Schema was-global3.xsd

schema location:	C:\Documents and Settings\mark@curphey.com\Desktop\WAS Global\was-global3.xsd
targetNamespace:	http://www.oasis.org/was

Complex types	Simple types
author	attackSurfaceType
copyright	conditionType
date	consequenceType
ID	targetType
license	thesaurusGroup
metaData	thesaurusSubgroup
profile
provider
restrictions
thesaurusReference

complexType author

diagram

namespace

http://www.oasis.org/was

children

name email company address uri

<xsd:complexType name="author">
  <xsd:sequence>
    <xsd:element name="name" type="xsd:string"/>
    <xsd:element name="email" type="xsd:anyURI"/>
    <xsd:element name="company" type="xsd:string"/>
    <xsd:element name="address" type="xsd:string"/>
    <xsd:element name="uri" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element author/name

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="name" type="xsd:string"/>

element author/email

diagram
namespace	http://www.oasis.org/was
type	xsd:anyURI
source	<xsd:element name="email" type="xsd:anyURI"/>

element author/company

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="company" type="xsd:string"/>

element author/address

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="address" type="xsd:string"/>

element author/uri

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="uri" type="xsd:string"/>

complexType copyright

diagram

namespace

http://www.oasis.org/was

children

copyrightHolder copyrightNotice copyrightDate

used by

element

restrictions/copyright

source

<xsd:complexType name="copyright">
  <xsd:sequence>
    <xsd:element name="copyrightHolder" type="xsd:string"/>
    <xsd:element name="copyrightNotice" type="xsd:string"/>
    <xsd:element name="copyrightDate" type="xsd:date"/>
  </xsd:sequence>
</xsd:complexType>

element copyright/copyrightHolder

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="copyrightHolder" type="xsd:string"/>

element copyright/copyrightNotice

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="copyrightNotice" type="xsd:string"/>

element copyright/copyrightDate

diagram
namespace	http://www.oasis.org/was
type	xsd:date
source	<xsd:element name="copyrightDate" type="xsd:date"/>

complexType date

diagram

namespace

http://www.oasis.org/was

children

dateFirstReleased dateLastReleased

<xsd:complexType name="date">
  <xsd:sequence>
    <xsd:element name="dateFirstReleased"/>
    <xsd:element name="dateLastReleased"/>
  </xsd:sequence>
</xsd:complexType>

element date/dateFirstReleased

diagram
namespace	http://www.oasis.org/was
source	<xsd:element name="dateFirstReleased"/>

element date/dateLastReleased

diagram
namespace	http://www.oasis.org/was
source	<xsd:element name="dateLastReleased"/>

complexType ID

diagram

namespace

http://www.oasis.org/was

This element provides a uniquely identifiable key. This would be used as a fast and efficient way for two technolgies sharing the same test case database to exchange information. ie use xsd:was:ID:uid:007

source

<xsd:complexType name="ID">
  <xsd:attribute name="testCaseID" type="xsd:uid" use="required">
    <xsd:annotation>
      <xsd:appinfo>This element provides a uniquely identifiable key. This would be used as a fast and efficient way for two technolgies sharing the same test case database to exchange information. ie use xsd:was:ID:uid:007
					</xsd:appinfo>
    </xsd:annotation>
  </xsd:attribute>
</xsd:complexType>

complexType license

diagram

namespace

http://www.oasis.org/was

children

licenseType licenseText licenseVersion

<xsd:complexType name="license">
  <xsd:sequence>
    <xsd:element name="licenseType" type="xsd:string"/>
    <xsd:element name="licenseText" type="xsd:string"/>
    <xsd:element name="licenseVersion" type="xsd:decimal"/>
  </xsd:sequence>
</xsd:complexType>

element license/licenseType

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="licenseType" type="xsd:string"/>

element license/licenseText

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="licenseText" type="xsd:string"/>

element license/licenseVersion

diagram
namespace	http://www.oasis.org/was
type	xsd:decimal
source	<xsd:element name="licenseVersion" type="xsd:decimal"/>

complexType metaData

diagram
namespace	http://www.oasis.org/was
children	ID date author provider restrictions
source	<xsd:complexType name="metaData"> <xsd:sequence> <xsd:element name="ID" type="ID"> <xsd:annotation> <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file outside of transport security). </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="date" type="date"> <xsd:annotation> <xsd:appinfo>The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="author" type="author"> <xsd:annotation> <xsd:appinfo>The author element provides a mechanism to reference the original author of the test case. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="provider" type="provider"> <xsd:annotation> <xsd:appinfo>The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="restrictions" type="restrictions"> <xsd:annotation> <xsd:appinfo>The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information. </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType>

element metaData/ID

diagram

namespace

http://www.oasis.org/was

This element provides a uniquely identifiable key. This would be used as a fast and efficient way for two technolgies sharing the same test case database to exchange information. ie use xsd:was:ID:uid:007

annotation

appInfo

The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file outside of transport security).

