Schema was-global2.xsd

schema location:	C:\Documents and Settings\mark@curphey.com\Desktop\was-global2.xsd
targetNamespace:	http://www.oasis.org/was

Complex types	Simple types
author	attackSurfaceType
date	conditionType
ID	consequenceType
metaData	targetType
profile	ThesaurusGroupType
provider	ThesaurusSubgroupType
restrictions

complexType author

diagram

namespace

http://www.oasis.org/was

Name	Type	Use	Default	Fixed	Annotation
name	xsd:string	required
email	xsd:string	required
company	xsd:string	optional
address	xsd:string	optional
url	xsd:string	optional

source

<xsd:complexType name="author">
  <xsd:attribute name="name" type="xsd:string" use="required"/>
  <xsd:attribute name="email" type="xsd:string" use="required"/>
  <xsd:attribute name="company" type="xsd:string" use="optional"/>
  <xsd:attribute name="address" type="xsd:string" use="optional"/>
  <xsd:attribute name="url" type="xsd:string" use="optional"/>
</xsd:complexType>

complexType date

diagram

namespace

http://www.oasis.org/was

Name	Type	Use	Default	Fixed	Annotation
dateReleased	xsd:string	required
lastRevised	xsd:string	required

source

<xsd:complexType name="date">
  <xsd:attribute name="dateReleased" type="xsd:string" use="required"/>
  <xsd:attribute name="lastRevised" type="xsd:string" use="required"/>
</xsd:complexType>

complexType ID

diagram

namespace

http://www.oasis.org/was

Name	Type	Use	Default	Fixed	Annotation
authID	xsd:string	required
providerID		required
vendorID		required

source

<xsd:complexType name="ID">
  <xsd:attribute name="authID" type="xsd:string" use="required"/>
  <xsd:attribute name="providerID" use="required"/>
  <xsd:attribute name="vendorID" use="required"/>
</xsd:complexType>

complexType metaData

diagram
namespace	http://www.oasis.org/was
children	ID date author provider restrictions
source	<xsd:complexType name="metaData"> <xsd:sequence> <xsd:element name="ID" type="ID" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file) </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="date" type="date" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo>The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="author" type="author"> <xsd:annotation> <xsd:appinfo>The author element provides a mechanism to reference the original author of the test case. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="provider" type="provider"> <xsd:annotation> <xsd:appinfo>The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="restrictions" type="restrictions"> <xsd:annotation> <xsd:appinfo>The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information. </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType>

element metaData/ID

diagram

namespace

http://www.oasis.org/was

type

attributes

Name	Type	Use	Default	Fixed	Annotation
authID	xsd:string	required
providerID		required
vendorID		required

annotation

appInfo

The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)

source

<xsd:element name="ID" type="ID" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/date

diagram

namespace

http://www.oasis.org/was

type

date

attributes

Name	Type	Use	Default	Fixed	Annotation
dateReleased	xsd:string	required
lastRevised	xsd:string	required

annotation

appInfo

The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months.

source

<xsd:element name="date" type="date" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/author

diagram

namespace

http://www.oasis.org/was

type

author

attributes

Name	Type	Use	Default	Fixed	Annotation
name	xsd:string	required
email	xsd:string	required
company	xsd:string	optional
address	xsd:string	optional
url	xsd:string	optional

annotation

appInfo

The author element provides a mechanism to reference the original author of the test case.

source

<xsd:element name="author" type="author">
  <xsd:annotation>
    <xsd:appinfo>The author element provides a mechanism to reference the original author of the test case.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/provider

diagram

namespace

http://www.oasis.org/was

type

provider

attributes

Name	Type	Use	Default	Fixed	Annotation
email	xsd:string	required
company	xsd:string	required
address	xsd:string	required
url	xsd:string	required

annotation

appInfo

The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures.

source

<xsd:element name="provider" type="provider">
  <xsd:annotation>
    <xsd:appinfo>The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/restrictions

diagram

namespace

http://www.oasis.org/was

type

restrictions

attributes

Name	Type	Use	Default	Fixed	Annotation
license	xsd:string	required
copyrightHolder	xsd:string
copyrightNotice	xsd:string
email	xsd:uri

annotation

appInfo

The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information.

source

<xsd:element name="restrictions" type="restrictions">
  <xsd:annotation>
    <xsd:appinfo>The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

complexType profile

diagram
namespace	http://www.oasis.org/was
children	thesaurusGroup thesaurusSubGroup riskRanking descriptions references attackSurface target consequence condition
source	<xsd:complexType name="profile"> <xsd:sequence> <xsd:element name="thesaurusGroup" type="thesaurusGroup"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="thesaurusSubGroup" type="thesaurusSubGroup"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="riskRanking" type="riskRanking" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file) </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="descriptions" type="descriptions" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="references" type="references"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="attackSurface" type="attackSurface"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="target" type="target"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="consequence" type="consequences"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="condition" type="condition"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType>

element profile/thesaurusGroup

diagram

namespace

http://www.oasis.org/was

<xsd:element name="thesaurusGroup" type="thesaurusGroup">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/thesaurusSubGroup

diagram

namespace

http://www.oasis.org/was

<xsd:element name="thesaurusSubGroup" type="thesaurusSubGroup">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/riskRanking

diagram

namespace

http://www.oasis.org/was

The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)

source

<xsd:element name="riskRanking" type="riskRanking" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/descriptions

diagram

namespace

http://www.oasis.org/was

<xsd:element name="descriptions" type="descriptions" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/references

