idnits 2.17.1 

draft-birkholz-sacm-yang-content-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 72 instances of too long lines in the document, the longest
     one being 66 characters in excess of 72.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (July 19, 2017) is 2472 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Outdated reference: A later version (-11) exists of
     draft-ietf-mile-xmpp-grid-03

  == Outdated reference: A later version (-26) exists of
     draft-ietf-netconf-subscribed-notifications-03

  == Outdated reference: A later version (-25) exists of
     draft-ietf-netconf-yang-push-07


     Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	SACM Working Group                                           H. Birkholz
3	Internet-Draft                                            Fraunhofer SIT
4	Intended status: Standards Track                           N. Cam-Winget
5	Expires: January 20, 2018                                  Cisco Systems
6	                                                           July 19, 2017

8	           YANG subscribed notifications via SACM Statements
9	                  draft-birkholz-sacm-yang-content-00

11	Abstract

13	   This document summarizes the data model designed at the IETF 99
14	   Hackathon and is intended to grow in to a definition of general XML
15	   SACM statements (and later JSON and CBOR, respectively) for virtually
16	   every kind of Content Element (e.g. software identifiers, assessment
17	   guidance/results, ECA Policy rules, VDD, etc.).  The SACM Statement
18	   data structure is based on the Information Element (IE) definitions
19	   provided by the SACM Information Model.  The initial Content Element
20	   type transferred are YANG Subscribed Notification acquired via YANG
21	   push.  In combination with the Origin Metadata Annotation defined in
22	   draft-ietf-netmod-revised-datastores the data model defined in this
23	   document will ultimately be able to express collected endpoint
24	   characteristics, imperative guidance that define and orchestrate
25	   assessment instructions, and also the declarative guidance for
26	   endpoint attributes.

28	Status of This Memo

30	   This Internet-Draft is submitted in full conformance with the
31	   provisions of BCP 78 and BCP 79.

33	   Internet-Drafts are working documents of the Internet Engineering
34	   Task Force (IETF).  Note that other groups may also distribute
35	   working documents as Internet-Drafts.  The list of current Internet-
36	   Drafts is at http://datatracker.ietf.org/drafts/current/.

38	   Internet-Drafts are draft documents valid for a maximum of six months
39	   and may be updated, replaced, or obsoleted by other documents at any
40	   time.  It is inappropriate to use Internet-Drafts as reference
41	   material or to cite them other than as "work in progress."

43	   This Internet-Draft will expire on January 20, 2018.

45	Copyright Notice

47	   Copyright (c) 2017 IETF Trust and the persons identified as the
48	   document authors.  All rights reserved.

50	   This document is subject to BCP 78 and the IETF Trust's Legal
51	   Provisions Relating to IETF Documents
52	   (http://trustee.ietf.org/license-info) in effect on the date of
53	   publication of this document.  Please review these documents
54	   carefully, as they describe your rights and restrictions with respect
55	   to this document.  Code Components extracted from this document must
56	   include Simplified BSD License text as described in Section 4.e of
57	   the Trust Legal Provisions and are provided without warranty as
58	   described in the Simplified BSD License.

60	Table of Contents

62	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
63	   2.  Requirements notation . . . . . . . . . . . . . . . . . . . .   3
64	   3.  Brokering of YANG push telemetry via SACM statements  . . . .   3
65	   4.  Encapsulation of YANG notifications in SACM content-elements    3
66	     4.1.  Enumeration definition for content-type . . . . . . . . .   4
67	     4.2.  Element definition for content-metadata . . . . . . . . .   4
68	     4.3.  Definition of the yang-output-metadata element included
69	           in content-metadata . . . . . . . . . . . . . . . . . . .   5
70	   5.  SACM Component Composition  . . . . . . . . . . . . . . . . .   7
71	   6.  IANA considerations . . . . . . . . . . . . . . . . . . . . .   7
72	   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
73	   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
74	   9.  Change Log  . . . . . . . . . . . . . . . . . . . . . . . . .   7
75	   10. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .   7
76	   11. Normative References  . . . . . . . . . . . . . . . . . . . .   7
77	   Appendix A.  Minimal SACM Statement Definition for YANG Output  .   8
78	   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  27

80	1.  Introduction

82	   YANG modules are a powerful established tool to provide endpoint
83	   attributes (IE) with well-defined semantics.  YANG push
84	   [I-D.ietf-netconf-yang-push] and the corresponding YANG subscribed
85	   notification [I-D.ietf-netconf-subscribed-notifications] drafts make
86	   use of these modules to create streams of notifications (telemetry)
87	   providing SACM content on the data plane.  Correspondingly, filter
88	   expressions used in the context of YANG subscriptions constitute SACM
89	   content that is imperative guidance consumed by SACM components on
90	   the management plane.

92	   The SACM component illustrated in this draft incorporates a YANG Push
93	   client function and an xmpp-grid publisher function.  The output of
94	   the YANG Push client function is encapsulated in a SACM Content
95	   Element envelope, which is again encapsulated in a SACM statement
96	   envelope.  The corresponding SACM statements are published via the
97	   xmpp-grid publisher function into a SACM Domain.

99	2.  Requirements notation

101	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
102	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
103	   "OPTIONAL" in this document are to be interpreted as described in RFC
104	   2119, BCP 14 [RFC2119].

106	3.  Brokering of YANG push telemetry via SACM statements

108	   Every SACM content is published into a SACM domain using a statement
109	   envelope/encapsulation.  The general structure of a Statement is
110	   based in the Information Element defintion in
111	   [I-D.ietf-sacm-information-model] and can be summarized as follows:

113	   o  a statement encapsulates statement-metadata and content-elements

115	   o  a content-element encapsulates content-metadata and SACM content

117	   In the scope of this document, only one type of SACM content is
118	   covered: YANG output.  Correspondingly, only the minimal required
119	   structure of statements, statement-metadata, content-elements, and
120	   content-metadata are defined.  A complete XML schema definition of
121	   this minimal statement can be found in Appendix A.

123	4.  Encapsulation of YANG notifications in SACM content-elements

125	   A YANG notification is associated with a set of YANG specific
126	   metadata.  Hence, a YANG notification published to a SACM Domain MUST
127	   be encapsulated with its corresponding metadata in a Content Element
128	   as defined below.

130	   YANG output that is SACM content is represented as an element
131	   defintion included in the content choice of the content-element.