source

<xsd:element name="ID" type="ID">
  <xsd:annotation>
    <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file outside of transport security).
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/date

diagram

namespace

http://www.oasis.org/was

type

date

children

dateFirstReleased dateLastReleased

annotation

appInfo

The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months.

source

<xsd:element name="date" type="date">
  <xsd:annotation>
    <xsd:appinfo>The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/author

diagram

namespace

http://www.oasis.org/was

type

author

children

name email company address uri

annotation

appInfo

The author element provides a mechanism to reference the original author of the test case.

source

<xsd:element name="author" type="author">
  <xsd:annotation>
    <xsd:appinfo>The author element provides a mechanism to reference the original author of the test case.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/provider

diagram

namespace

http://www.oasis.org/was

type

provider

children

email company address uri

annotation

appInfo

The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures.

source

<xsd:element name="provider" type="provider">
  <xsd:annotation>
    <xsd:appinfo>The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/restrictions

diagram

namespace

http://www.oasis.org/was

type

restrictions

children

license copyright restrictionsUpdateURI

annotation

appInfo

The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information.

source

<xsd:element name="restrictions" type="restrictions">
  <xsd:annotation>
    <xsd:appinfo>The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

complexType profile

diagram
namespace	http://www.oasis.org/was
children	thesaurusReference riskRanking descriptions references attackSurface target consequence condition
source	<xsd:complexType name="profile"> <xsd:sequence> <xsd:element name="thesaurusReference" type="thesaurusReference"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="riskRanking" type="riskRanking" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file) </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="descriptions" type="descriptions" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="references" type="references"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="attackSurface" type="attackSurface"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="target" type="target"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="consequence" type="consequences"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="condition" type="condition"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType>

element profile/thesaurusReference

diagram

namespace

http://www.oasis.org/was

<xsd:element name="thesaurusReference" type="thesaurusReference">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/riskRanking

diagram

namespace

http://www.oasis.org/was

The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)

source

<xsd:element name="riskRanking" type="riskRanking" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/descriptions

diagram

namespace

http://www.oasis.org/was

<xsd:element name="descriptions" type="descriptions" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/references

diagram

namespace

http://www.oasis.org/was

<xsd:element name="references" type="references">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/attackSurface

diagram

namespace

http://www.oasis.org/was

<xsd:element name="attackSurface" type="attackSurface">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/target

diagram

namespace

http://www.oasis.org/was

<xsd:element name="target" type="target">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/consequence

diagram

namespace

http://www.oasis.org/was

<xsd:element name="consequence" type="consequences">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/condition

diagram

namespace

http://www.oasis.org/was

<xsd:element name="condition" type="condition">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

complexType provider

diagram

namespace

http://www.oasis.org/was

children

email company address uri

<xsd:complexType name="provider">
  <xsd:sequence>
    <xsd:element name="email" type="xsd:string"/>
    <xsd:element name="company" type="xsd:string"/>
    <xsd:element name="address" type="xsd:string"/>
    <xsd:element name="uri" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element provider/email

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="email" type="xsd:string"/>

element provider/company

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="company" type="xsd:string"/>

element provider/address

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="address" type="xsd:string"/>

element provider/uri

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="uri" type="xsd:string"/>

complexType restrictions

diagram

namespace

http://www.oasis.org/was

children

license copyright restrictionsUpdateURI

used by

element

metaData/restrictions

source

<xsd:complexType name="restrictions">
  <xsd:sequence>
    <xsd:element name="license" type="license"/>
    <xsd:element name="copyright" type="copyright"/>
    <xsd:element name="restrictionsUpdateURI" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element restrictions/license

diagram
namespace	http://www.oasis.org/was
type	license
children	licenseType licenseText licenseVersion
source	<xsd:element name="license" type="license"/>

element restrictions/copyright

diagram
namespace	http://www.oasis.org/was
type	copyright
children	copyrightHolder copyrightNotice copyrightDate
source	<xsd:element name="copyright" type="copyright"/>

element restrictions/restrictionsUpdateURI

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="restrictionsUpdateURI" type="xsd:string"/>

complexType thesaurusReference

diagram

namespace

http://www.oasis.org/was

profile/thesaurusReference

source

<xsd:complexType name="thesaurusReference">
  <xsd:sequence>
    <xsd:element name="groupEntry" type="thesaurusGroup"/>
  </xsd:sequence>
</xsd:complexType>

