For [MSNP8](../versions/msnp8.md) to [MSNP11](../versions/msnp11.md), read the [Passport 1.4](passport14.md) article.
For [MSNP18](../versions/msnp18.md) and above, read the Request Security Token service, version 2 article. (TODO: Write this, and did I get this right?)
*`Id`: Is set to `RST#`, with `#` incrementing every use of this element, starting from `0`.
## wst:RequestType
This element always contains the value `http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue`.
## wsp:AppliesTo
This element only contains the `<wsa:EndpointReference>` element.
### wsa:EndpointReference
This element only contains one of two mutually exclusive elements:
1.`<wsa:Address>`: By URL or domain name
2.`<wsa:ServiceName>`: By service name
#### wsa:Address
This element contains the target domain for this security token:
*`http://Passport.NET/tb`: Legacy authentication, One of these is always required (usually as `RST0`). Does not set a `<wsse:PolicyReference>`.
*`messengerclear.live.com`: The domain used for solving `MBI_KEY_OLD` challenges. Uses a policy defined by the MSNP server, which is usually `MBI_KEY_OLD`.
*`messenger.msn.com`: The usual domain for authenticating to the Messenger Service. Uses passport unique parameters (`?...`)
defined by the MSNP server, or `?id=507` if using `messengerclear.live.com` to authenticate.
*`contacts.msn.com`: Used for the [Address Book Service](abservice.md). Uses passport unique parameters (`?...`) or `MBI`
(since [MSNP15](../versions/msnp15.md)). Required since [MSNP13](../versions/msnp13.md).
*`messengersecure.live.com`: A secure version of `messenger.msn.com`, with unknown use. Uses `MBI_SSL`.
*`spaces.msn.com`: The blog service. Uses `MBI`.
*`spaces.live.com`: The blog service. Uses `MBI`.
*`livecontacts.live.com`: The Live Contacts ABI, apparently a simplified version of the [Address Book Service](abservice.md).
*`storage.msn.com`: The user storage service. Uses `MBI_SSL`. Required for [MSNP15](../versions/msnp15.md)'s roaming user content support.
#### wsa:ServiceName
This element contains the target service name for this security token:
*`p2pslc.messenger.msn.com`: The peer-to-peer "slc" service. Uses `MBI_X509_CID`.
## wst:Supporting
This optional element only exists if the [`<wsse:PolicyReference>`](#wssepolicyreference) requires it.
### wsse:BinarySecurityToken
This element has two attributes:
*`ValueType`: Usually only seen set to `http://schemas.microsoft.com/Passport/SoapServices/PPCRL#PKCS10`.
*`EncodingType`: Usually only seen set to `wsse:Base64Binary`.
This element's value is the binary token, which has only been observed to be a PKCS#10 certificate request
in SHA1-RSA format (1024 bits), with the Common Name (CN) set to `MSIDCRL`.
## wsse:PolicyReference
This optional element has only one attribute:
*`URI`: The security policy of this security token:
*`MBI_KEY_OLD`: Calculate a challenge with the server's `<wst:BinarySecret>`.
*`MBI_KEY`: Unknown, but probably not unlike `MBI_KEY_OLD`?
*`MBI`: No special parameters.
*`MBI_SSL`: No special parameters and encrypted transport only.
*`MBI_X509_CID`: Unknown, but based on user certificates. Only used with `p2pslc.messenger.msn.com`.
* (any policy starting with `?`): Authenticate using special parameters, akin to [Passport 1.4](passport14.md).
# Server/Response
The following sub-headers are XML elements for the server's response.
## soap:Envelope
This element has only one attribute:
*`xmlns:soap`: Is always set to `http://schemas.xmlsoap.org/soap/envelope/`.
### soap:Header
This element only contains the `<psf:pp>` element.
#### psf:pp
This element has only one attribute:
*`xmlns:psf`: Is always set to `http://schemas.microsoft.com/Passport/SoapServices/SOAPFault`.
This element has nine children:
*`<psf:serverVersion>`: Only observed to be `1`.
*`<psf:PUID>`: The user's Passport Unique ID, expressed as a 16-bit captitalized hexadecimal stream.
*`<psf:configVersion>`: The configuration version expressed as a quadruplet.
*`<psf:uiVersion>`: The user interface version expressed as a quadruplet.
*`<psf:authstate>`: This is always `0x48803` (`PPCRL_AUTHSTATE_S_AUTHENTICATED_PASSWORD`) for successful authentications.
*`<psf:regstatus>`: This is always `0x0` for successful authentications.
*`<psf:serverInfo>`: This element has the server's identification string and the following four attributes:
*`Path`: Always set to `Live1`.
*`RollingUpgradeState`: Always set to `ExclusiveNew`.
*`LocVersion`: Always set to `0`.
*`ServerTime`: A ISO 8601 timestamp that specifies the time this response was generated.
*`<psf:cookies>`: This element is always empty.
*`<psf:response>`: This element is always empty.
### soap:Body
This element only contains the `<wst:RequestSecurityTokenResponseCollection>` element.
#### wst:RequestSecurityTokenResponseCollection
This element has six attributes:
*`xmlns:wst`: Is always set to `http://schemas.xmlsoap.org/ws/2004/04/trust`.
*`xmlns:wsse`: Is always set to `http://schemas.xmlsoap.org/ws/2003/06/secext`.