133	<CODE BEGINS>
134	<xs:complexType name="content-element">
135	  <xs:sequence>
136	    <xs:element name="content-metadata" type="content-metadata" maxOccurs="unbounded"/>
137	    <xs:choice>
138	      <xs:element name="yang-output" type="yang-output" />
139	        <!-- There is only one element here now, but virtually every other content choice
140	             will go here, i.e. data models, such as OVAL, SCAP, SWID, etc. -->
141	    </xs:choice>
142	  </xs:sequence>
143	</xs:complexType>
144	<CODE ENDS>

146	4.1.  Enumeration definition for content-type

148	   One occurrence of the yang-output element MUST be instantiated in the
149	   content-metadata element if YANG push output is to be transferred.
150	   Also, the content-type must be set to the enumeration value "yang-
151	   output", respectively.

153	   In general, the list of content-type enumerations is including every
154	   subject as defined in the SACM Information Model.  For the scope of
155	   this document, the list of potential content is reduced to "yang-
156	   output" only.

158	<CODE BEGINS>
159	<xs:simpleType name="content-type">
160	  <xs:restriction base="xs:string">
161	    <xs:enumeration value="yang-output" />
162	       <!-- There is only one type here now, but virtually every other content-type
163	            will go here, i.e. data models, such as OVAL, SCAP, SWID, etc. -->
164	  </xs:restriction>
165	</xs:simpleType>
166	<CODE ENDS>

168	4.2.  Element definition for content-metadata

170	   The list of optional elements included in content-metadata will
171	   incorporate any every potential metadata type.  For the scope of this
172	   document, the list of elements is also limited to the minimal
173	   required set of metadata elements and the yang-output metadata
174	   element to support the encapsulation of NETCONF subscribed
175	   notifications and YANG query result.  As defined above, one
176	   occurrence of the yang-output element has to be included in the
177	   content-metadata element.

179	   The general content-metadata elements are illustrated in the
180	   Appendix A.

182	<CODE BEGINS>
183	<xs:complexType name="content-metadata">
184	  <xs:sequence>
185	    <xs:element name="content-element-guid" type="content-element-guid"/>
186	    <xs:element name="content-creation-timestamp" type="content-creation-timestamp"/>
187	    <xs:element name="content-topic" type="content-topic"/>
188	    <xs:element name="content-type" type="content-type"/>
189	    <xs:element name="data-source" type="data-source" minOccurs="0"/>
190	    <xs:element name="data-origin" type="data-origin" minOccurs="0"/>
191	    <xs:element name="relationship" type="relationship" minOccurs="0" maxOccurs="unbounded"/>
192	    <xs:element name="yang-output-metadata" type="yang-output-metadata" minOccurs="0"/>
193	  </xs:sequence>
194	</xs:complexType>
195	<CODE ENDS>

197	4.3.  Definition of the yang-output-metadata element included in
198	      content-metadata

200	   The composition of metadata that can be associated with a XML NETCONF
201	   result depends on multiple factors:

203	   o  acquisition method: query / subscription

205	   o  encoding: XML / JSON / CBOR

207	   o  subscription interval: periodic / on-change

209	   o  filter-type: xpath / subtree

211	   Additionally, the actual filter expression (or in future iterations
212	   of this work a referencing label, such as a URI, UUID or other
213	   composed identifier) has to be included in the content-metadata.

215	<CODE BEGINS>
216	<xs:complexType name="yang-output-metadata">
217	  <xs:sequence>
218	    <xs:choice maxOccurs="1">
219	      <xs:element name="yang-query" type="yang-query" />
220	      <xs:element name="yang-subscribe" type="yang-subscribe" />
221	    </xs:choice>
222	    <xs:element name="encoding" type="yang-encoding" />
223	    <xs:element name="module-names" type="module-name" minOccurs="0" maxOccurs="unbounded" />
224	  </xs:sequence>
225	</xs:complexType>

227	<xs:complexType name="yang-subscribe">
228	  <xs:restriction base="xs:NMTOKEN">
229	    <xs:enumeration value="periodic" />
230	    <xs:enumeration value="on-change" />
231	  </xs:restriction>
232	  <xs:restriction base="xs:NMTOKEN">
233	    <xs:enumeration value="xpath" />
234	    <xs:enumeration value="subtree" />
235	  </xs:restriction>
236	<xs:complexType>

238	<xs:simpleType name="filter-expression">
239	  <xs:restriction base="xs:string" />
240	</xs:simpleType>

242	<xs:simpleType name="yang-query">
243	  <xs:restriction base="xs:string" />
244	</xs:simpleType>

246	<xs:simpleType name="yang-encoding">
247	  <xs:restriction base="xs:NMTOKEN">
248	    <xs:enumeration value="netconf" />
249	    <xs:enumeration value="restconf" />
250	    <xs:enumeration value="comi" />
251	  </xs:restriction>
252	</xs:simpleType>

254	<xs:simpleType name="module-name">
255	  <xs:restriction base="xs:string" />
256	</xs:simpleType>
257	<CODE ENDS>
258	5.  SACM Component Composition

260	   A SACM Component able to process YANG subscribed notifications
261	   requires at least two functions:

263	   o  a YANG push client function [I-D.ietf-netconf-yang-push],
264	      [I-D.ietf-netconf-subscribed-notifications]

266	   o  an xmpp-grid provider function [I-D.ietf-mile-xmpp-grid]

268	   Orchestattion of functions inside a component, their discovery as
269	   capabiliites and the internal communication of SACM content inside a
270	   SACM component is out of scope of this document for now.

272	6.  IANA considerations

274	   This document includes requests to IANA.

276	7.  Security Considerations

278	   TBD

280	8.  Acknowledgements

282	   Christoph Vigano, Guangying Zheng, Eric Voit, Alexander Clemm

284	9.  Change Log

286	   First version -00

288	10.  Contributors

290	11.  Normative References

292	   [I-D.ietf-mile-xmpp-grid]
293	              Cam-Winget, N., Appala, S., and S. Pope, "Using XMPP
294	              Protocol and its Extensions for Use with IODEF", draft-
295	              ietf-mile-xmpp-grid-03 (work in progress), July 2017.

297	   [I-D.ietf-netconf-subscribed-notifications]
298	              Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and
299	              A. Tripathy, "Custom Subscription to Event Notifications",
300	              draft-ietf-netconf-subscribed-notifications-03 (work in
301	              progress), July 2017.

303	   [I-D.ietf-netconf-yang-push]
304	              Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-
305	              Nygaard, E., Bierman, A., and B. Lengyel, "Subscribing to
306	              YANG datastore push updates", draft-ietf-netconf-yang-
307	              push-07 (work in progress), June 2017.

309	   [I-D.ietf-sacm-information-model]
310	              Waltermire, D., Watson, K., Kahn, C., Lorenzin, L., Cokus,
311	              M., Haynes, D., and H. Birkholz, "SACM Information Model",
312	              draft-ietf-sacm-information-model-10 (work in progress),
313	              April 2017.

