[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] DSS Core WD34 pre 4
Hi Nick,
Nick Pope wrote:
>[...]
>However, it is not so clear from viewpoint of an XML signature being created
>against a Binary file which is currently carried in Base64Data.
>
In the case of a Binary file which is currently carried in
<dss:Base64Data> having an external-uri this is perfectly valid as long
as no transforms/canonicalization are to be applied as it will be signed
binary. Other wise an error will be thrown as it is not parseable.
For a same-document uri this is also valid if <dss:IncludeObject> is
used (e.g. include a base64 encoded Image as a <ds:Object>) again if no
transforms/canonicalizations are to be applied .
>Whether
>this is in "document or "transformed document."
>
>
However a Binary file which is currently carried in <dss:Base64Data>
should not be a Document as we decided to not parse <dss:Base64Data>, if
it is a parseable document one should use <dss:Base64XML> instead.
>I would suggest that TransformedData be another case of <XMLData>?
>
I'm not sure if I understand what you mean by <XMLData> as we removed it
and replaced it with <dss:InlineXML>
Did you probably mean to add the <ds:Transforms> to <dss:Base64Data>?
If yes this is possible, but I'd rather go for using
<dss:TransformedData> to support client-side transforms plus server-side
hashing as this is clearer than using <dss:Base64Data> for this.
>However,
>I can live the 2nd suggestion.
>
>I would prefer keeping HashData as it is in WD34.
>
>
Good, so let's suggest the following to the TC.
Let's leave <dss:DocumentHash> as it is and add a new Type called
<dss:TransformedData>, which is to be used for complete client-side
transforms with server side Hashing.
<xs:element name="TransformedData">
<xs:complexType>
<xs:complexContent>
<xs:extension base="dss:DocumentBaseType">
<xs:sequence>
<xs:element ref="ds:Transforms" minOccurs="0"/>
<xs:element ref="dss:Base64Data"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
Let's add it to <dss:InputDocuments> as follows.
<xs:element name="InputDocuments">
<xs:complexType>
<xs:sequence>
<xs:choice maxOccurs="unbounded">
<xs:element ref="dss:Document"/>
<xs:element ref="dss:DocumentHash"/>
<xs:element ref="dss:TransformedData"/>
<xs:element name="Other" type="dss:AnyType"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
best regards
Konrad
>[...]
>
>
>>-----Original Message-----
>>From: Konrad Lanz [mailto:Konrad.Lanz@labs.cio.gv.at]
>>Sent: 29 August 2005 11:53
>>To: Nick Pope
>>Cc: OASIS DSS TC
>>Subject: Re: [dss] DSS Core WD34 pre 4
>>
>>
>>Hi Nick,
>>
>>Nick Pope wrote:
>>
>>
>>
>>>I have the following major comments on the revised draft of the core.
>>>
>>>1) Client Side Transform and no server side transform
>>>--------------------------------------------------
>>>
>>>The situation where all transforms are carried out on the client side and
>>>the XML is transferred as an octet string in Base64Data could be easily
>>>supported if the transforms are included in the BaseDocumentType.
>>>
>>>
>>>
>>Right, however I don't think that this is a very clear way of doing this.
>>
>>Furthermore if we are putting the <ds:Transforms> back to
>><dss:DocumentBaseType> again we'd need to exclude their use from all the
>>other Types extending <dss:DocumentBaseType> by normative text thus
>>making the core bigger.
>>Another problem will be, that if we transmit the last output of the
>>client side <ds:Transforms> we'd also have to exclude it from being
>>referenced by <dss:IncludeObject> and <dss:SignaturePlacement>. Btw.
>>similar problems apply to DocumentHash as well.
>>Yet another problem with <ds:Transforms> in <dss:DocumentBaseType> will
>>be that the assumption for <dss:Document> to be parseable will then not
>>necessarily hold any more due to the client side transforms.
>>
>>Thus I'd suggest to leave the <ds:Transforms> with <ds:DocumentHash>,
>>but to rename <dss:DocumentHash> to <dss:TransformedData> and change
>>it's Type as follows.
