/* 
   This is the schema for the BrainML XML login and response format.
   All repositories require login for data submission.  Some in addition
   require it for data access.

   The login sends a username and password in plain-text; the response sends
   an opaque authorization key that may be used for the duration of a session.
   Additional security can be provided by running the login protocol over a
   transport layer, such as SSL, that provides for encryption.
 */
targetNamespace "urn:bml/brainml.org:internal/Protocols/5"
namespace "urn:bml/brainml.org:internal/Protocols/5"

/* Login request, to be sent by client. */
element login { login-type }
complexType login-type {
    
    /* User ID (account name) of the submitter. */
    required attribute userID { xs:token }
    
    /*  Password of the submitter.  Plain-text.  (Additional security should be
      provided by the transport layer, e.g. SSL.) */
    required attribute password { xs:token }
    
    /*  If set to true, server will return user contact information if
      authentication info is valid.  The default is false. */
    attribute returnUserInfo { xs:boolean }
}

/*  Server response to login.  The authKey attribute will be set to "ERROR" if
   login was unsuccessful.  Optionally, if the server desires to provide the
   information, either "ERROR-USER", "ERROR-PASSWORD", or "ERROR-EXPIRED" may
   be sent.  (Providing such clarifying information is sometimes considered a
   security flaw.)  The login response may also contain arbitrary,
   application-specific element content. */
element login_response { login_response-type }
complexType login_response-type {
    ( { any }, )?
    
    /* 
      Authorization code.  This is an opaque value that should be passed back
      to the server, together with userID, for subsequent operations.
 */
    attribute authKey { xs:token }
}