315	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
316	              Requirement Levels", BCP 14, RFC 2119,
317	              DOI 10.17487/RFC2119, March 1997,
318	              <http://www.rfc-editor.org/info/rfc2119>.

320	Appendix A.  Minimal SACM Statement Definition for YANG Output

322	   The definitions of statements, statement-metadata, content-element,
323	   and content-metadata are provided by the SACM Information Model
324	   [I-D.ietf-sacm-information-model].

326	   Due to the stripping down of content-elements to YANG output, the
327	   enumerations still included in the relationship type are not able to
328	   point to other content actually.

330	<CODE BEGINS>
331	<?xml version="1.0"?>
332	<xs:schema version="1.0"
333	           xmlns:xs="http://www.w3.org/2001/XMLSchema"
334	           elementFormDefault="qualified">

336	  <xs:complexType name="StatementMetadata">
337	    <xs:sequence>
338	      <xs:element name="statement-guid" type="statement-guid" />
339	      <xs:element name="data-origin" type="data-origin" />
340	      <xs:element name="statement-creation-timestamp" type="statement-creation-timestamp" minOccurs="0" />
341	      <xs:element name="statement-publish-timestamp" type="statement-creation-timestamp" />
342	      <xs:element name="statement-type" type="statement-type" />
343	      <xs:element name="content-elements" type="content-elements" />
344	    </xs:sequence>
345	  </xs:complexType>

347	  <xs:complexType name="sacm-statement">
348	    <xs:sequence>
349	      <xs:element name="statement-metadata" type="StatementMetadata" />
350	      <xs:element name="content-element" type="content-element" minOccurs="1" maxOccurs="unbounded" />

352	    </xs:sequence>
353	  </xs:complexType>

355	  <xs:element name="sacm-statement" type="sacm-statement">
356	  </xs:element>

358	  <xs:simpleType name="statement-guid">
359	    <xs:restriction base="xs:string" />
360	  </xs:simpleType>

362	  <xs:simpleType name="decimal-fraction-denominator">
363	    <xs:restriction base="xs:integer" />
364	  </xs:simpleType>

366	  <xs:simpleType name="decimal-fraction-numerator">
367	    <xs:restriction base="xs:integer" />
368	  </xs:simpleType>

370	  <xs:simpleType name="content-elements">
371	    <xs:restriction base="xs:integer" />
372	  </xs:simpleType>

374	  <xs:complexType name="statement-creation-timestamp">
375	    <xs:sequence>
376	      <xs:element name="decimal-fraction-denominator" type="decimal-fraction-denominator"/>
377	      <xs:element name="decimal-fraction-numerator" type="decimal-fraction-numerator"/>
378	    </xs:sequence>
379	  </xs:complexType>

381	  <xs:complexType name="content-creation-timestamp">
382	    <xs:sequence>
383	      <xs:element name="decimal-fraction-denominator" type="decimal-fraction-denominator"/>
384	      <xs:element name="decimal-fraction-numerator" type="decimal-fraction-numerator"/>
385	    </xs:sequence>
386	  </xs:complexType>

388	  <xs:simpleType name="statement-type">
389	    <xs:restriction base="xs:string">
390	      <xs:enumeration value="Observation" />
391	      <xs:enumeration value="DirectoryContent" />
392	      <xs:enumeration value="Correlation" />
393	      <xs:enumeration value="Assessment" />
394	      <xs:enumeration value="Guidance" />
395	    </xs:restriction>
396	  </xs:simpleType>

398	  <xs:simpleType name="content-topic">
399	    <xs:restriction base="xs:string">
400	      <xs:enumeration value="Session" />
401	      <xs:enumeration value="User" />
402	      <xs:enumeration value="Interface" />
403	      <xs:enumeration value="PostureProfile" />
404	      <xs:enumeration value="Flow" />
405	      <xs:enumeration value="PostureAssessment" />
406	    </xs:restriction>
407	  </xs:simpleType>

409	  <xs:simpleType name="content-type">
410	    <xs:restriction base="xs:string">
411	      <xs:enumeration value="EndpointConfiguration" />
412	      <xs:enumeration value="EndpointState" />
413	      <xs:enumeration value="DirectoryEntry" />
414	      <xs:enumeration value="Event" />
415	      <xs:enumeration value="Incident" />
416	      <xs:enumeration value="yang-output" />
417	    </xs:restriction>
418	  </xs:simpleType>

420	  <xs:simpleType name="content-element-guid">
421	    <xs:restriction base="xs:string" />
422	  </xs:simpleType>

424	  <xs:complexType name="yang-output-metadata">
425	    <xs:sequence>
426	      <xs:choice maxOccurs="1">
427	        <xs:element name="yang-query" type="yang-query" />
428	        <xs:element name="yang-subscribe" type="yang-subscribe" />
429	      </xs:choice>
430	      <xs:element name="encoding" type="yang-encoding" />
431	      <xs:element name="module-names" type="module-name" minOccurs="0" maxOccurs="unbounded" />
432	    </xs:sequence>
433	  </xs:complexType>

435	  <xs:complexType name="yang-subscribe">
436	    <xs:restriction base="xs:NMTOKEN">
437	      <xs:enumeration value="periodic" />
438	      <xs:enumeration value="on-change" />
439	    </xs:restriction>
440	    <xs:restriction base="xs:NMTOKEN">
441	      <xs:enumeration value="xpath" />
442	      <xs:enumeration value="subtree" />
443	    </xs:restriction>
444	  </xs:complexType>

446	  <xs:simpleType name="filter-expression">
447	    <xs:restriction base="xs:string" />

449	  </xs:simpleType>

451	  <xs:simpleType name="yang-query">
452	    <xs:restriction base="xs:string" />
453	  </xs:simpleType>

455	  <xs:simpleType name="yang-encoding">
456	    <xs:restriction base="xs:NMTOKEN">
457	      <xs:enumeration value="netconf" />
458	      <xs:enumeration value="restconf" />
459	      <xs:enumeration value="comi" />
460	    </xs:restriction>
461	  </xs:simpleType>

463	  <xs:simpleType name="module-name">
464	    <xs:restriction base="xs:string" />
465	  </xs:simpleType>

467	  <xs:simpleType name="relationship-type">
468	    <xs:restriction base="xs:string">
469	      <xs:enumeration value="associated_with_user" />
470	      <xs:enumeration value="applies_to_session" />
471	      <xs:enumeration value="seen_on_interface" />
472	      <xs:enumeration value="associated_with_flow" />
473	      <xs:enumeration value="contains_virtual_device" />
474	    </xs:restriction>
475	  </xs:simpleType>