diagram

namespace

http://www.oasis.org/was

<xsd:element name="references" type="references">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/attackSurface

diagram

namespace

http://www.oasis.org/was

<xsd:element name="attackSurface" type="attackSurface">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/target

diagram

namespace

http://www.oasis.org/was

<xsd:element name="target" type="target">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/consequence

diagram

namespace

http://www.oasis.org/was

<xsd:element name="consequence" type="consequences">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/condition

diagram

namespace

http://www.oasis.org/was

<xsd:element name="condition" type="condition">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

complexType provider

diagram

namespace

http://www.oasis.org/was

Name	Type	Use	Default	Fixed	Annotation
email	xsd:string	required
company	xsd:string	required
address	xsd:string	required
url	xsd:string	required

source

<xsd:complexType name="provider">
  <xsd:attribute name="email" type="xsd:string" use="required"/>
  <xsd:attribute name="company" type="xsd:string" use="required"/>
  <xsd:attribute name="address" type="xsd:string" use="required"/>
  <xsd:attribute name="url" type="xsd:string" use="required"/>
</xsd:complexType>

complexType restrictions

diagram

namespace

http://www.oasis.org/was

used by

element

metaData/restrictions

attributes

Name	Type	Use	Default	Fixed	Annotation
license	xsd:string	required
copyrightHolder	xsd:string
copyrightNotice	xsd:string
email	xsd:uri

source

<xsd:complexType name="restrictions">
  <xsd:attribute name="license" type="xsd:string" use="required"/>
  <xsd:attribute name="copyrightHolder" type="xsd:string"/>
  <xsd:attribute name="copyrightNotice" type="xsd:string"/>
  <xsd:attribute name="email" type="xsd:uri"/>
</xsd:complexType>

simpleType attackSurfaceType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	system boundary
enumeration	component boundary
enumeration	source code

source

<xsd:simpleType name="attackSurfaceType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="system boundary"/>
    <xsd:enumeration value="component boundary"/>
    <xsd:enumeration value="source code"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType conditionType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	authenticated
enumeration	privilege
enumeration	port

source

<xsd:simpleType name="conditionType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="authenticated"/>
    <xsd:enumeration value="privilege"/>
    <xsd:enumeration value="port"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType consequenceType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	denial of service
enumeration	privilege elevation
enumeration	transfer of trust
enumeration	identity impersonation
enumeration	data disclosure
enumeration	security requirements violation

source

<xsd:simpleType name="consequenceType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="denial of service"/>
    <xsd:enumeration value="privilege elevation"/>
    <xsd:enumeration value="transfer of trust"/>
    <xsd:enumeration value="identity impersonation"/>
    <xsd:enumeration value="data disclosure"/>
    <xsd:enumeration value="security requirements violation"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType targetType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	application component
enumeration	infrastructure component
enumeration	end user

source

<xsd:simpleType name="targetType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="application component"/>
    <xsd:enumeration value="infrastructure component"/>
    <xsd:enumeration value="end user"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType ThesaurusGroupType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	access control
enumeration	application configuration management
enumeration	application logic
enumeration	buffer overflow
enumeration	data protection
enumeration	infrastructure configuration management
enumeration	input validation
enumeration	race condition
enumeration	session management
enumeration	user privacy

source

<xsd:simpleType name="ThesaurusGroupType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="access control"/>
    <xsd:enumeration value="application configuration management"/>
    <xsd:enumeration value="application logic"/>
    <xsd:enumeration value="buffer overflow"/>
    <xsd:enumeration value="data protection"/>
    <xsd:enumeration value="infrastructure configuration management"/>
    <xsd:enumeration value="input validation"/>
    <xsd:enumeration value="race condition"/>
    <xsd:enumeration value="session management"/>
    <xsd:enumeration value="user privacy"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType ThesaurusSubgroupType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	authentication
enumeration	authorization
enumeration	parameter manipulation
enumeration	heap overflow
enumeration	stack overflow
enumeration	format string
enumeration	cryptography
enumeration	transport security
enumeration	default configurations
enumeration	security patches
enumeration	administration interface
enumeration	canonicalization
enumeration	os command injection
enumeration	sql injection
enumeration	ldap command injection
enumeration	script injection
enumeration	session timeout
enumeration	session hijacking
enumeration	session fixation

source

<xsd:simpleType name="ThesaurusSubgroupType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="authentication"/>
    <xsd:enumeration value="authorization"/>
    <xsd:enumeration value="parameter manipulation"/>
    <xsd:enumeration value="heap overflow"/>
    <xsd:enumeration value="stack overflow"/>
    <xsd:enumeration value="format string"/>
    <xsd:enumeration value="cryptography"/>
    <xsd:enumeration value="transport security"/>
    <xsd:enumeration value="default configurations"/>
    <xsd:enumeration value="security patches"/>
    <xsd:enumeration value="administration interface"/>
    <xsd:enumeration value="canonicalization"/>
    <xsd:enumeration value="os command injection"/>
    <xsd:enumeration value="sql injection"/>
    <xsd:enumeration value="ldap command injection"/>
    <xsd:enumeration value="script injection"/>
    <xsd:enumeration value="session timeout"/>
    <xsd:enumeration value="session hijacking"/>
    <xsd:enumeration value="session fixation"/>
  </xsd:restriction>
</xsd:simpleType>

XML Schema documentation generated with XMLSPY Schema Editor http://www.altova.com/xmlspy