>>
>> <xs:element name="TransformedData">
>> <xs:complexType>
>> <xs:complexContent>
>> <xs:extension base="dss:DocumentBaseType">
>> <xs:sequence>
>> <xs:element ref="ds:Transforms" minOccurs="0"/>
>> <xs:choice>
>> <xs:element ref="dss:Base64Data"/>
>> <xs:sequence>
>> <xs:element ref="ds:DigestMethod"/>
>> <xs:element ref="ds:DigestValue"/>
>> </xs:sequence>
>> </xs:choice>
>> </xs:sequence>
>> </xs:extension>
>> </xs:complexContent>
>> </xs:complexType>
>> </xs:element>
>>
>>Hence allowing to either send <dss:Base64Data> or a <ds:DigestMethod>
>>plus a <ds:DigestValue>.
>>The first allowing complete Client Side Transforms plus server
>>side hashing.
>>The latter taking over the functionality of <dss:DocumentHash> (i.e. the
>>client also hashes).
>>
>>Alternatively we could leave <ds:DocumentHash> as it is now and add a
>>new Type also called TransformedData.
>>
>> <xs:element name="TransformedData">
>> <xs:complexType>
>> <xs:complexContent>
>> <xs:extension base="dss:DocumentBaseType">
>> <xs:sequence>
>> <xs:element ref="ds:Transforms" minOccurs="0"/>
>> <xs:element ref="dss:Base64Data"/>
>> </xs:sequence>
>> </xs:extension>
>> </xs:complexContent>
>> </xs:complexType>
>> </xs:element>
>>
>>and add it to <dss:InputDocuments> as follows.
>>
>> <xs:element name="InputDocuments">
>> <xs:complexType>
>> <xs:sequence>
>> <xs:choice maxOccurs="unbounded">
>> <xs:element ref="dss:Document"/>
>> <xs:element ref="dss:DocumentHash"/>
>> <xs:element ref="dss:TransformedData"/>
>> <xs:element name="Other" type="dss:AnyType"/>
>> </xs:choice>
>> </xs:sequence>
>> </xs:complexType>
>> </xs:element>
>>
>>
>>
>>>[...]
>>>
>>>
>>>
>>The latter alternative from my point of view is semantically clearer.
>>
>>best regards
>>Konrad
>>
>>
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
targetNamespace="urn:oasis:names:tc:dss:1.0:core:schema"
xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
elementFormDefault="qualified"
attributeFormDefault="unqualified">
<!-- -->
<xs:annotation>
<xs:documentation xml:lang="en">
This Schema defines the Digital Signature Service Core Protocols, Elements, and Bindings Working Draft 33pre21
</xs:documentation>
</xs:annotation>
<!-- -->
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#";
schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
<xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion"
schemaLocation="http://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-protocol-1.1.xsd"/>
<xs:import namespace="http://www.w3.org/XML/1998/namespace";
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<!-- COMMON PROTOCOL STRUCTURES -->
<xs:complexType name="AnyType">
<xs:annotation>
<xs:documentation xml:lang="en">
This Type type is used to match optional inputs, optional
outputs and to make the Schema extensible where
<xs:any namespace="##other" processContents="lax"/>
is not possible due to unique particle attributtion rules.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:complexType name="InlineXMLType">
<xs:annotation>
<xs:documentation xml:lang="en">
This Type clearly expresses the fact that content of InlineXML should be
equivalent to a complete XML Document. I.e. having only one
DocumentElement and not allowing anything but PI's and Comments before
and after this one element. The attribute ignorePIsComments indicates
how to deal with PI's and Comments as a number of parsers will also
ignore them and a server will have to be able to know if PI's and
Comments have gone missing after parsing and if the client would have
wanted them to be signed.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:any processContents="lax"/>
</xs:sequence>
<xs:attribute name="ignorePIsComments" type="xs:boolean" use="optional" default="true"/>
</xs:complexType>
<!-- -->
<xs:complexType name="InternationalStringType">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute ref="xml:lang"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- -->
<xs:element name="InputDocuments">
<xs:annotation>
<xs:documentation xml:lang="en">
<!-- Re: UPA Problem rationale behind these changes [FW: FROM JC THROUGH KONRAD] -->
<!--
<xs:any namespace="##other" processContents="lax"/>
allowes to introduce new top level elements from other namespaces
to support other types of documents in the future.
