Schema was-global3.xsd

schema location:	C:\Documents and Settings\mark@curphey.com\Desktop\WAS Global\was-global3.xsd
targetNamespace:	http://www.oasis.org/was

Complex types	Simple types
article	attackSurfaceType
author	conditionType
copyright	consequenceType
descriptions	impact
ID	licenseType
license	targetType
metaData	thesaurusGroup
newsExample	thesaurusSubgroup
profile	threat
provider
references
restrictions
riskRanking
thesaurusReference
version
vulnDatabase
whitePaper

complexType article

diagram

namespace

http://www.oasis.org/was

children

title author publication date location

<xsd:complexType name="article">
  <xsd:sequence>
    <xsd:element name="title" type="xsd:string"/>
    <xsd:element name="author" type="xsd:string"/>
    <xsd:element name="publication" type="xsd:string"/>
    <xsd:element name="date" type="xsd:date"/>
    <xsd:element name="location" type="xsd:anyURI"/>
  </xsd:sequence>
</xsd:complexType>

element article/title

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="title" type="xsd:string"/>

element article/author

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="author" type="xsd:string"/>

element article/publication

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="publication" type="xsd:string"/>

element article/date

diagram
namespace	http://www.oasis.org/was
type	xsd:date
source	<xsd:element name="date" type="xsd:date"/>

element article/location

diagram
namespace	http://www.oasis.org/was
type	xsd:anyURI
source	<xsd:element name="location" type="xsd:anyURI"/>

complexType author

diagram

namespace

http://www.oasis.org/was

children

name email company address uri

<xsd:complexType name="author">
  <xsd:sequence>
    <xsd:element name="name" type="xsd:string"/>
    <xsd:element name="email" type="xsd:anyURI"/>
    <xsd:element name="company" type="xsd:string"/>
    <xsd:element name="address" type="xsd:string"/>
    <xsd:element name="uri" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element author/name

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="name" type="xsd:string"/>

element author/email

diagram
namespace	http://www.oasis.org/was
type	xsd:anyURI
source	<xsd:element name="email" type="xsd:anyURI"/>

element author/company

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="company" type="xsd:string"/>

element author/address

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="address" type="xsd:string"/>

element author/uri

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="uri" type="xsd:string"/>

complexType copyright

diagram

namespace

http://www.oasis.org/was

children

copyrightHolder copyrightNotice copyrightDate

used by

element

restrictions/copyright

source

<xsd:complexType name="copyright">
  <xsd:sequence>
    <xsd:element name="copyrightHolder" type="xsd:string"/>
    <xsd:element name="copyrightNotice" type="xsd:string"/>
    <xsd:element name="copyrightDate" type="xsd:date"/>
  </xsd:sequence>
</xsd:complexType>

element copyright/copyrightHolder

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="copyrightHolder" type="xsd:string"/>

element copyright/copyrightNotice

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="copyrightNotice" type="xsd:string"/>

element copyright/copyrightDate

diagram
namespace	http://www.oasis.org/was
type	xsd:date
source	<xsd:element name="copyrightDate" type="xsd:date"/>

complexType descriptions

diagram

namespace

http://www.oasis.org/was

children

shortDescription longtDescription

<xsd:complexType name="descriptions">
  <xsd:sequence>
    <xsd:element name="shortDescription" type="xsd:string"/>
    <xsd:element name="longtDescription" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element descriptions/shortDescription

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="shortDescription" type="xsd:string"/>

element descriptions/longtDescription

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="longtDescription" type="xsd:string"/>

complexType ID

diagram

namespace

http://www.oasis.org/was

This element provides a uniquely identifiable key. This would be used as a fast and efficient way for two technolgies sharing the same test case database to exchange information. ie use xsd:was:ID:uid:007

source

<xsd:complexType name="ID">
  <xsd:attribute name="testCaseID" type="xsd:ID" use="required">
    <xsd:annotation>
      <xsd:appinfo>This element provides a uniquely identifiable key. This would be used as a fast and efficient way for two technolgies sharing the same test case database to exchange information. ie use xsd:was:ID:uid:007
					</xsd:appinfo>
    </xsd:annotation>
  </xsd:attribute>
</xsd:complexType>

complexType license

diagram

namespace

http://www.oasis.org/was

children

licenseType licenseText licenseVersion

<xsd:complexType name="license">
  <xsd:sequence>
    <xsd:element name="licenseType" type="licenseType"/>
    <xsd:element name="licenseText" type="xsd:string"/>
    <xsd:element name="licenseVersion" type="xsd:decimal"/>
  </xsd:sequence>
</xsd:complexType>