*`xmlns:wsu`: Is always set to `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd`.
*`xmlns:saml`: Is always set to `urn:oasis:names:tc:SAML:1.0:assertion`.
*`xmlns:wsp`: Is always set to `http://schemas.xmlsoap.org/ws/2002/12/policy`.
*`xmlns:psf`: Is always set to `http://schemas.microsoft.com/Passport/SoapServices/SOAPFault`.
This element has four required children and one optional child:
*`<wst:TokenType>`: The type of security token this `<wst:RequestSecurityTokenResponse>` is.
*`<wsp:AppliesTo>`: Defines what can use this security token.
*`<wst:RequestedSecurityToken>`: The security token itself.
*`<wst:RequestedTokenReference>`: The reference location of where the security token is stored.
*`<wst:RequestedProofToken>` (Optional): The proof token used for `urn:passport:legacy` tokens or `MBI_KEY_OLD` policies.
## wst:TokenType
This element only contains either the value `urn:passport:legacy` or `urn:passport:compact`.
## wsp:AppliesTo
This element has only one attribute:
*`xmlns:wsa`: Is always set to `http://schemas.xmlsoap.org/ws/2004/03/addressing`.
This element only contains the `<wsa:EndpointReference>` element.
### wsa:EndpointReference
This element only contains the `<wsa:Address>` element.
#### wsa:Address
This element contains the target domain for this security token:
*`http://Passport.NET/tb`: Legacy authentication, One of these is always required (usually as `RST0`). Does not set a `<wsse:PolicyReference>`.
*`messengerclear.live.com`: The domain used for solving `MBI_KEY_OLD` challenges. Uses a policy defined by the MSNP server, which is usually `MBI_KEY_OLD`.
*`messenger.msn.com`: The usual domain for authenticating to the Messenger Service. Uses passport unique parameters (`?...`)
defined by the MSNP server, or `?id=507` if using `messengerclear.live.com` to authenticate.
*`contacts.msn.com`: Used for the [Address Book Service](abservice.md). Uses passport unique parameters (`?...`) or `MBI`
(since [MSNP15](../versions/msnp15.md)). Required since [MSNP13](../versions/msnp13.md).
*`messengersecure.live.com`: A secure version of `messenger.msn.com`, with unknown use. Uses `MBI_SSL`.
*`spaces.msn.com`: The blog service. Uses `MBI`.
*`spaces.live.com`: The blog service. Uses `MBI`.
*`livecontacts.live.com`: The Live Contacts ABI, apparently a simplified version of the [Address Book Service](abservice.md).
*`storage.msn.com`: The user storage service. Uses `MBI_SSL`. Required for [MSNP15](../versions/msnp15.md)'s roaming user content support.
## wst:LifeTime
This element has two children:
*`<wsu:Created>`: The ISO 8601 timestamp of when this security token was generated.
*`<wsu:Expires>`: The ISO 8601 timestamp of when this security token expires.
## wst:RequestedSecurityToken
This element has different children based on the value of the
[`<wst:TokenType>`](#wsttokentype) element.
### [urn:passport:legacy children]
These elements are only included in `<wst:RequestedSecurityToken>` if the value of
[`<wst:TokenType>`](#wsttokentype) element is set to `urn:passport:legacy`.
#### EncryptedData
This element has three attributes:
*`xmlns`: This is always `http://www.w3.org/2001/04/xmlenc#`.
*`Id`: This is always set to `BinaryDAToken#`, with the `#` being incremented every use of the
`<wst:RequestSecurityTokenResponse>` element starting from `0`.
*`Type`: This is always set to `http://www.w3.org/2001/04/xmlenc#Element`.
##### EncryptionMethod
This empty element has only one attribute:
*`Algorithm`: This is always set to `http://www.w3.org/2001/04/xmlenc#tripledes-cbc`.
##### ds:KeyInfo
This element has only one attribute:
*`xmlns:ds`: This is always set to `http://www.w3.org/2000/09/xmldsig#`.
This element only has one child:
*`<ds:KeyName>`: Only observed to be `http://Passport.NET/STS`
##### CipherData
This element has only one child:
*`<CipherValue>`: Likely to be a Passport Token of some kind, just 3DES encrypted.
(If you know how this is used, please contact me!)
### [urn:passport:compact children]
These elements are only included in `<wst:RequestedSecurityToken>` if the value of
[`<wst:TokenType>`](#wsttokentype) element is set to `urn:passport:compact`.
#### wsse:BinarySecurityToken
This element has only one attribute:
*`Id`: This is always set to `Compact#`, with the `#` being incremented every use of the
`<wst:RequestSecurityTokenResponse>` element starting from `0`.
This element contains the Passport token and profile parameters as a XML-encoded value.
(`t=token&p=profile`)
## wst:RequestedTokenReference
This element has two children:
*`<wsse:KeyIdentifier>`: This empty element has only one attribute:
*`ValueType`: This is either `urn:passport` or `urn:passport:compact`.
*`<wsse:Reference>`: This empty element has only one attribute:
*`URI`: The URI that has the contents of the security token.
Usually refers to the first child of the `<wst:RequestedSecurityToken>` element
via it's `Id` attribute, using the `#` prefix followed by the value of the `Id` attribute.
## wst:RequestedProofToken
This optional element only has one child:
*`<wst:BinarySecret>`: The binary secret for this token
