<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
	   xmlns="http://schemas.openid.net/pape/policies/2007/06/phishing-resistant-hardware"
	   targetNamespace="http://schemas.openid.net/pape/policies/2007/06/phishing-resistant-hardware"
	   finalDefault="extension"
	   blockDefault="substitution"
	   version="2.0">
  <xs:redefine
      schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-authn-context-types-2.0.xsd">
    <xs:annotation>
      <xs:documentation>
	Class identifier: http://schemas.openid.net/pape/policies/2007/06/phishing-resistant-hardware
	Phishing-Resistant Hardware-Protected.
	An authentication mechanism meeting the requirements for
	phishing-resistant authentication in which additionally
	information needed to be able to successfully authenticate to the End
	User's OpenID Provider as if that party were the End User
	is held in a hardware-protected device or component.
      </xs:documentation>
    </xs:annotation>
    <xs:complexType name="AuthnContextDeclarationBaseType">
      <xs:complexContent>
	<xs:restriction base="AuthnContextDeclarationBaseType">
	  <xs:sequence>
	    <xs:element ref="GoverningAgreements"/>
	  </xs:sequence>
	  <xs:attribute name="ID" type="xs:ID" use="optional"/>
	</xs:restriction>
      </xs:complexContent>
    </xs:complexType>
    <xs:complexType name="GoverningAgreementRefType">
      <xs:complexContent>
	<xs:restriction base="GoverningAgreementRefType">
	  <xs:attribute name="governingAgreementRef"
			type="xs:anyURI"
			fixed="http://schemas.openid.net/pape/policies/2007/06/phishing-resistant-hardware"
			use="required"/>
	</xs:restriction>
      </xs:complexContent>
    </xs:complexType>
  </xs:redefine>
</xs:schema>