-->
<!-- Solution consistent with other places -->
<xs:element name="Other" type="dss:AnyType"/>
allowes to introduce new top level elements from namespaces including
dss to support other types of input documents in the future.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:choice maxOccurs="unbounded">
<xs:element ref="dss:Document"/>
<xs:element ref="dss:TransformedData"/>
<xs:element ref="dss:DocumentHash"/>
<xs:element name="Other" type="dss:AnyType"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:complexType name="DocumentBaseType" abstract="true">
<xs:sequence>
<xs:element name="Schema" type="xs:base64Binary" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="ID" type="xs:ID" use="optional"/>
<xs:attribute name="RefURI" type="xs:anyURI" use="optional"/>
<xs:attribute name="RefType" type="xs:anyURI" use="optional"/>
</xs:complexType>
<!-- -->
<xs:element name="Document">
<xs:complexType>
<xs:complexContent>
<xs:extension base="dss:DocumentBaseType">
<xs:choice>
<xs:element name="InlineXML" type="dss:InlineXMLType"/>
<xs:element name="Base64XML" type="xs:base64Binary"/>
<xs:element name="EscapedXML" type="xs:string"/>
<xs:element ref="dss:Base64Data"/>
</xs:choice>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="Base64Data">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:base64Binary">
<xs:attribute name="MimeType" type="xs:string" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="DocumentHash">
<xs:complexType>
<xs:complexContent>
<xs:extension base="dss:DocumentBaseType">
<xs:sequence>
<xs:element ref="ds:Transforms" minOccurs="0"/>
<xs:element ref="ds:DigestMethod"/>
<xs:element ref="ds:DigestValue"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="TransformedData">
<xs:complexType>
<xs:complexContent>
<xs:extension base="dss:DocumentBaseType">
<xs:sequence>
<xs:element ref="ds:Transforms" minOccurs="0"/>
<xs:element ref="dss:Base64Data"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="SignatureObject">
<xs:annotation>
<xs:documentation xml:lang="en">
<xs:any namespace="##other" processContents="lax"/> is not
possible here to allow extensibility as more than one namespace
(i.e. ds, dss) are used in the choice hence
<xs:element name="Other" type="dss:AnyType"/>
allowes to introduce new top level elements from namespaces including
dss to support other types of signatures in the future.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:choice>
<xs:element ref="ds:Signature"/>
<xs:element ref="dss:Timestamp"/>
<xs:element ref="dss:Base64Signature"/>
<xs:element ref="dss:SignaturePtr"/>
<xs:element name="Other" type="dss:AnyType"/>
</xs:choice>
<xs:element name="Schema" type="xs:base64Binary" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="Base64Signature">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:base64Binary">
<xs:attribute name="Type" type="xs:anyURI"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="SignaturePtr">
<xs:complexType>
<xs:attribute name="WhichDocument" type="xs:IDREF"/>
<xs:attribute name="XPath" type="xs:string" use="optional"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="Result">
<xs:complexType>
<xs:sequence>
<xs:element name="ResultMajor" type="xs:anyURI"/>
<xs:element name="ResultMinor" type="xs:anyURI" minOccurs="0"/>
<xs:element name="ResultMessage" type="dss:InternationalStringType" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="OptionalInputs" type="dss:AnyType">
<xs:annotation>
<xs:documentation xml:lang="en">
"dss:AnyType"/> matches any top level element of any
namespace, hence OptionalInputs can contain 0..* top level elements.
It should however not contain elements that are not declared as
optional inputs by normative text of the dss-core or dss-profiles.
</xs:documentation>
</xs:annotation>
</xs:element>
<!-- -->
<xs:element name="OptionalOutputs" type="dss:AnyType">
<xs:annotation>
<xs:documentation xml:lang="en">
"dss:AnyType"/> matches any top level element of any
namespace, hence OptionalInputs can contain 0..* top level elements.
It should however not contain elements that are not declared as
optional outputs by normative text of the dss-core or dss-profiles.