477	  <xs:simpleType name="relationship-content-element-guid">
478	    <xs:restriction base="xs:string" />
479	  </xs:simpleType>

481	  <xs:simpleType name="relationship-statement-guid">
482	    <xs:restriction base="xs:string" />
483	  </xs:simpleType>

485	  <xs:simpleType name="relationship-object-label">
486	    <xs:restriction base="xs:string" />
487	  </xs:simpleType>

489	  <xs:simpleType name="data-source-label">
490	    <xs:restriction base="xs:string" />
491	  </xs:simpleType>

493	  <xs:simpleType name="data-origin">
494	    <xs:restriction base="xs:string" />
495	  </xs:simpleType>
496	  <xs:simpleType name="host-name">
497	    <xs:restriction base="xs:string" />
498	  </xs:simpleType>

500	  <xs:simpleType name="administrative-domain-label">
501	    <xs:restriction base="xs:string" />
502	  </xs:simpleType>

504	  <xs:simpleType name="sub-administrative-domain">
505	    <xs:restriction base="xs:string" />
506	  </xs:simpleType>

508	  <xs:simpleType name="super-administrative-domain">
509	    <xs:restriction base="xs:string" />
510	  </xs:simpleType>

512	  <xs:complexType name="relationship">
513	    <xs:sequence>
514	      <xs:element name="relationship-type" type="relationship-type" />
515	      <xs:element name="relationship-content-element-guid" type="relationship-content-element-guid" minOccurs="0" maxOccurs="unbounded" />
516	      <xs:element name="relationship-statement-guid" type="relationship-statement-guid" minOccurs="0" maxOccurs="unbounded" />
517	      <xs:element name="relationship-object-label" type="relationship-object-label" minOccurs="0" maxOccurs="unbounded" />
518	    </xs:sequence>
519	  </xs:complexType>

521	  <xs:complexType name="flow-element">
522	    <xs:sequence>
523	      <xs:element name="network-address" type="network-address"/>
524	      <xs:element name="layer4-port-address" type="layer4-port-address" />
525	    </xs:sequence>
526	  </xs:complexType>

528	  <xs:complexType name="flow-record">
529	    <xs:sequence>
530	      <xs:element name="src-flow-element" type="flow-element" />
531	      <xs:element name="dst-flow-element" type="flow-element" />
532	      <xs:element name="protocol" type="protocol" />
533	      <xs:element name="layer4-protocol" type="layer4-protocol" />
534	      <xs:element name="flow-statistics" type="flow-statistics" />
535	    </xs:sequence>
536	  </xs:complexType>

538	  <xs:complexType name="content-metadata">
539	    <xs:sequence>
540	      <xs:element name="content-element-guid" type="content-element-guid" />
541	      <xs:element name="content-creation-timestamp" type="content-creation-timestamp" />
542	      <xs:element name="content-topic" type="content-topic" />
543	      <xs:element name="content-type" type="content-type" />
544	      <xs:element name="data-source" type="data-source" minOccurs="0" />
545	      <xs:element name="data-origin" type="data-origin" minOccurs="0" />
546	      <xs:element name="relationship" type="relationship" minOccurs="0" maxOccurs="unbounded"/>
547	      <xs:element name="yang-output-metadata" type="yang-output-metadata" minOccurs="0"/>
548	    </xs:sequence>
549	  </xs:complexType>

551	  <xs:complexType name="content-element">
552	    <xs:sequence>
553	      <xs:element name="content-metadata" type="content-metadata" maxOccurs="unbounded"/>
554	      <xs:choice maxOccurs="unbounded">
555	        <xs:element name="yang-output" type="yang-output" />
556	        <xs:element name="flow" type="flow-record" />
557	        <xs:element name="posture" type="xs:string" />
558	        <xs:element name="user" type="user" />
559	        <xs:element name="session" type="session" />
560	        <xs:element name="ethernet-interface" type="ethernet-interface" />
561	        <xs:element name="target-endpoint" type="target-endpoint" />
562	        <xs:element name="port" type="port" />
563	        <xs:element name="posture-assessment" type="posture-assessment" />
564	      </xs:choice>
565	    </xs:sequence>
566	  </xs:complexType>

568	  <xs:complexType name="posture-assessment"></xs:complexType>

570	  <xs:complexType name="target-endpoint">
571	    <xs:sequence>
572	      <xs:element name="host-name" type="host-name" />
573	      <xs:element name="te-label" type="te-label" />
574	      <xs:element name="administrative-domain" type="administrative-domain" minOccurs="0" />
575	      <xs:element name="application-instance" type="application-instance" minOccurs="0" maxOccurs="unbounded" />
576	      <xs:element name="ethernet-interface" type="ethernet-interface" minOccurs="0" maxOccurs="unbounded" />
577	      <xs:element name="address-association" type="address-association" minOccurs="0" maxOccurs="unbounded" />
578	      <xs:element name="data-source" type="data-source" minOccurs="0" />
579	      <xs:element name="operating-system" type="operating-system" minOccurs="0" />
580	    </xs:sequence>
581	  </xs:complexType>

583	  <xs:simpleType name="te-label">
584	    <xs:restriction base="xs:string" />
585	  </xs:simpleType>

587	  <xs:complexType name="application-instance">
588	    <xs:sequence>
589	      <xs:element name="application-label" type="application-label" />
590	      <xs:element name="target-endpoint" type="target-endpoint" />
591	    </xs:sequence>

593	  </xs:complexType>

595	  <xs:simpleType name="attribute-name">
596	    <xs:restriction base="xs:string" />
597	  </xs:simpleType>

599	  <xs:simpleType name="attribute-value">
600	    <xs:restriction base="xs:string" />
601	  </xs:simpleType>

603	  <xs:complexType name="attribute-value-pair">
604	    <xs:sequence>
605	      <xs:element name="attribute-name" type="attribute-name" />
606	      <xs:element name="attribute-value" type="attribute-value" />
607	    </xs:sequence>
608	  </xs:complexType>

610	  <xs:simpleType name="application-label">
611	    <xs:restriction base="xs:string" />
612	  </xs:simpleType>

614	  <xs:simpleType name="application-name">
615	    <xs:restriction base="xs:string" />
616	  </xs:simpleType>

618	  <xs:simpleType name="application-version">
619	    <xs:restriction base="xs:string" />
620	  </xs:simpleType>

622	  <xs:simpleType name="application-manufacturer">
623	    <xs:restriction base="xs:string" />
624	  </xs:simpleType>