element license/licenseType

diagram

namespace

http://www.oasis.org/was

type

licenseType

facets

enumeration	OSI Compliant
enumeration	Vendor Proprietary

source

<xsd:element name="licenseType" type="licenseType"/>

element license/licenseText

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="licenseText" type="xsd:string"/>

element license/licenseVersion

diagram
namespace	http://www.oasis.org/was
type	xsd:decimal
source	<xsd:element name="licenseVersion" type="xsd:decimal"/>

complexType metaData

diagram
namespace	http://www.oasis.org/was
children	ID version author provider restrictions
source	<xsd:complexType name="metaData"> <xsd:sequence> <xsd:element name="ID" type="ID"> <xsd:annotation> <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file outside of transport security). </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="version" type="version" maxOccurs="unbounded"> <xsd:annotation> <xsd:appinfo>The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="author" type="author"> <xsd:annotation> <xsd:appinfo>The author element provides a mechanism to reference the original author of the test case. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="provider" type="provider" minOccurs="0"> <xsd:annotation> <xsd:appinfo>The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures. </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="restrictions" type="restrictions"> <xsd:annotation> <xsd:appinfo>The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information. </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType>

element metaData/ID

diagram

namespace

http://www.oasis.org/was

This element provides a uniquely identifiable key. This would be used as a fast and efficient way for two technolgies sharing the same test case database to exchange information. ie use xsd:was:ID:uid:007

annotation

appInfo

The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file outside of transport security).

source

<xsd:element name="ID" type="ID">
  <xsd:annotation>
    <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file outside of transport security).
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/version

diagram

namespace

http://www.oasis.org/was

type

version

children

versionNumber releaseDate changeLog

annotation

appInfo

The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months.

source

<xsd:element name="version" type="version" maxOccurs="unbounded">
  <xsd:annotation>
    <xsd:appinfo>The date element provides a mechanism to declare time and historical related data. An example use case maybe, show me all of the issues within the last 3 months.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/author

diagram

namespace

http://www.oasis.org/was

type

author

children

name email company address uri

annotation

appInfo

The author element provides a mechanism to reference the original author of the test case.

source

<xsd:element name="author" type="author">
  <xsd:annotation>
    <xsd:appinfo>The author element provides a mechanism to reference the original author of the test case.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/provider

diagram

namespace

http://www.oasis.org/was

type

provider

children

email company address uri

annotation

appInfo

The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures.

source

<xsd:element name="provider" type="provider" minOccurs="0">
  <xsd:annotation>
    <xsd:appinfo>The provider element provides a mechanism to reference the original provider of the signature. This maybe a trusted source of signatures or a commercial security intelligence provider or an internal source. This allows fast indexing of entries based on the provider without having to check signatures.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element metaData/restrictions

diagram

namespace

http://www.oasis.org/was

type

restrictions

children

license copyright restrictionsUpdateURI

annotation

appInfo

The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information.

source

<xsd:element name="restrictions" type="restrictions">
  <xsd:annotation>
    <xsd:appinfo>The restrictions element provides a mechanism to reference any usage restrictions on the test case itself. These may include copyright, licensing or potentially things like export restrictions where a test case contains cryptographic information.
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

complexType newsExample

diagram

namespace

http://www.oasis.org/was

children

title publication date location

used by

element

references/newsExample

source

<xsd:complexType name="newsExample">
  <xsd:sequence>
    <xsd:element name="title" type="xsd:string"/>
    <xsd:element name="publication" type="xsd:string"/>
    <xsd:element name="date" type="xsd:date"/>
    <xsd:element name="location" type="xsd:anyURI"/>
  </xsd:sequence>
</xsd:complexType>

element newsExample/title

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="title" type="xsd:string"/>

element newsExample/publication

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="publication" type="xsd:string"/>

element newsExample/date

diagram
namespace	http://www.oasis.org/was
type	xsd:date
source	<xsd:element name="date" type="xsd:date"/>

element newsExample/location

diagram
namespace	http://www.oasis.org/was
type	xsd:anyURI
source	<xsd:element name="location" type="xsd:anyURI"/>

complexType profile

diagram
namespace	http://www.oasis.org/was
children	thesaurusReference riskRanking descriptions references attackSurface target consequence condition
source	<xsd:complexType name="profile"> <xsd:sequence> <xsd:element name="thesaurusReference" type="thesaurusReference"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="riskRanking" type="riskRanking"> <xsd:annotation> <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file) </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="descriptions" type="descriptions"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="references" type="references"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="attackSurface" type="attackSurface"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="target" type="target"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="consequence" type="consequences"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="condition" type="condition"> <xsd:annotation> <xsd:appinfo> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:complexType>