</xs:documentation>
</xs:annotation>
</xs:element>
<!-- -->
<xs:element name="ServicePolicy" type="xs:anyURI"/>
<!-- -->
<xs:element name="ClaimedIdentity">
<xs:complexType>
<xs:sequence>
<xs:element name="Name" type="saml:NameIdentifierType"/>
<xs:element name="SupportingInfo" type="dss:AnyType" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="Language" type="xs:language"/>
<!-- -->
<xs:element name="AdditionalProfile" type="xs:anyURI"/>
<!-- COMMON PROTOCOL STRUCTURES -->
<!-- PROTOCOL MESSAGES BEGIN -->
<xs:element name="SignRequest">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:OptionalInputs" minOccurs="0"/>
<xs:element ref="dss:InputDocuments"/>
</xs:sequence>
<xs:attribute name="RequestID" type="xs:string" use="optional"/>
<xs:attribute name="Profile" type="xs:anyURI" use="optional"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="IncludeObject">
<xs:complexType>
<xs:attribute name="WhichDocument" type="xs:IDREF"/>
<xs:attribute name="hasObjectTagsAndAttributesSet" type="xs:boolean" default="false"/>
<xs:attribute name="ObjId" type="xs:string" use="optional"/>
<xs:attribute name="createReference" type="xs:boolean" use="optional" default="true"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="SignaturePlacement">
<xs:complexType>
<xs:choice>
<xs:element name="XPathAfter" type="xs:string"/>
<xs:element name="XPathFirstChildOf" type="xs:string"/>
</xs:choice>
<xs:attribute name="WhichDocument" type="xs:IDREF"/>
<xs:attribute name="createEnvelopedSignature" type="xs:boolean" default="true"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="SignResponse">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Result"/>
<xs:element ref="dss:OptionalOutputs" minOccurs="0"/>
<xs:element ref="dss:SignatureObject" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RequestID" type="xs:string" use="optional"/>
<xs:attribute name="Profile" type="xs:anyURI" use="required"/>
</xs:complexType>
</xs:element>
<!-- SIGNRESPONSE OPTIONAL OUTPUTS START -->
<xs:element name="DocumentWithSignature">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Document"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- SIGNRESPONSE OPTIONAL OUTPUTS END -->
<!-- -->
<xs:element name="VerifyRequest">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:OptionalInputs" minOccurs="0"/>
<xs:element ref="dss:SignatureObject" minOccurs="0"/>
<xs:element ref="dss:InputDocuments" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RequestID" type="xs:string" use="optional"/>
<xs:attribute name="Profile" type="xs:anyURI" use="optional"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="VerifyResponse">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Result"/>
<xs:element ref="dss:OptionalOutputs" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RequestID" type="xs:string" use="optional"/>
<xs:attribute name="Profile" type="xs:anyURI" use="required"/>
</xs:complexType>
</xs:element>
<!-- PROTOCOL MESSAGES END -->
<!-- SIGNREQUEST OPTIONAL INPUTS START -->
<xs:element name="SignatureType" type="xs:anyURI"/>
<xs:element name="AddTimestamp">
<xs:complexType>
<xs:attribute name="Type" type="xs:anyURI" use="optional"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="IntendedAudience">
<xs:complexType>
<xs:sequence>
<xs:element name="Recipient" type="saml:NameIdentifierType" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="KeySelector">
<xs:annotation>
<xs:documentation xml:lang="en">
<xs:any namespace="##other" processContents="lax"/> is not
possible here to allow extensibility as another namespace than
the target namespace is used in the choice hence
<xs:element name="Other" type="dss:AnyType"/>
allowes to introduce new top level elements from namespaces including
dss to support other types of key selectors in the future.
Note that namespace="##other" is the complement of the target namespace.
Note also that xml schema does not support complements for other namespaces
or sets of namespaces which is a defect in xml schema.