626	  <!--     TODO: is it possible to declare this as an enumeration or is that unrealistic? -->
627	  <xs:simpleType name="application-type">
628	    <xs:restriction base="xs:string" />
629	  </xs:simpleType>

631	  <xs:simpleType name="application-component">
632	    <xs:restriction base="xs:string" />
633	  </xs:simpleType>

635	  <xs:complexType name="application">
636	    <xs:sequence>
637	      <xs:element name="application-label" type="application-label" minOccurs="0" />
638	      <xs:element name="application-name" type="application-name" />
639	      <xs:element name="application-type" type="application-type" minOccurs="0" maxOccurs="unbounded" />
640	      <xs:element name="application-component" type="application-component" minOccurs="0" maxOccurs="unbounded" />
641	      <xs:element name="application-manufacturer" type="application-manufacturer" minOccurs="0" />
642	      <xs:element name="application-version" type="application-version" minOccurs="0" />
643	    </xs:sequence>
644	  </xs:complexType>

646	  <xs:complexType name="address-association">
647	    <xs:sequence>
648	      <xs:element name="address" type="address" />
649	      <xs:element name="address-association-type" type="address-association-type" />
650	    </xs:sequence>
651	  </xs:complexType>

653	  <xs:complexType name="address">
654	    <xs:sequence>
655	      <xs:element name="address-mask-value" type="address-mask-value" />
656	      <xs:element name="address-type" type="address-type" />
657	      <xs:element name="address-value" type="address-value" />
658	    </xs:sequence>
659	  </xs:complexType>

661	  <xs:simpleType name="address-type">
662	    <xs:restriction base="xs:string">
663	      <xs:enumeration value="Ethernet" />
664	      <xs:enumeration value="ZigBee" />
665	      <xs:enumeration value="ModBus" />
666	    </xs:restriction>
667	  </xs:simpleType>

669	  <xs:simpleType name="session-state-type">
670	    <xs:restriction base="xs:string">
671	      <xs:enumeration value="Authenticating"></xs:enumeration>
672	      <xs:enumeration value="Authenticated"></xs:enumeration>
673	      <xs:enumeration value="Postured"></xs:enumeration>
674	      <xs:enumeration value="Started"></xs:enumeration>
675	      <xs:enumeration value="Disconnected"></xs:enumeration>
676	    </xs:restriction>
677	  </xs:simpleType>

679	  <xs:complexType name="session">
680	    <xs:sequence>
681	      <xs:element name="session-state-type" type="session-state-type" />
682	      <!-- TODO: add additional elements for Session Type -->
683	    </xs:sequence>
684	  </xs:complexType>

686	  <xs:simpleType name="user-id">
687	    <xs:restriction base="xs:string" />
688	  </xs:simpleType>

690	  <xs:simpleType name="username">
691	    <xs:restriction base="xs:string" />
692	  </xs:simpleType>

694	  <xs:simpleType name="user-directory">
695	    <xs:restriction base="xs:string" />
696	  </xs:simpleType>

698	  <xs:complexType name="user">
699	    <xs:sequence>
700	      <xs:element name="user-id" type="user-id" />
701	      <xs:element name="username" type="username" minOccurs="0" />
702	      <xs:element name="data-source" type="data-source" minOccurs="0" />
703	      <xs:element name="user-directory" type="user-directory" minOccurs="0" />
704	    </xs:sequence>
705	  </xs:complexType>

707	  <xs:complexType name="ethernet-interface">
708	    <xs:sequence>
709	      <xs:element name="interface-label" type="interface-label" />
710	      <xs:element name="network-interface-name" type="network-interface-name" minOccurs="0"/>
711	      <xs:element name="mac-address" type="mac-address" />
712	      <xs:element name="network-name" type="network-name" minOccurs="0"/>
713	      <xs:element name="network-id" type="network-id" minOccurs="0"/>
714	      <xs:element name="layer2-interface-type" type="layer2-interface-type" minOccurs="0"/>
715	      <xs:element name="sub-interface-label" type="sub-interface-label" minOccurs="0" maxOccurs="unbounded"/>
716	      <xs:element name="super-interface-label" type="super-interface-label" minOccurs="0" maxOccurs="unbounded"/>
717	    </xs:sequence>
718	  </xs:complexType>

720	  <xs:simpleType name="event-type">
721	    <xs:restriction base="xs:string" />
722	  </xs:simpleType>

724	  <xs:simpleType name="event-threshold">
725	    <xs:restriction base="xs:integer" />
726	  </xs:simpleType>

728	  <xs:simpleType name="event-threshold-name">
729	    <xs:restriction base="xs:string" />
730	  </xs:simpleType>

732	  <xs:simpleType name="event-trigger">
733	    <xs:restriction base="xs:string" />
734	  </xs:simpleType>
735	  <xs:simpleType name="timestamp-type">
736	    <xs:restriction base="xs:string">
737	      <xs:enumeration value="discovered" />
738	      <xs:enumeration value="classified" />
739	      <xs:enumeration value="collected" />
740	      <xs:enumeration value="published" />
741	    </xs:restriction>
742	  </xs:simpleType>

744	  <xs:complexType name="typed-timestamp">
745	    <xs:sequence>
746	      <xs:element name="decimal-fraction-denominator" type="decimal-fraction-denominator"/>
747	      <xs:element name="decimal-fraction-numerator" type="decimal-fraction-numerator"/>
748	      <xs:element name="timestamp-type" type="timestamp-type" />
749	    </xs:sequence>
750	  </xs:complexType>

752	  <xs:complexType name="event">
753	    <xs:sequence>
754	      <xs:element name="event-type" type="event-type" minOccurs="0" />
755	      <xs:element name="event-threshold" type="event-threshold" minOccurs="0" />
756	      <xs:element name="event-threshold-name" type="event-threshold-name" minOccurs="0" />
757	      <xs:element name="event-trigger" type="event-trigger" minOccurs="0" />
758	      <xs:element name="typed-timestamp" type="typed-timestamp" />
759	      <xs:element name="content" type="xs:anySimpleType" />
760	    </xs:sequence>
761	  </xs:complexType>

763	  <xs:simpleType name="os-label">
764	    <xs:restriction base="xs:string" />
765	  </xs:simpleType>

767	  <xs:simpleType name="os-name">
768	    <xs:restriction base="xs:string" />
769	  </xs:simpleType>

771	  <xs:simpleType name="os-type">
772	    <xs:restriction base="xs:string">
773	      <xs:enumeration value="real-time" />
774	      <xs:enumeration value="consumer" />
775	      <xs:enumeration value="server" />
776	      <xs:enumeration value="security-enhanced" />
777	    </xs:restriction>
778	  </xs:simpleType>