element profile/thesaurusReference

diagram

namespace

http://www.oasis.org/was

type

thesaurusReference

children

groupEntry subGroupEntry

annotation

appInfo

source

<xsd:element name="thesaurusReference" type="thesaurusReference">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/riskRanking

diagram

namespace

http://www.oasis.org/was

The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)

source

<xsd:element name="riskRanking" type="riskRanking">
  <xsd:annotation>
    <xsd:appinfo>The ID element provides a mechansim to declare uniquely identifiable attributes for cataloging and referencing. The provider, author and vendor IDs allow cross referencing ands trust models to be developed based on the source of the test case. Note: Need to define the XML:DigSig for these attributes and provide for a mecahism to sign an entire file (ie provide authenticity and integrity of the file)
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/descriptions

diagram

namespace

http://www.oasis.org/was

type

descriptions

children

shortDescription longtDescription

annotation

appInfo

source

<xsd:element name="descriptions" type="descriptions">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/references

diagram

namespace

http://www.oasis.org/was

type

references

children

vulnDatabase whitePaper article newsExample

annotation

appInfo

source

<xsd:element name="references" type="references">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/attackSurface

diagram

namespace

http://www.oasis.org/was

<xsd:element name="attackSurface" type="attackSurface">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/target

diagram

namespace

http://www.oasis.org/was

<xsd:element name="target" type="target">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/consequence

diagram

namespace

http://www.oasis.org/was

<xsd:element name="consequence" type="consequences">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

element profile/condition

diagram

namespace

http://www.oasis.org/was

<xsd:element name="condition" type="condition">
  <xsd:annotation>
    <xsd:appinfo>
					</xsd:appinfo>
  </xsd:annotation>
</xsd:element>

complexType provider

diagram

namespace

http://www.oasis.org/was

children

email company address uri

<xsd:complexType name="provider">
  <xsd:sequence>
    <xsd:element name="email" type="xsd:string"/>
    <xsd:element name="company" type="xsd:string"/>
    <xsd:element name="address" type="xsd:string"/>
    <xsd:element name="uri" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element provider/email

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="email" type="xsd:string"/>

element provider/company

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="company" type="xsd:string"/>

element provider/address

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="address" type="xsd:string"/>

element provider/uri

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="uri" type="xsd:string"/>

complexType references

diagram

namespace

http://www.oasis.org/was

children

vulnDatabase whitePaper article newsExample

<xsd:complexType name="references">
  <xsd:sequence>
    <xsd:element name="vulnDatabase" type="vulnDatabase"/>
    <xsd:element name="whitePaper" type="whitePaper"/>
    <xsd:element name="article" type="article"/>
    <xsd:element name="newsExample" type="newsExample"/>
  </xsd:sequence>
</xsd:complexType>

element references/vulnDatabase

diagram
namespace	http://www.oasis.org/was
type	vulnDatabase
children	name location itemIdentifier
source	<xsd:element name="vulnDatabase" type="vulnDatabase"/>

element references/whitePaper

diagram
namespace	http://www.oasis.org/was
type	whitePaper
children	title author format date location
source	<xsd:element name="whitePaper" type="whitePaper"/>

element references/article

diagram
namespace	http://www.oasis.org/was
type	article
children	title author publication date location
source	<xsd:element name="article" type="article"/>

element references/newsExample

diagram
namespace	http://www.oasis.org/was
type	newsExample
children	title publication date location
source	<xsd:element name="newsExample" type="newsExample"/>

complexType restrictions

diagram

namespace

http://www.oasis.org/was

children

license copyright restrictionsUpdateURI

used by

element

metaData/restrictions

source

<xsd:complexType name="restrictions">
  <xsd:sequence>
    <xsd:element name="license" type="license"/>
    <xsd:element name="copyright" type="copyright" minOccurs="0"/>
    <xsd:element name="restrictionsUpdateURI" type="xsd:string" minOccurs="0"/>
  </xsd:sequence>
</xsd:complexType>

element restrictions/license

diagram
namespace	http://www.oasis.org/was
type	license
children	licenseType licenseText licenseVersion
source	<xsd:element name="license" type="license"/>

element restrictions/copyright

diagram
namespace	http://www.oasis.org/was
type	copyright
children	copyrightHolder copyrightNotice copyrightDate
source	<xsd:element name="copyright" type="copyright" minOccurs="0"/>

element restrictions/restrictionsUpdateURI

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="restrictionsUpdateURI" type="xsd:string" minOccurs="0"/>

