounded"/>
					<xs:element name="Obligations" type="xacml:ObligationsType" minOccurs="0"/>
				</xs:sequence>
				<xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/>
				<xs:attribute name="PolicySetName" type="xs:string" use="optional"/>
				<xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="PolicyStatementType">
		<xs:complexContent>
			<xs:extension base="saml:StatementAbstractType">
				<xs:sequence>
					<xs:element name="Description" type="xs:string" minOccurs="0"/>
					<xs:element name="Target" type="xacml:TargetType"/>
					<xs:element name="RuleSet" type="xacml:RuleSetType" maxOccurs="unbounded"/>
					<xs:element name="Obligations" type="xacml:ObligationsType" minOccurs="0"/>
				</xs:sequence>
				<xs:attribute name="PolicyId" type="xs:anyURI" use="required"/>
				<xs:attribute name="PolicyName" type="xs:string" use="optional"/>
				<xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="RuleType">
		<xs:sequence>
			<xs:element name="Description" type="xs:string" minOccurs="0"/>
			<xs:element name="Target" type="xacml:TargetType" minOccurs="0"/>
			<xs:element name="Condition" type="xacml:ConditionType" minOccurs="0"/>
		</xs:sequence>
		<xs:attribute name="RuleId" type="xs:anyURI" use="required"/>
		<xs:attribute name="RuleName" type="xs:string" use="optional"/>
		<xs:attribute name="Effect" type="xacml:DecisionType" use="required"/>
	</xs:complexType>
	<!-- -->
	<xs:simpleType name="DecisionType">
		<xs:restriction base="xs:string">
			<xs:enumeration value="Permit"/>
			<xs:enumeration value="Deny"/>
			<xs:enumeration value="Indeterminate"/>
		</xs:restriction>
	</xs:simpleType>
	<!-- -->
	<xs:complexType name="TargetType">
		<xs:sequence>
			<xs:element name="Subjects" type="xacml:SubjectsType"/>
			<xs:element name="Resources" type="xacml:ResourcesType"/>
			<xs:element name="Actions" type="xacml:ActionsType"/>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="SubjectsType">
		<xs:sequence maxOccurs="unbounded">
			<xs:sequence>
				<xs:element ref="xacml:AttributeDesignator"/>
				<xs:element ref="xacml:Attribute"/>
			</xs:sequence>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="ResourcesType">
		<xs:sequence maxOccurs="unbounded">
			<xs:sequence>
				<xs:element ref="xacml:AttributeDesignator"/>
				<xs:element ref="xacml:Attribute"/>
			</xs:sequence>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="ActionsType">
		<xs:sequence maxOccurs="unbounded">
			<xs:element ref="saml:Action"/>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="ObligationsType">
		<xs:sequence>
			<xs:element name="Obligation" type="xacml:ObligationType" maxOccurs="unbounded"/>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="ObligationType">
		<xs:choice maxOccurs="unbounded">
			<xs:element ref="xacml:AttributeDesignator"/>
			<xs:element ref="xacml:Attribute"/>
		</xs:choice>
		<xs:attribute name="ObligationId" type="xs:anyURI" use="required"/>
		<xs:attribute name="FulfilOn" type="xacml:DecisionType" use="required"/>
	</xs:complexType>
	<!-- -->
	<xs:element name="Function" type="xacml:FunctionType"/>
	<!-- -->
	<xs:complexType name="ConditionType">
		<xs:complexContent>
			<xs:restriction base="xacml:FunctionType">
				<xs:choice maxOccurs="unbounded">
					<xs:element ref="xacml:Function"/>
					<xs:element ref="xacml:Attribute"/>
					<xs:element ref="xacml:AttributeDesignator"/>
				</xs:choice>
				<xs:attribute name="Name" type="xs:anyURI" use="required"/>
				<xs:attribute name="DataType" type="xs:anyURI" fixed="xs:boolean"/>
			</xs:restriction>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="FunctionType">
		<xs:choice maxOccurs="unbounded">
			<xs:element ref="xacml:Function"/>
			<xs:element ref="xacml:Attribute"/>
			<xs:element ref="xacml:AttributeDesignator"/>
		</xs:choice>
		<xs:attribute name="Name" type="xs:anyURI" use="required"/>
		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
		<!-- Legal types for the first and subsequent operands are defined in the accompanying table -->
	</xs:complexType>
	<!-- -->
	<xs:element name="Attribute" type="xacml:AttributeType"/>
	<!-- -->
	<xs:complexType name="AttributeType">
		<xs:sequence>
			<xs:element name="Value" type="xs:anyType"/>
		</xs:sequence>
		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
	</xs:complexType>
	<!-- -->
	<xs:element name="AttributeDesignator" type="xacml:AttributeDesignatorType"/>
	<!-- -->
	<xs:complexType name="AttributeDesignatorType">
		<xs:attribute name="Designator" type="xs:anyURI"/>
		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
		<!-- Designator must be a legal XPath expression over xacmlContext:Request -->
	</xs:complexType>
	<!-- -->
	<xs:complexType name="PolicySetType">
		<xs:choice maxOccurs="unbounded">
			<xs:element ref="xacml:PolicySetStatement"/>
			<xs:element ref="xacml:PolicyStatement"/>
			<xs:element name="PolicySetDesignator" type="xacml:PolicySetDesignatorType"/>
			<xs:element name="PolicyDesignator" type="xacml:PolicyDesignatorType"/>
		</xs:choice>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="PolicySetDesignatorType">
		<xs:sequence>
			<xs:element name="PolicySetId" type="xs:anyURI" minOccurs="0"/>
			<xs:element name="PolicySetAssertion" type="saml:AssertionType"/>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="PolicyDesignatorType">
		<xs:sequence>
			<xs:element name="PolicyId" type="xs:anyURI" minOccurs="0"/>
			<xs:element name="PolicyAssertion" type="saml:AssertionType"/>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="RuleSetType">
		<xs:choice maxOccurs="unbounded">
			<xs:element ref="xacml:Rule"/>
			<xs:element name="RuleDesignator" type="xacml:RuleDesignatorType"/>
		</xs:choice>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="RuleDesignatorType">
		<xs:sequence>
			<xs:element name="RuleId" type="xs:anyURI" minOccurs="0"/>
			<xs:element name="RuleDigest" minOccurs="0">
				<xs:complexType>
					<xs:attribute name="DigestAlgId" type="xs:string" default="SHA-1"/>
					<xs:attribute name="Base64Digest" type="xs:string"/>
				</xs:complexType>
			</xs:element>
		</xs:sequence>
	</xs:complexType>
	<!-- -->
</xs:schema>