780	  <xs:simpleType name="os-component">
781	    <xs:restriction base="xs:string" />
782	  </xs:simpleType>
783	  <xs:simpleType name="os-manufacturer">
784	    <xs:restriction base="xs:string" />
785	  </xs:simpleType>

787	  <xs:simpleType name="os-version">
788	    <xs:restriction base="xs:string" />
789	  </xs:simpleType>

791	  <xs:complexType name="operating-system">
792	    <xs:sequence>
793	      <xs:element name="os-label" type="os-label" minOccurs="0" />
794	      <xs:element name="os-name" type="os-name" />
795	      <xs:element name="os-type" type="os-type" minOccurs="0" maxOccurs="unbounded" />
796	      <xs:element name="os-component" type="os-component" minOccurs="0" maxOccurs="unbounded"/>
797	      <xs:element name="os-manufacturer" type="os-manufacturer" minOccurs="0" />
798	      <xs:element name="os-version" type="os-version" minOccurs="0" />
799	    </xs:sequence>
800	  </xs:complexType>

802	  <xs:simpleType name="sub-interface-label">
803	    <xs:restriction base="xs:string" />
804	  </xs:simpleType>

806	  <xs:simpleType name="super-interface-label">
807	    <xs:restriction base="xs:string" />
808	  </xs:simpleType>

810	  <xs:simpleType name="address-association-type">
811	    <xs:restriction base="xs:string">
812	      <xs:enumeration value="broadcast-domain-member-list" />
813	      <xs:enumeration value="ip-subnet-member-list" />
814	      <xs:enumeration value="ip-mac" />
815	      <xs:enumeration value="shared-backhaul-interface" />
816	    </xs:restriction>
817	  </xs:simpleType>

819	  <xs:simpleType name="address-mask-value">
820	    <xs:restriction base="xs:string" />
821	  </xs:simpleType>
822	  <xs:simpleType name="address-value">
823	    <xs:restriction base="xs:string" />
824	  </xs:simpleType>

826	  <xs:simpleType name="interface-label">
827	    <xs:restriction base="xs:string" />
828	  </xs:simpleType>

830	  <xs:simpleType name="network-name">
831	    <xs:restriction base="xs:string" />
832	  </xs:simpleType>

834	  <xs:simpleType name="network-id">
835	    <xs:restriction base="xs:string" />
836	  </xs:simpleType>

838	  <xs:simpleType name="network-interface-name">
839	    <xs:restriction base="xs:string" />
840	  </xs:simpleType>

842	  <xs:simpleType name="layer2-interface-type">
843	    <xs:restriction base="xs:string">
844	      <xs:enumeration value="fastEther" />
845	      <xs:enumeration value="fastEtherFX" />
846	      <xs:enumeration value="gigabitEthernet" />
847	    </xs:restriction>
848	  </xs:simpleType>

850	  <xs:simpleType name="ipv6-address-subnet-mask-cidrnot">
851	    <xs:restriction base="xs:string">
852	    </xs:restriction>
853	  </xs:simpleType>
854	  <xs:simpleType name="ipv6-address-value">
855	    <xs:restriction base="xs:string">
856	    </xs:restriction>
857	  </xs:simpleType>

859	  <xs:simpleType name="ipv4-address-subnet-mask-cidrnot">
860	    <xs:restriction base="xs:string">
861	    </xs:restriction>
862	  </xs:simpleType>
863	  <xs:simpleType name="ipv4-address-subnet-mask">
864	    <xs:restriction base="xs:string">
865	    </xs:restriction>
866	  </xs:simpleType>
867	  <xs:simpleType name="ipv4-address-value">
868	    <xs:restriction base="xs:string">
869	    </xs:restriction>
870	  </xs:simpleType>

872	  <xs:complexType name="network-address">
873	    <xs:choice>
874	      <xs:element name="ipv4-address" type="ipv4-address" />
875	      <xs:element name="ipv6-address" type="ipv6-address" />
876	      <xs:element name="mac-address" type="mac-address" />
877	    </xs:choice>
878	  </xs:complexType>
879	  <xs:complexType name="endpoint-identifier">
880	    <xs:choice>
881	      <xs:element name="certificate" type="certificate" />
882	      <xs:element name="firmware-id" type="firmware-id" />
883	      <xs:element name="hardware-serial-number" type="hardware-serial-number" />
884	      <xs:element name="host-name" type="host-name" />
885	      <xs:element name="ipv4-address-value" type="ipv4-address-value" />
886	      <xs:element name="ipv6-address-value" type="ipv6-address-value" />
887	      <xs:element name="mac-address" type="mac-address" />
888	      <xs:element name="public-key" type="public-key" />
889	      <xs:element name="username" type="username" />
890	    </xs:choice>
891	  </xs:complexType>

893	  <xs:complexType name="ipv4-address">
894	    <xs:sequence>
895	      <xs:element name="ipv4-address-value" type="ipv4-address-value" />
896	      <xs:element name="ipv4-address-subnet-mask-cidrnot" type="ipv4-address-subnet-mask-cidrnot"/>
897	      <xs:element name="ipv4-address-subnet-mask" type="ipv4-address-subnet-mask"/>
898	    </xs:sequence>
899	  </xs:complexType>

901	  <xs:complexType name="ipv6-address">
902	    <xs:sequence>
903	      <xs:element name="ipv6-address-value" type="ipv6-address-value" />
904	      <xs:element name="ipv6-address-subnet-mask-cidrnot" type="ipv6-address-subnet-mask-cidrnot"/>
905	    </xs:sequence>
906	  </xs:complexType>

908	  <xs:simpleType name="mac-address">
909	    <xs:restriction base="xs:string" />
910	  </xs:simpleType>

912	  <xs:simpleType name="layer4-port-address">
913	    <xs:restriction base="xs:string" />
914	  </xs:simpleType>

916	  <xs:simpleType name="protocol">
917	    <xs:restriction base="xs:string" />
918	  </xs:simpleType>

920	  <xs:simpleType name="layer4-protocol">
921	    <xs:restriction base="xs:string" />
922	  </xs:simpleType>

924	  <xs:simpleType name="bytes-received">
925	    <xs:restriction base="xs:integer" />
926	  </xs:simpleType>
927	  <xs:simpleType name="bytes-sent">
928	    <xs:restriction base="xs:integer" />
929	  </xs:simpleType>

931	  <xs:simpleType name="units-received">
932	    <xs:restriction base="xs:integer" />
933	  </xs:simpleType>

