The wst:RequestSecurityTokenType complex type contains the elements for the security token request in the RequestSecurityTokenMsg message. It is the client-provided object for a certificate enrollment request. wst:RequestSecurityTokenType is defined in the WS-Trust [WSTrust1.3] XML schema definition (XSD).

 <xs:complexType name="RequestSecurityTokenType">
       Actual content model is non-deterministic, hence wildcard. The following shows intended content model:
       <xs:element ref='wst:TokenType' minOccurs='0' /> 
       <xs:element ref='wst:RequestType' /> 
       <xs:element ref='wsp:AppliesTo' minOccurs='0' /> 
       <xs:element ref='wst:Claims' minOccurs='0' />
       <xs:element ref='wst:Entropy' minOccurs='0' />
       <xs:element ref='wst:Lifetime' minOccurs='0' />
       <xs:element ref='wst:AllowPostdating' minOccurs='0' /> 
       <xs:element ref='wst:Renewing' minOccurs='0' />
       <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> 
       <xs:element ref='wst:Issuer' minOccurs='0' /> 
       <xs:element ref='wst:AuthenticationType' minOccurs='0' />
       <xs:element ref='wst:KeyType' minOccurs='0' />
       <xs:element ref='wst:KeySize' minOccurs='0' /> 
       <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' />
       <xs:element ref='wst:Encryption' minOccurs='0' /> 
       <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> 
       <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' />
       <xs:element ref='wst:ProofEncryption' minOccurs='0' /> 
       <xs:element ref='wst:UseKey' minOccurs='0' />
       <xs:element ref='wst:SignWith' minOccurs='0' /> 
       <xs:element ref='wst:EncryptWith' minOccurs='0' />
       <xs:element ref='wst:DelegateTo' minOccurs='0' />
       <xs:element ref='wst:Forwardable' minOccurs='0' />
       <xs:element ref='wst:Delegatable' minOccurs='0' /> 
       <xs:element ref='wsp:Policy' minOccurs='0' />
       <xs:element ref='wsp:PolicyReference' minOccurs='0' />
       <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
     <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" />
   <xs:attribute name="Context" type="xs:anyURI" use="optional" />
   <xs:anyAttribute namespace="##other" processContents="lax" />

WSTEP extends <wst:RequestSecurityTokenType> with the following elements:

 <xs:element ref="wsse:BinarySecurityToken" minOccurs="0" 
 maxOccurs="1" />
 <xs:element ref="auth:AdditionalContext" minOccurs="0" 
 maxOccurs="1" />
 <xs:element ref="wst:RequestKET" minOccurs="0" maxOccurs="1" />
 <xs:element ref="wstep:RequestID" minOccurs="0" maxOccurs="1" />

Only the elements specified below are used in WSTEP. Any element received that is not specified below SHOULD be ignored.

wst:TokenType: Refers to the wst:TokenType definition in section

wst:RequestType: Refers to the wst:RequestType definition in section The wst:RequestType is used to identify the type of the security token request.

wst:RequestKET: Used when requesting a key exchange token as defined in [WSTrust1.3] section 8.4.

wsse:BinarySecurityToken: Provides the DER ASN.1 representation of the certificate request. The type of token is defined by the wst:TokenType element. For the X.509v3 enrollment extension the wst:TokenType MUST be specified as in section The certificate request follows the formatting from [MS-WCCE] section The EncodingType attribute of the wsse:BinarySecurityToken element MUST be set to base64Binary.

auth:AdditionalContext: The auth:AdditionalContext element is used to provide extra information in a wst:RequestSecurityToken message. It is an optional element, and SHOULD be omitted if there is no extra information to be passed.

wstep:RequestID: An instance of wstep:RequestID as specified in section