complexType riskRanking

diagram

namespace

http://www.oasis.org/was

<xsd:complexType name="riskRanking">
  <xsd:sequence>
    <xsd:element name="threat"/>
    <xsd:element name="impact"/>
  </xsd:sequence>
</xsd:complexType>

element riskRanking/threat

diagram
namespace	http://www.oasis.org/was
source	<xsd:element name="threat"/>

element riskRanking/impact

diagram
namespace	http://www.oasis.org/was
source	<xsd:element name="impact"/>

complexType thesaurusReference

diagram

namespace

http://www.oasis.org/was

children

groupEntry subGroupEntry

used by

element

profile/thesaurusReference

source

<xsd:complexType name="thesaurusReference">
  <xsd:sequence>
    <xsd:element name="groupEntry" type="thesaurusGroup"/>
    <xsd:element name="subGroupEntry" type="thesaurusSubGroup"/>
  </xsd:sequence>
</xsd:complexType>

element thesaurusReference/groupEntry

diagram

namespace

http://www.oasis.org/was

type

thesaurusGroup

facets

enumeration	Access Control
enumeration	Application Configuration Management
enumeration	Application Logic
enumeration	Buffer Overflow
enumeration	Data Protection
enumeration	Infrastructure Configuration Management
enumeration	Input Validation
enumeration	Concurrency
enumeration	Session Management
enumeration	Denial of Service

source

<xsd:element name="groupEntry" type="thesaurusGroup"/>

element thesaurusReference/subGroupEntry

diagram
namespace	http://www.oasis.org/was
type	thesaurusSubGroup
source	<xsd:element name="subGroupEntry" type="thesaurusSubGroup"/>

complexType version

diagram

namespace

http://www.oasis.org/was

children

versionNumber releaseDate changeLog

<xsd:complexType name="version">
  <xsd:sequence>
    <xsd:element name="versionNumber" type="xsd:decimal"/>
    <xsd:element name="releaseDate" type="xsd:dateTime"/>
    <xsd:element name="changeLog" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element version/versionNumber

diagram
namespace	http://www.oasis.org/was
type	xsd:decimal
source	<xsd:element name="versionNumber" type="xsd:decimal"/>

element version/releaseDate

diagram
namespace	http://www.oasis.org/was
type	xsd:dateTime
source	<xsd:element name="releaseDate" type="xsd:dateTime"/>

element version/changeLog

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="changeLog" type="xsd:string"/>

complexType vulnDatabase

diagram

namespace

http://www.oasis.org/was

children

name location itemIdentifier

used by

element

references/vulnDatabase

source

<xsd:complexType name="vulnDatabase">
  <xsd:sequence>
    <xsd:element name="name" type="xsd:string"/>
    <xsd:element name="location" type="xsd:anyURI"/>
    <xsd:element name="itemIdentifier" type="xsd:string"/>
  </xsd:sequence>
</xsd:complexType>

element vulnDatabase/name

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="name" type="xsd:string"/>

element vulnDatabase/location

diagram
namespace	http://www.oasis.org/was
type	xsd:anyURI
source	<xsd:element name="location" type="xsd:anyURI"/>

element vulnDatabase/itemIdentifier

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="itemIdentifier" type="xsd:string"/>

complexType whitePaper

diagram

namespace

http://www.oasis.org/was

children

title author format date location

used by

element

references/whitePaper

source

<xsd:complexType name="whitePaper">
  <xsd:sequence>
    <xsd:element name="title" type="xsd:string"/>
    <xsd:element name="author" type="xsd:string"/>
    <xsd:element name="format" type="xsd:mimetype"/>
    <xsd:element name="date" type="xsd:date"/>
    <xsd:element name="location" type="xsd:anyURI"/>
  </xsd:sequence>
</xsd:complexType>

element whitePaper/title

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="title" type="xsd:string"/>

element whitePaper/author

diagram
namespace	http://www.oasis.org/was
type	xsd:string
source	<xsd:element name="author" type="xsd:string"/>

element whitePaper/format

diagram
namespace	http://www.oasis.org/was
type	xsd:mimetype
source	<xsd:element name="format" type="xsd:mimetype"/>

element whitePaper/date

diagram
namespace	http://www.oasis.org/was
type	xsd:date
source	<xsd:element name="date" type="xsd:date"/>

element whitePaper/location

diagram
namespace	http://www.oasis.org/was
type	xsd:anyURI
source	<xsd:element name="location" type="xsd:anyURI"/>

simpleType attackSurfaceType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	system boundary
enumeration	component boundary
enumeration	source code

