3.1.4.1.3.3 wst:RequestSecurityTokenType
The wst:RequestSecurityTokenType complex type contains the elements for the security token request in the RequestSecurityTokenMsg message. It is the client-provided object for a certificate enrollment request. wst:RequestSecurityTokenType is defined in the WS-Trust [WSTrust1.3] XML schema definition (XSD).
-
<xs:complexType name="RequestSecurityTokenType"> <xs:annotation> <xs:documentation> Actual content model is non-deterministic, hence wildcard. The following shows intended content model: <xs:element ref='wst:TokenType' minOccurs='0' /> <xs:element ref='wst:RequestType' /> <xs:element ref='wsp:AppliesTo' minOccurs='0' /> <xs:element ref='wst:Claims' minOccurs='0' /> <xs:element ref='wst:Entropy' minOccurs='0' /> <xs:element ref='wst:Lifetime' minOccurs='0' /> <xs:element ref='wst:AllowPostdating' minOccurs='0' /> <xs:element ref='wst:Renewing' minOccurs='0' /> <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> <xs:element ref='wst:Issuer' minOccurs='0' /> <xs:element ref='wst:AuthenticationType' minOccurs='0' /> <xs:element ref='wst:KeyType' minOccurs='0' /> <xs:element ref='wst:KeySize' minOccurs='0' /> <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> <xs:element ref='wst:Encryption' minOccurs='0' /> <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> <xs:element ref='wst:ProofEncryption' minOccurs='0' /> <xs:element ref='wst:UseKey' minOccurs='0' /> <xs:element ref='wst:SignWith' minOccurs='0' /> <xs:element ref='wst:EncryptWith' minOccurs='0' /> <xs:element ref='wst:DelegateTo' minOccurs='0' /> <xs:element ref='wst:Forwardable' minOccurs='0' /> <xs:element ref='wst:Delegatable' minOccurs='0' /> <xs:element ref='wsp:Policy' minOccurs='0' /> <xs:element ref='wsp:PolicyReference' minOccurs='0' /> <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> </xs:documentation> </xs:annotation> <xs:sequence> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> <xs:attribute name="Context" type="xs:anyURI" use="optional" /> <xs:anyAttribute namespace="##other" processContents="lax" /> </xs:complexType>
WSTEP extends <wst:RequestSecurityTokenType> with the following elements:
-
<xs:element ref="wsse:BinarySecurityToken" minOccurs="0" maxOccurs="1" /> <xs:element ref="auth:AdditionalContext" minOccurs="0" maxOccurs="1" /> <xs:element ref="wst:RequestKET" minOccurs="0" maxOccurs="1" /> <xs:element ref="wstep:RequestID" minOccurs="0" maxOccurs="1" />
Only the elements specified below are used in WSTEP. Any element received that is not specified below SHOULD be ignored.
wst:TokenType: Refers to the wst:TokenType definition in section 3.1.4.1.2.8.
wst:RequestType: Refers to the wst:RequestType definition in section 3.1.4.1.2.7. The wst:RequestType is used to identify the type of the security token request.
wst:RequestKET: Used when requesting a key exchange token as defined in [WSTrust1.3] section 8.4.
wsse:BinarySecurityToken: Provides the DER ASN.1 representation of the certificate request. The type of token is defined by the wst:TokenType element. For the X.509v3 enrollment extension the wst:TokenType MUST be specified as in section 3.1.4.1.2.8. The certificate request follows the formatting from [MS-WCCE] section 2.2.2.6. The EncodingType attribute of the wsse:BinarySecurityToken element MUST be set to base64Binary.
auth:AdditionalContext: The auth:AdditionalContext element is used to provide extra information in a wst:RequestSecurityToken message. It is an optional element, and SHOULD be omitted if there is no extra information to be passed.
wstep:RequestID: An instance of wstep:RequestID as specified in section 3.1.4.1.2.4.