Actual content model is non-deterministic, hence wildcard. The following shows intended content model: <xs:element ref='wst:TokenType' minOccurs='0' /> <xs:element ref='wst:RequestType' /> <xs:element ref='wsp:AppliesTo' minOccurs='0' /> <xs:element ref='wst:Claims' minOccurs='0' /> <xs:element ref='wst:Entropy' minOccurs='0' /> <xs:element ref='wst:Lifetime' minOccurs='0' /> <xs:element ref='wst:AllowPostdating' minOccurs='0' /> <xs:element ref='wst:Renewing' minOccurs='0' /> <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> <xs:element ref='wst:Issuer' minOccurs='0' /> <xs:element ref='wst:AuthenticationType' minOccurs='0' /> <xs:element ref='wst:KeyType' minOccurs='0' /> <xs:element ref='wst:KeySize' minOccurs='0' /> <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> <xs:element ref='wst:Encryption' minOccurs='0' /> <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> <xs:element ref='wst:ProofEncryption' minOccurs='0' /> <xs:element ref='wst:UseKey' minOccurs='0' /> <xs:element ref='wst:SignWith' minOccurs='0' /> <xs:element ref='wst:EncryptWith' minOccurs='0' /> <xs:element ref='wst:DelegateTo' minOccurs='0' /> <xs:element ref='wst:Forwardable' minOccurs='0' /> <xs:element ref='wst:Delegatable' minOccurs='0' /> <xs:element ref='wsp:Policy' minOccurs='0' /> <xs:element ref='wsp:PolicyReference' minOccurs='0' /> <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> Actual content model is non-deterministic, hence wildcard. The following shows intended content model: <xs:element ref='wst:TokenType' minOccurs='0' /> <xs:element ref='wst:RequestType' /> <xs:element ref='wst:RequestedSecurityToken' minOccurs='0' /> <xs:element ref='wsp:AppliesTo' minOccurs='0' /> <xs:element ref='wst:RequestedAttachedReference' minOccurs='0' /> <xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' /> <xs:element ref='wst:RequestedProofToken' minOccurs='0' /> <xs:element ref='wst:Entropy' minOccurs='0' /> <xs:element ref='wst:Lifetime' minOccurs='0' /> <xs:element ref='wst:Status' minOccurs='0' /> <xs:element ref='wst:AllowPostdating' minOccurs='0' /> <xs:element ref='wst:Renewing' minOccurs='0' /> <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> <xs:element ref='wst:Issuer' minOccurs='0' /> <xs:element ref='wst:AuthenticationType' minOccurs='0' /> <xs:element ref='wst:Authenticator' minOccurs='0' /> <xs:element ref='wst:KeyType' minOccurs='0' /> <xs:element ref='wst:KeySize' minOccurs='0' /> <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> <xs:element ref='wst:Encryption' minOccurs='0' /> <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> <xs:element ref='wst:ProofEncryption' minOccurs='0' /> <xs:element ref='wst:UseKey' minOccurs='0' /> <xs:element ref='wst:SignWith' minOccurs='0' /> <xs:element ref='wst:EncryptWith' minOccurs='0' /> <xs:element ref='wst:DelegateTo' minOccurs='0' /> <xs:element ref='wst:Forwardable' minOccurs='0' /> <xs:element ref='wst:Delegatable' minOccurs='0' /> <xs:element ref='wsp:Policy' minOccurs='0' /> <xs:element ref='wsp:PolicyReference' minOccurs='0' /> <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> The RequestSecurityTokenCollection (RSTC) element is used to provide multiple RST requests. One or more RSTR elements in an RSTRC element are returned in the response to the RequestSecurityTokenCollection. The <wst:RequestSecurityTokenResponseCollection> element (RSTRC) MUST be used to return a security token or response to a security token request on the final response.