It only supports sets of namespaces which is not useful however as we cannot
know which namespaces might be relevant in the future.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:choice>
<xs:element ref="ds:KeyInfo"/>
<xs:element name="Other" type="dss:AnyType"/>
</xs:choice>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="SignedReferences">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:SignedReference" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="Properties">
<xs:complexType>
<xs:sequence>
<xs:element name="SignedProperties" type="dss:PropertiesType" minOccurs="0"/>
<xs:element name="UnsignedProperties" type="dss:PropertiesType" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="Property">
<xs:complexType>
<xs:sequence>
<xs:element name="Identifier" type="xs:anyURI"/>
<xs:element name="Value" type="dss:AnyType" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:complexType name="PropertiesType">
<xs:sequence>
<xs:element ref="dss:Property" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="SignedReference">
<xs:annotation>
<xs:documentation xml:lang="en">
RefURI overrides the of <dss:Document>
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="ds:Transforms" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="WhichDocument" type="xs:IDREF" use="required"/>
<xs:attribute name="RefURI" type="xs:anyURI" use="optional"/>
<xs:attribute name="RefId" type="xs:string" use="optional"/>
</xs:complexType>
</xs:element>
<!-- SIGNREQUEST OPTIONAL INPUTS END -->
<!-- VERIFYREQUEST OPTIONAL INPUTS START -->
<xs:element name="VerifyManifests"/>
<xs:element name="VerificationTime" type="xs:dateTime"/>
<xs:element name="AdditionalKeyInfo">
<xs:complexType>
<xs:sequence>
<xs:element ref="ds:KeyInfo"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="ReturnProcessingDetails"/>
<!-- -->
<xs:element name="ReturnSigningTime"/>
<!-- -->
<xs:element name="ReturnTimestampTime"/>
<!-- -->
<xs:element name="ReturnSignerIdentity"/>
<!-- -->
<xs:element name="ReturnUpdatedSignature">
<xs:complexType>
<xs:attribute name="Type" type="xs:anyURI" use="optional"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="ReturnTransformedDocument">
<xs:complexType>
<xs:attribute name="WhichReference" type="xs:integer" use="required"/>
</xs:complexType>
</xs:element>
<!-- VERIFYREQUEST OPTIONAL INPUTS END -->
<!-- VERIFYRESPONSE OPTIONAL OUTPUTS START -->
<xs:element name="ProcessingDetails">
<xs:complexType>
<xs:sequence>
<xs:element name="ValidDetail" type="dss:DetailType" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="IndeterminateDetail" type="dss:DetailType" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="InvalidDetail" type="dss:DetailType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="SigningTime">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:dateTime">
<xs:attribute name="ThirdPartyTimestamp" type="xs:boolean" use="required"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="TimestampTime" type="xs:dateTime"/>
<!-- -->
<xs:element name="SignerIdentity" type="saml:NameIdentifierType"/>
<!-- -->
<xs:element name="UpdatedSignature">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:SignatureObject"/>
</xs:sequence>
<xs:attribute name="Type" type="xs:anyURI" use="optional"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="TransformedDocument">
<xs:complexType>
<xs:sequence>
<xs:element ref="dss:Document"/>
</xs:sequence>
<xs:attribute name="WhichReference" type="xs:integer" use="required"/>
</xs:complexType>
</xs:element>
<!-- -->
<xs:complexType name="DetailType">
<xs:sequence>
<xs:element name="Code" type="xs:anyURI" minOccurs="0"/>
<xs:element name="Message" type="dss:InternationalStringType" minOccurs="0"/>
<xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="Type" type="xs:anyURI" use="required"/>
</xs:complexType>
<!-- VERIFYRESPONSE OPTIONAL OUTPUTS END -->
<!-- TIMESTAMP BEGIN -->
<xs:element name="Timestamp">
<xs:complexType>
<xs:choice>
<xs:element ref="ds:Signature"/>
<xs:element name="RFC3161TimeStampToken" type="xs:base64Binary"/>
<xs:element name="Other" type="dss:AnyType"/>
</xs:choice>
</xs:complexType>
</xs:element>
<!-- -->
<xs:element name="TstInfo">
<xs:complexType>
<xs:sequence>
<xs:element name="SerialNumber" type="xs:integer"/>
<xs:element name="CreationTime" type="xs:dateTime"/>
<xs:element name="Policy" type="xs:anyURI" minOccurs="0"/>
<xs:element name="ErrorBound" type="xs:duration" minOccurs="0"/>
<xs:element name="Ordered" type="xs:boolean" default="false" minOccurs="0"/>
<xs:element name="TSA" type="saml:NameIdentifierType" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- TIMESTAMP END -->
<!-- REQUESTER IDENTITY BEGIN -->
<xs:element name="RequesterIdentity">
<xs:complexType>
<xs:sequence>
<xs:element name="Name" type="saml:NameIdentifierType"/>
<xs:element name="SupportingInfo" type="dss:AnyType" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<!-- REQUESTER IDENTITY END -->
</xs:schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]