935	  <xs:simpleType name="units-sent">
936	    <xs:restriction base="xs:integer" />
937	  </xs:simpleType>

939	  <xs:complexType name="flow-statistics">
940	    <xs:sequence>
941	      <xs:element name="bytes-received" type="bytes-received" />
942	      <xs:element name="bytes-sent" type="bytes-sent" />
943	      <xs:element name="units-received" type="units-received" />
944	      <xs:element name="units-sent" type="units-sent" />
945	    </xs:sequence>
946	  </xs:complexType>

948	  <xs:complexType name="person">
949	    <xs:sequence>
950	      <xs:element name="person-first-name" type="person-first-name" />
951	      <xs:element name="person-last-name" type="person-last-name" />
952	      <xs:element name="person-middle-name" type="person-middle-name" minOccurs="0" maxOccurs="unbounded" />
953	      <xs:element name="phone-contact" type="phone-contact" minOccurs="0" maxOccurs="unbounded" />
954	      <xs:element name="email-address" type="email-address" minOccurs="0" maxOccurs="unbounded" />
955	    </xs:sequence>
956	  </xs:complexType>

958	  <xs:simpleType name="person-first-name">
959	    <xs:restriction base="xs:string" />
960	  </xs:simpleType>

962	  <xs:simpleType name="person-last-name">
963	    <xs:restriction base="xs:string" />
964	  </xs:simpleType>

966	  <xs:simpleType name="person-middle-name">
967	    <xs:restriction base="xs:string" />
968	  </xs:simpleType>

970	  <xs:simpleType name="email-address">
971	    <xs:restriction base="xs:string" />
972	  </xs:simpleType>

974	  <xs:complexType name="phone-contact">
975	    <xs:sequence>
976	      <xs:element name="phone-number" type="phone-number" />
977	      <xs:element name="phone-number-type" type="phone-number-type" minOccurs="0" />
978	    </xs:sequence>
979	  </xs:complexType>

981	  <xs:simpleType name="phone-number">
982	    <xs:restriction base="xs:string" />
983	  </xs:simpleType>

985	  <xs:simpleType name="phone-number-type">
986	    <xs:restriction base="xs:string">
987	      <xs:enumeration value="DSN" />
988	      <xs:enumeration value="Fax" />
989	      <xs:enumeration value="Home" />
990	      <xs:enumeration value="Mobile" />
991	      <xs:enumeration value="Pager" />
992	      <xs:enumeration value="Secure" />
993	      <xs:enumeration value="Unsecure" />
994	      <xs:enumeration value="Work" />
995	      <xs:enumeration value="Other" />
996	    </xs:restriction>
997	  </xs:simpleType>

999	  <xs:complexType name="privilege">
1000	    <xs:sequence>
1001	      <xs:element name="privilege-name" type="privilege-name" />
1002	      <xs:element name="privilege-value" type="privilege-value" />
1003	    </xs:sequence>
1004	  </xs:complexType>

1006	  <xs:simpleType name="privilege-name">
1007	    <xs:restriction base="xs:string" />
1008	  </xs:simpleType>

1010	  <xs:simpleType name="privilege-value">
1011	    <xs:restriction base="xs:string" />
1012	  </xs:simpleType>

1014	  <xs:complexType name="location">
1015	    <xs:sequence>
1016	      <xs:element name="WGS84-longitude" type="WGS84-longitude" />
1017	      <xs:element name="WGS84-latitude" type="WGS84-latitude" />
1018	      <xs:element name="WGS84-altitude" type="WGS84-altitude" />
1019	    </xs:sequence>
1020	  </xs:complexType>

1022	  <xs:simpleType name="WGS84-longitude">
1023	    <xs:restriction base="xs:string" />
1024	  </xs:simpleType>

1026	  <xs:simpleType name="WGS84-latitude">
1027	    <xs:restriction base="xs:string" />
1028	  </xs:simpleType>

1030	  <xs:simpleType name="WGS84-altitude">
1031	    <xs:restriction base="xs:string" />
1032	  </xs:simpleType>

1034	  <xs:simpleType name="organization-id">
1035	    <xs:restriction base="xs:string" />
1036	  </xs:simpleType>

1038	  <xs:simpleType name="organization-name">
1039	    <xs:restriction base="xs:string" />
1040	  </xs:simpleType>

1042	  <xs:complexType name="organization">
1043	    <xs:sequence>
1044	      <xs:element name="organization-id" type="organization-id" />
1045	      <xs:element name="organization-name" type="organization-name" />
1046	      <xs:element name="location" type="location" minOccurs="0" />
1047	    </xs:sequence>
1048	  </xs:complexType>

1050	  <xs:complexType name="data-source">
1051	    <xs:sequence>
1052	      <xs:element name="data-source-label" type="data-source-label" minOccurs="0" />
1053	      <xs:element name="endpoint-identifier" type="endpoint-identifier" minOccurs="0" maxOccurs="unbounded" />
1054	    </xs:sequence>
1055	  </xs:complexType>

1057	  <xs:complexType name="administrative-domain">
1058	    <xs:sequence>
1059	      <xs:element name="administrative-domain-label" type="administrative-domain-label" />
1060	      <xs:element name="sub-administrative-domain" type="sub-administrative-domain" minOccurs="0" maxOccurs="unbounded" />
1061	      <xs:element name="super-administrative-domain" type="super-administrative-domain" minOccurs="0" />
1062	      <xs:element name="location" type="location" minOccurs="0" />
1063	    </xs:sequence>
1064	  </xs:complexType>

1066	  <xs:simpleType name="access-privilege-type">
1067	    <xs:restriction base="xs:string">
1068	      <xs:enumeration value="read" />
1069	      <xs:enumeration value="write" />
1070	      <xs:enumeration value="none" />

1072	    </xs:restriction>
1073	  </xs:simpleType>

1075	  <xs:simpleType name="account-name">
1076	    <xs:restriction base="xs:string" />
1077	  </xs:simpleType>

1079	  <xs:simpleType name="authenticator">
1080	    <xs:restriction base="xs:string" />
1081	  </xs:simpleType>

1083	  <xs:simpleType name="authentication-type">
1084	    <xs:restriction base="xs:string">
1085	      <!-- To be done -->
1086	    </xs:restriction>
1087	  </xs:simpleType>

1089	  <xs:simpleType name="birthdate">
1090	    <xs:restriction base="xs:date" />
1091	  </xs:simpleType>

1093	  <xs:simpleType name="certificate">
1094	    <xs:restriction base="xs:string" />
1095	  </xs:simpleType>

