<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://www.globus.org" elementFormDefault="qualified" xmlns:tns="http://www.globus.org" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:import schemaLocation="security_descriptor.xsd" namespace="http://www.globus.org" />
	<!-- Run as stuff -->
	<xs:element name="caller-identity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="service-identity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="resource-identity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="system-identity">
		<xs:complexType/>
	</xs:element>
	<xs:complexType name="run-asType">
		<xs:choice>
			<xs:element ref="tns:caller-identity"/>
			<xs:element ref="tns:service-identity"/>
			<xs:element ref="tns:resource-identity"/>
			<xs:element ref="tns:system-identity"/>
		</xs:choice>
	</xs:complexType>
	<xs:complexType name="protection-levelType">
		<xs:all>
			<xs:element ref="tns:integrity" minOccurs="0"/>
			<xs:element ref="tns:privacy" minOccurs="0"/>
		</xs:all>
	</xs:complexType>
	<!-- Different auth method -->
	<xs:element name="none">
		<xs:complexType/>
	</xs:element>
	<xs:complexType name="gsiSecType">
		<xs:sequence>
			<xs:element name="protection-level" type="tns:protection-levelType" minOccurs="0"/>
		</xs:sequence>
	</xs:complexType>
	<xs:group name="authMethodGp">
		<xs:all>
			<xs:element name="GSISecureConversation" type="tns:gsiSecType" minOccurs="0"/>
			<xs:element name="GSISecureMessage" type="tns:gsiSecType" minOccurs="0"/>
			<xs:element name="GSITransport" type="tns:gsiSecType" minOccurs="0"/>
		</xs:all>
	</xs:group>
	<xs:complexType name="auth-methodType">
		<xs:choice>
			<xs:group ref="tns:authMethodGp" minOccurs="0"/>
			<xs:element ref="tns:none" minOccurs="0"/>
		</xs:choice>
	</xs:complexType>
	<!-- Method auth -->
	<xs:complexType name="methodType">
		<xs:all>
			<xs:element name="auth-method" type="tns:auth-methodType" minOccurs="0"/>
			<xs:element name="run-as" type="tns:run-asType" minOccurs="0"/>
		</xs:all>
		<xs:attribute name="name" type="xs:QName" use="required"/>
	</xs:complexType>
	
	<!-- Service Security Config -->
	<xs:element name="securityConfig">
		<xs:complexType>
			<xs:sequence>
				<xs:element name="method" type="tns:methodType" minOccurs="0" maxOccurs="unbounded"/>
				<xs:element name="auth-method" type="tns:auth-methodType" minOccurs="0"/>
				<xs:element name="run-as" type="tns:run-asType" minOccurs="0"/>
				<xs:element name="credential" type="tns:credentialType" minOccurs="0"/>
				<xs:element ref="tns:authz" minOccurs="0"/>
				<xs:element ref="tns:reject-limited-proxy" minOccurs="0"/>
				<xs:element ref="tns:context-lifetime" minOccurs="0"/>
				<xs:element ref="tns:gridmap" minOccurs="0"/>
				<xs:element ref="tns:replay-attack-window" minOccurs="0"/>
				<xs:element ref="tns:replay-attack-filter" minOccurs="0"/>
			</xs:sequence>
			<!-- This imposes this order of parameter, but that is not required. Can't figure out how to have unbounded with all, without having to introduce a wrapping element. -->
		</xs:complexType>
	</xs:element>
</xs:schema>

