<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://www.globus.org" elementFormDefault="qualified" xmlns:tns="http://www.globus.org" xmlns:xs="http://www.w3.org/2001/XMLSchema">
	<!-- Run as stuff -->
	<xs:element name="caller-identity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="service-identity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="resource-identity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="system-identity">
		<xs:complexType/>
	</xs:element>
	<xs:complexType name="run-asType">
		<xs:choice>
			<xs:element ref="tns:caller-identity"/>
			<xs:element ref="tns:service-identity"/>
			<xs:element ref="tns:resource-identity"/>
			<xs:element ref="tns:system-identity"/>
		</xs:choice>
	</xs:complexType>
	<!-- Message protection stuff -->
	<xs:element name="integrity">
		<xs:complexType/>
	</xs:element>
	<xs:element name="privacy">
		<xs:complexType/>
	</xs:element>
	<xs:complexType name="protection-levelType">
		<xs:all>
			<xs:element ref="tns:integrity" minOccurs="0"/>
			<xs:element ref="tns:privacy" minOccurs="0"/>
		</xs:all>
	</xs:complexType>
	<!-- Different auth method -->
	<xs:element name="none">
		<xs:complexType/>
	</xs:element>
	<xs:complexType name="gsiSecType">
		<xs:sequence>
			<xs:element name="protection-level" type="tns:protection-levelType" minOccurs="0"/>
		</xs:sequence>
	</xs:complexType>
	<xs:group name="authMethodGp">
		<xs:all>
			<xs:element name="GSISecureConversation" type="tns:gsiSecType" minOccurs="0"/>
			<xs:element name="GSISecureMessage" type="tns:gsiSecType" minOccurs="0"/>
			<xs:element name="GSITransport" type="tns:gsiSecType" minOccurs="0"/>
		</xs:all>
	</xs:group>
	<xs:complexType name="auth-methodType">
		<xs:choice>
			<xs:group ref="tns:authMethodGp" minOccurs="0"/>
			<xs:element ref="tns:none" minOccurs="0"/>
		</xs:choice>
	</xs:complexType>
	<!-- Method auth -->
	<xs:complexType name="methodType">
		<xs:all>
			<xs:element name="auth-method" type="tns:auth-methodType" minOccurs="0"/>
			<xs:element name="run-as" type="tns:run-asType" minOccurs="0"/>
		</xs:all>
		<xs:attribute name="name" type="xs:QName" use="required"/>
	</xs:complexType>
	<xs:complexType name="valStringType">
		<xs:attribute name="value" type="xs:string" use="required"/>
	</xs:complexType>
	<!-- Credential type -->
	<xs:complexType name="certFileType">
		<xs:all>
			<xs:element name="key-file" type="tns:valStringType"/>
			<xs:element name="cert-file" type="tns:valStringType"/>
		</xs:all>
	</xs:complexType>
	<xs:complexType name="credentialType">
		<xs:choice>
			<xs:element name="proxy-file" type="tns:valStringType" minOccurs="0"/>
			<xs:element name="credential" type="tns:certFileType" minOccurs="0"/>
		</xs:choice>
	</xs:complexType>
	<!-- Security Config -->
	<xs:element name="securityConfig">
		<xs:complexType>
			<xs:sequence>
				<xs:element name="method" type="tns:methodType" minOccurs="0" maxOccurs="unbounded"/>
				<xs:element name="auth-method" type="tns:auth-methodType" minOccurs="0"/>
				<xs:element name="run-as" type="tns:run-asType" minOccurs="0"/>
				<xs:element name="credential" type="tns:credentialType" minOccurs="0"/>
				<xs:element name="reject-limited-proxy" type="tns:valStringType" minOccurs="0"/>
				<xs:element name="context-lifetime" type="tns:valStringType" minOccurs="0"/>
				<xs:element name="authz" type="tns:valStringType" minOccurs="0"/>
				<xs:element name="custom-authz-class" type="tns:valStringType" minOccurs="0"/>
				<xs:element name="gridmap" type="tns:valStringType" minOccurs="0"/>
			</xs:sequence>
			<!-- This imposes this order of parameter, but that is not required. Can't figure out how to have unbounded with all, without having to introduce a wrapping element. -->
		</xs:complexType>
	</xs:element>
</xs:schema>