1097	  <xs:simpleType name="collection-task-type">
1098	    <xs:restriction base="xs:string">
1099	      <xs:enumeration value="network-observation" />
1100	      <xs:enumeration value="remote-acquisition" />
1101	      <xs:enumeration value="self-reported" />
1102	    </xs:restriction>
1103	  </xs:simpleType>

1105	  <xs:simpleType name="confidence">
1106	    <xs:restriction base="xs:float">
1107	      <xs:minInclusive value="0" />
1108	      <xs:maxInclusive value="1" />
1109	    </xs:restriction>
1110	  </xs:simpleType>

1112	  <xs:simpleType name="content-action">
1113	    <xs:restriction base="xs:string">
1114	      <xs:enumeration value="add" />
1115	      <xs:enumeration value="delete" />
1116	      <xs:enumeration value="update" />
1117	    </xs:restriction>
1118	  </xs:simpleType>
1119	  <xs:simpleType name="country-code">
1120	    <xs:restriction base="xs:string" />
1121	  </xs:simpleType>

1123	  <xs:simpleType name="default-depth">
1124	    <xs:restriction base="xs:integer" />
1125	  </xs:simpleType>

1127	  <xs:simpleType name="discoverer">
1128	    <xs:restriction base="xs:string" />
1129	  </xs:simpleType>

1131	  <xs:simpleType name="firmware-id">
1132	    <xs:restriction base="xs:string" />
1133	  </xs:simpleType>

1135	  <xs:simpleType name="hardware-serial-number">
1136	    <xs:restriction base="xs:string" />
1137	  </xs:simpleType>

1139	  <xs:simpleType name="location-name">
1140	    <xs:restriction base="xs:string" />
1141	  </xs:simpleType>

1143	  <xs:simpleType name="method-label">
1144	    <xs:restriction base="xs:string" />
1145	  </xs:simpleType>

1147	  <xs:simpleType name="method-repository">
1148	    <xs:restriction base="xs:string" />
1149	  </xs:simpleType>

1151	  <xs:simpleType name="network-access-level-type">
1152	    <xs:restriction base="xs:string">
1153	      <xs:enumeration value="block" />
1154	      <xs:enumeration value="quarantine" />
1155	    </xs:restriction>
1156	  </xs:simpleType>

1158	  <xs:simpleType name="patch-id">
1159	    <xs:restriction base="xs:string" />
1160	  </xs:simpleType>

1162	  <xs:simpleType name="patch-name">
1163	    <xs:restriction base="xs:string" />
1164	  </xs:simpleType>

1166	  <!-- FIXME: is this type appropriate? -->
1167	  <xs:simpleType name="public-key">
1168	    <xs:restriction base="xs:string" />
1169	  </xs:simpleType>

1171	  <xs:simpleType name="role-name">
1172	    <xs:restriction base="xs:string" />
1173	  </xs:simpleType>

1175	  <xs:simpleType name="status">
1176	    <xs:restriction base="xs:string">
1177	      <xs:enumeration value="true" />
1178	      <xs:enumeration value="false" />
1179	      <xs:enumeration value="error" />
1180	      <xs:enumeration value="unknown" />
1181	      <xs:enumeration value="not applicable" />
1182	      <xs:enumeration value="not evaluated" />
1183	    </xs:restriction>
1184	  </xs:simpleType>

1186	  <xs:simpleType name="te-assessment-state">
1187	    <xs:restriction base="xs:string">
1188	      <xs:enumeration value="in-discovery" />
1189	      <xs:enumeration value="discovered" />
1190	      <xs:enumeration value="in-classification" />
1191	      <xs:enumeration value="classified" />
1192	      <xs:enumeration value="in-assessment" />
1193	      <xs:enumeration value="assessed" />
1194	    </xs:restriction>
1195	  </xs:simpleType>

1197	  <xs:simpleType name="timestamp">
1198	    <xs:restriction base="xs:dateTime" />
1199	  </xs:simpleType>

1201	  <xs:simpleType name="web-site">
1202	    <xs:restriction base="xs:string" />
1203	  </xs:simpleType>

1205	  <xs:simpleType name="port-id">
1206	    <xs:restriction base="xs:string" />
1207	  </xs:simpleType>

1209	  <xs:simpleType name="atm-type">
1210	    <xs:restriction base="xs:string">
1211	      <xs:enumeration value="lowSpeed" />
1212	      <xs:enumeration value="highSpeed" />
1213	    </xs:restriction>
1214	  </xs:simpleType>
1215	  <xs:simpleType name="enet-type">
1216	    <xs:restriction base="xs:string">
1217	      <xs:enumeration value="enet" />
1218	      <xs:enumeration value="1genet" />
1219	      <xs:enumeration value="10genet" />
1220	      <xs:enumeration value="100genet" />
1221	    </xs:restriction>
1222	  </xs:simpleType>

1224	  <xs:simpleType name="wifi-type">
1225	    <xs:restriction base="xs:string">
1226	      <xs:enumeration value="11n" />
1227	      <xs:enumeration value="11a" />
1228	      <xs:enumeration value="11gb" />
1229	    </xs:restriction>
1230	  </xs:simpleType>

1232	  <xs:simpleType name="virtual-type">
1233	    <xs:restriction base="xs:string">
1234	      <xs:enumeration value="virtual-1g" />
1235	    </xs:restriction>
1236	  </xs:simpleType>

1238	  <xs:complexType name="port">
1239	    <xs:sequence>
1240	      <xs:element name="port-id" type="port-id"/>
1241	      <xs:element name="atm-type" type="atm-type" maxOccurs="1" minOccurs="0" />
1242	      <xs:element name="enet-type" type="enet-type" maxOccurs="1" minOccurs="0" />
1243	      <xs:element name="wifi-type" type="wifi-type" maxOccurs="1" minOccurs="0" />
1244	      <xs:element name="virtual-type" type="virtual-type" maxOccurs="1" minOccurs="0" />
1245	    </xs:sequence>
1246	  </xs:complexType>

1248	  <xs:complexType name="user-account">
1249	    <xs:sequence>
1250	      <xs:element name="user" type="user"/>
1251	    </xs:sequence>
1252	  </xs:complexType>
1253	</xs:schema>
1254	<CODE ENDS>

1256	Authors' Addresses
1257	   Henk Birkholz
1258	   Fraunhofer SIT
1259	   Rheinstrasse 75
1260	   Darmstadt  64295
1261	   Germany

1263	   Email: henk.birkholz@sit.fraunhofer.de

1265	   Nancy Cam-Winget
1266	   Cisco Systems
1267	   3550 Cisco Way
1268	   San Jose, CA  95134
1269	   USA

1271	   Email: ncamwing@cisco.com