source

<xsd:simpleType name="attackSurfaceType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="system boundary"/>
    <xsd:enumeration value="component boundary"/>
    <xsd:enumeration value="source code"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType conditionType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	authenticated
enumeration	privilege
enumeration	port

source

<xsd:simpleType name="conditionType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="authenticated"/>
    <xsd:enumeration value="privilege"/>
    <xsd:enumeration value="port"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType consequenceType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	denial of service
enumeration	privilege elevation
enumeration	transfer of trust
enumeration	identity impersonation
enumeration	data disclosure
enumeration	security requirements violation

source

<xsd:simpleType name="consequenceType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="denial of service"/>
    <xsd:enumeration value="privilege elevation"/>
    <xsd:enumeration value="transfer of trust"/>
    <xsd:enumeration value="identity impersonation"/>
    <xsd:enumeration value="data disclosure"/>
    <xsd:enumeration value="security requirements violation"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType impact

namespace

http://www.oasis.org/was

type

restriction of xsd:string

<xsd:simpleType name="impact">
  <xsd:restriction base="xsd:string">
    <xsd:pattern value="[a-d]"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType licenseType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

enumeration	OSI Compliant
enumeration	Vendor Proprietary

source

<xsd:simpleType name="licenseType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="OSI Compliant"/>
    <xsd:enumeration value="Vendor Proprietary"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType targetType

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	application component
enumeration	infrastructure component
enumeration	end user

source

<xsd:simpleType name="targetType">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="application component"/>
    <xsd:enumeration value="infrastructure component"/>
    <xsd:enumeration value="end user"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType thesaurusGroup

namespace

http://www.oasis.org/was

type

restriction of xsd:string

used by

element

thesaurusReference/groupEntry

facets

enumeration	Access Control
enumeration	Application Configuration Management
enumeration	Application Logic
enumeration	Buffer Overflow
enumeration	Data Protection
enumeration	Infrastructure Configuration Management
enumeration	Input Validation
enumeration	Concurrency
enumeration	Session Management
enumeration	Denial of Service

source

<xsd:simpleType name="thesaurusGroup">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="Access Control"/>
    <xsd:enumeration value="Application Configuration Management"/>
    <xsd:enumeration value="Application Logic"/>
    <xsd:enumeration value="Buffer Overflow"/>
    <xsd:enumeration value="Data Protection"/>
    <xsd:enumeration value="Infrastructure Configuration Management"/>
    <xsd:enumeration value="Input Validation"/>
    <xsd:enumeration value="Concurrency"/>
    <xsd:enumeration value="Session Management"/>
    <xsd:enumeration value="Denial of Service"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType thesaurusSubgroup

namespace

http://www.oasis.org/was

type

restriction of xsd:string

facets

enumeration	authentication
enumeration	authorization
enumeration	parameter manipulation
enumeration	heap overflow
enumeration	stack overflow
enumeration	format string
enumeration	cryptography
enumeration	transport security
enumeration	default configurations
enumeration	security patches
enumeration	administration interface
enumeration	canonicalization
enumeration	os command injection
enumeration	sql injection
enumeration	ldap command injection
enumeration	script injection
enumeration	session timeout
enumeration	session hijacking
enumeration	session fixation

source

<xsd:simpleType name="thesaurusSubgroup">
  <xsd:restriction base="xsd:string">
    <xsd:enumeration value="authentication"/>
    <xsd:enumeration value="authorization"/>
    <xsd:enumeration value="parameter manipulation"/>
    <xsd:enumeration value="heap overflow"/>
    <xsd:enumeration value="stack overflow"/>
    <xsd:enumeration value="format string"/>
    <xsd:enumeration value="cryptography"/>
    <xsd:enumeration value="transport security"/>
    <xsd:enumeration value="default configurations"/>
    <xsd:enumeration value="security patches"/>
    <xsd:enumeration value="administration interface"/>
    <xsd:enumeration value="canonicalization"/>
    <xsd:enumeration value="os command injection"/>
    <xsd:enumeration value="sql injection"/>
    <xsd:enumeration value="ldap command injection"/>
    <xsd:enumeration value="script injection"/>
    <xsd:enumeration value="session timeout"/>
    <xsd:enumeration value="session hijacking"/>
    <xsd:enumeration value="session fixation"/>
  </xsd:restriction>
</xsd:simpleType>

simpleType threat

namespace

http://www.oasis.org/was

type

restriction of xsd:string

<xsd:simpleType name="threat">
  <xsd:restriction base="xsd:string">
    <xsd:pattern value="[a-d]"/>
  </xsd:restriction>
</xsd:simpleType>

XML Schema documentation generated with XMLSPY Schema Editor http://www.altova.com/xmlspy