element thesaurusReference/groupEntry

diagram

namespace

http://www.oasis.org/was

type

thesaurusGroup

facets

enumeration	Access Control
enumeration	Application Configuration Management
enumeration	Application Logic
enumeration	Buffer Overflow
enumeration	Data Protection
enumeration	Infrastructure Configuration Management
enumeration	Input Validation
enumeration	Race Condition
enumeration	Session Management
enumeration	User Privacy
enumeration	Denial of Service

source

<xsd:element name="groupEntry" type="thesaurusGroup"/>

simpleType attackSurfaceType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	system boundary
enumeration	component boundary
enumeration	source code

source

<xsd:simpleType name="attackSurfaceType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="system boundary"/>
    <xsd:enumeration value="component boundary"/>
    <xsd:enumeration value="source code"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType conditionType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	authenticated
enumeration	privilege
enumeration	port

source

<xsd:simpleType name="conditionType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="authenticated"/>
    <xsd:enumeration value="privilege"/>
    <xsd:enumeration value="port"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType consequenceType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	denial of service
enumeration	privilege elevation
enumeration	transfer of trust
enumeration	identity impersonation
enumeration	data disclosure
enumeration	security requirements violation

source

<xsd:simpleType name="consequenceType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="denial of service"/>
    <xsd:enumeration value="privilege elevation"/>
    <xsd:enumeration value="transfer of trust"/>
    <xsd:enumeration value="identity impersonation"/>
    <xsd:enumeration value="data disclosure"/>
    <xsd:enumeration value="security requirements violation"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType targetType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	application component
enumeration	infrastructure component
enumeration	end user

source

<xsd:simpleType name="targetType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="application component"/>
    <xsd:enumeration value="infrastructure component"/>
    <xsd:enumeration value="end user"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType thesaurusGroup

namespace

http://www.oasis.org/was

type

restriction of xsd:string

used by

element

thesaurusReference/groupEntry

facets

enumeration	Access Control
enumeration	Application Configuration Management
enumeration	Application Logic
enumeration	Buffer Overflow
enumeration	Data Protection
enumeration	Infrastructure Configuration Management
enumeration	Input Validation
enumeration	Race Condition
enumeration	Session Management
enumeration	User Privacy
enumeration	Denial of Service

source

<xsd:simpleType name="thesaurusGroup">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="Access Control"/>
    <xsd:enumeration value="Application Configuration Management"/>
    <xsd:enumeration value="Application Logic"/>
    <xsd:enumeration value="Buffer Overflow"/>
    <xsd:enumeration value="Data Protection"/>
    <xsd:enumeration value="Infrastructure Configuration Management"/>
    <xsd:enumeration value="Input Validation"/>
    <xsd:enumeration value="Race Condition"/>
    <xsd:enumeration value="Session Management"/>
    <xsd:enumeration value="User Privacy"/>
    <xsd:enumeration value="Denial of Service"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType thesaurusSubgroup

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	authentication
enumeration	authorization
enumeration	parameter manipulation
enumeration	heap overflow
enumeration	stack overflow
enumeration	format string
enumeration	cryptography
enumeration	transport security
enumeration	default configurations
enumeration	security patches
enumeration	administration interface
enumeration	canonicalization
enumeration	os command injection
enumeration	sql injection
enumeration	ldap command injection
enumeration	script injection
enumeration	session timeout
enumeration	session hijacking
enumeration	session fixation

source

<xsd:simpleType name="thesaurusSubgroup">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="authentication"/>
    <xsd:enumeration value="authorization"/>
    <xsd:enumeration value="parameter manipulation"/>
    <xsd:enumeration value="heap overflow"/>
    <xsd:enumeration value="stack overflow"/>
    <xsd:enumeration value="format string"/>
    <xsd:enumeration value="cryptography"/>
    <xsd:enumeration value="transport security"/>
    <xsd:enumeration value="default configurations"/>
    <xsd:enumeration value="security patches"/>
    <xsd:enumeration value="administration interface"/>
    <xsd:enumeration value="canonicalization"/>
    <xsd:enumeration value="os command injection"/>
    <xsd:enumeration value="sql injection"/>
    <xsd:enumeration value="ldap command injection"/>
    <xsd:enumeration value="script injection"/>
    <xsd:enumeration value="session timeout"/>
    <xsd:enumeration value="session hijacking"/>
    <xsd:enumeration value="session fixation"/>
  </xsd:restriction>
</xsd:simpleType>

XML Schema documentation generated with XMLSPY Schema Editor http://www.altova.com/xmlspy