[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: full schema for signing request, dss-proposal-rsalz-02.xsd
I knocked most of this off earlier, but then I ran it through IBM's
schema quality checker which found various typo's, etc.
Looking forward to feedback.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
<?xml version="1.0" encoding="utf-8"?>
<!-- vi: set sw=2 ts=8 et: -->
<xs:schema version="0.1" xmlns:xs="http://www.w3.org/2001/XMLSchema";
targetNamespace="http://www.example.com/dss";
xmlns="http://www.example.com/dss";
xmlns:dss="http://www.example.com/dss";
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<xs:import
schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd";
namespace="http://www.w3.org/2000/09/xmldsig#"/>
<!-- This is a signature property; something the client wants the
server to embed in the signature. If no transforms are specified,
then the server applies the transforms from the main element
when creating the reference. Clients MUST NOT specify
dss:Property/dsig:Transforms when dss:Property/@signed is false.
-->
<xs:element name="Property">
<xs:complexType>
<xs:sequence>
<xs:element ref="dsig:Object"/>
<xs:element ref="dsig:Transforms"/>
</xs:sequence>
<xs:attribute name="signed" type="xs:boolean"/>
</xs:complexType>
</xs:element>
<!-- This indicates if the signature is enveloped or not.
There must be a simpler way to do this. I want
<Enveloped value='true'/>
-->
<xs:element name="Enveloped">
<xs:complexType>
<xs:sequence/>
<xs:attribute name="value" type="xs:boolean"/>
</xs:complexType>
</xs:element>
<!-- This is a parameter, which a client provides to help control
the operation of the server. Basic structure taken from
the dsig:Transform element.
-->
<xs:element name="Parameter">
<xs:complexType mixed="true">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<!-- Here is where we put the definitions of elements we
define in the core. Examples below show a proposal
for what should be in the core.
-->
<xs:element ref="dsig:KeyInfo"/>
<xs:element ref="dsig:Transforms"/>
<xs:element ref="dss:Property"/>
<xs:element ref="dss:Enveloped"/>
<!-- Extensibility point. -->
<xs:any namespace="##other" processContents="lax"/>
</xs:choice>
<xs:attribute name="type" type="xs:anyURI" use="required"/>
<xs:attribute name="mustUnderstand" type="xs:boolean"/>
</xs:complexType>
</xs:element>
<xs:element name="Parameters">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Parameter" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- I tried to make this simpler than just using dsig:Reference.
But when you look at what information the server will need to
apply in order to create a real Reference so that clients can
verify it, then this is what you end up with.
-->
<xs:element name="PreDigested">
<xs:complexType>
<xs:sequence>
<xs:element ref="dsig:Reference"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="XML">
<xs:complexType mixed="true">
<xs:sequence>
<xs:any namespace="##other" processContents="lax"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- An input document. The following values for Document/@type
are defined:
urn1 Text (in same encoding as the surrounding doc)
urn2 Base64 string; unencode it before hashing
urn3 XML (same encoding)
urn4 XML, but transferred as base64
For example, signing the OASIS homepage via external ref:
<dss:Document type="urn1">
<dss:URI>http://www.oasis-open.org</dss:URI>
<dss:Document>
Enclosing a WORD doc to be signed:
<dss:Document type="urn2">
ZXRlX3MobGQsIHNlcnZlckROKSAhPSBMREFQX1NVQ0NFU1MpIHsKCQkqc3RhdHVz
...
X05TX0xEQVAgKi8KCg==
</dss:Document>
Including a bit of XML to be signed, specifying the same-doc
URI reference that will appear in the generated signature:
<dss:Document type="urn3" uri="#body">
<dss:XML>
<foo><bar foobar='23'/>yes</foo>
</dss:XML>
</dss:Document>
-->
<xs:element name="Document">
<xs:complexType mixed="true">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="URI" type="xs:anyURI"/>
<xs:element ref="dss:PreDigested"/>
<!-- Extensibility point. -->
<xs:any namespace="##other" processContents="lax"/>
</xs:choice>
<xs:attribute name="type" type="xs:anyURI" use="required"/>
<!-- Used for dss:SignaturePlacement, and also used as the
ID for the server-generated dsig:Reference element. -->
<xs:attribute name="id" type="xs:ID"/>
<!-- The URI the server should use to refer to the content. -->
<xs:attribute name="uri" type="xs:anyURI"/>
</xs:complexType>
</xs:element>
<xs:element name="Documents">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Document" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="SignRequest">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Parameters"/>
<xs:element ref="dss:Documents"/>
</xs:sequence>
<xs:attribute name="profile" type="xs:anyURI"/>
</xs:complexType>
</xs:element>
</xs:schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]