[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] [Fwd: Async comments by Tommy]
Hi all, as I proposed some days ago here are my extensions of the core schema. It's fueled by the shortcomings in the Async profile identified by Tommy. Now there are new bases type for sign/verify requests and responses. This abstraction layer shouldn't any bad impact on other structures. Please have a sharp look ... Greetings Andreeas >Andreas, Tommy and all DSS > >Following on from the issue raised by Tommy some time ago suggesting adding >an optional response ID to the SignResponse and VerifyResponse in support of >asynchronous operation. > >Is there any objection for inclusion of this change in the next draft of the >CD for confirmation at the next meeting? > >Nick > >
<?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" elementFormDefault="qualified" attributeFormDefault="unqualified"> <!-- --> <xs:annotation> <xs:documentation xml:lang="en"> This Schema defines the Digital Signature Service Core Protocols, Elements, and Bindings Working Draft 33pre21 </xs:documentation> </xs:annotation> <!-- --> <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"; schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> <xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="http://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-protocol-1.1.xsd"/> <xs:import namespace="http://www.w3.org/XML/1998/namespace"; schemaLocation="http://www.w3.org/2001/xml.xsd"/> <!-- COMMON PROTOCOL STRUCTURES --> <xs:complexType name="AnyType"> <xs:annotation> <xs:documentation xml:lang="en"> This Type type is used to match optional inputs, optional outputs and to make the Schema extensible where <xs:any namespace="##other" processContents="lax"/> is not possible due to unique particle attributtion rules. </xs:documentation> </xs:annotation> <xs:sequence> <xs:any processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:complexType name="InlineXMLType"> <xs:annotation> <xs:documentation xml:lang="en"> This Type clearly expresses the fact that content of InlineXML should be equivalent to a complete XML Document. I.e. having only one DocumentElement and not allowing anything but PI's and Comments before and after this one element. The attribute ignorePIsComments indicates how to deal with PI's and Comments as a number of parsers will also ignore them and a server will have to be able to know if PI's and Comments have gone missing after parsing and if the client would have wanted them to be signed. </xs:documentation> </xs:annotation> <xs:sequence> <xs:any processContents="lax"/> </xs:sequence> <xs:attribute name="ignorePIsComments" type="xs:boolean" use="optional" default="true"/> </xs:complexType> <!-- --> <xs:complexType name="InternationalStringType"> <xs:simpleContent> <xs:extension base="xs:string"> <xs:attribute ref="xml:lang"/> </xs:extension> </xs:simpleContent> </xs:complexType> <!-- --> <xs:element name="InputDocuments"> <xs:annotation> <xs:documentation xml:lang="en"> <!-- Re: UPA Problem rationale behind these changes [FW: FROM JC THROUGH KONRAD] --> <!-- <xs:any namespace="##other" processContents="lax"/> allowes to introduce new top level elements from other namespaces to support other types of documents in the future. --> <!-- Solution consistent with other places --> <xs:element name="Other" type="dss:AnyType"/> allowes to introduce new top level elements from namespaces including dss to support other types of input documents in the future. </xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:choice maxOccurs="unbounded"> <xs:element ref="dss:Document"/> <xs:element ref="dss:DocumentHash"/> <!-- <xs:any namespace="##other" processContents="lax"/> --> <xs:element name="Other" type="dss:AnyType"/> </xs:choice> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:complexType name="DocumentBaseType" abstract="true"> <xs:sequence> <xs:element name="Schema" type="xs:base64Binary" minOccurs="0"/> </xs:sequence> <xs:attribute name="ID" type="xs:ID" use="optional"/> <xs:attribute name="RefURI" type="xs:anyURI" use="optional"/> <xs:attribute name="RefType" type="xs:anyURI" use="optional"/> </xs:complexType> <!-- --> <xs:element name="Document"> <xs:complexType> <xs:complexContent> <xs:extension base="dss:DocumentBaseType"> <xs:choice> <xs:element name="InlineXML" type="dss:InlineXMLType"/> <xs:element name="Base64XML" type="xs:base64Binary"/> <xs:element name="EscapedXML" type="xs:string"/> <xs:element ref="dss:Base64Data"/> </xs:choice> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="Base64Data"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:base64Binary"> <xs:attribute name="MimeType" type="xs:string" use="optional"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="DocumentHash"> <xs:complexType> <xs:complexContent> <xs:extension base="dss:DocumentBaseType"> <xs:sequence> <xs:element ref="ds:Transforms" minOccurs="0"/> <xs:element ref="ds:DigestMethod"/> <xs:element ref="ds:DigestValue"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="SignatureObject"> <xs:annotation> <xs:documentation xml:lang="en"> <xs:any namespace="##other" processContents="lax"/> is not possible here to allow extensibility as more than one namespace (i.e. ds, dss) are used in the choice hence <xs:element name="Other" type="dss:AnyType"/> allowes to introduce new top level elements from namespaces including dss to support other types of signatures in the future. </xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:choice> <xs:element ref="ds:Signature"/> <xs:element ref="dss:Timestamp"/> <xs:element ref="dss:Base64Signature"/> <xs:element ref="dss:SignaturePtr"/> <xs:element name="Other" type="dss:AnyType"/> </xs:choice> <xs:element name="Schema" type="xs:base64Binary" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="Base64Signature"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:base64Binary"> <xs:attribute name="Type" type="xs:anyURI"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="SignaturePtr"> <xs:complexType> <xs:attribute name="WhichDocument" type="xs:IDREF"/> <xs:attribute name="XPath" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <!-- --> <xs:element name="Result"> <xs:complexType> <xs:sequence> <xs:element name="ResultMajor" type="xs:anyURI"/> <xs:element name="ResultMinor" type="xs:anyURI" minOccurs="0"/> <xs:element name="ResultMessage" type="dss:InternationalStringType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="OptionalInputs" type="dss:AnyType"> <xs:annotation> <xs:documentation xml:lang="en"> "dss:AnyType"/> matches any top level element of any namespace, hence OptionalInputs can contain 0..* top level elements. It should however not contain elements that are not declared as optional inputs by normative text of the dss-core or dss-profiles. </xs:documentation> </xs:annotation> </xs:element> <!-- --> <xs:element name="OptionalOutputs" type="dss:AnyType"> <xs:annotation> <xs:documentation xml:lang="en"> "dss:AnyType"/> matches any top level element of any namespace, hence OptionalInputs can contain 0..* top level elements. It should however not contain elements that are not declared as optional outputs by normative text of the dss-core or dss-profiles. </xs:documentation> </xs:annotation> </xs:element> <!-- --> <xs:element name="ServicePolicy" type="xs:anyURI"/> <!-- --> <xs:element name="ClaimedIdentity"> <xs:complexType> <xs:sequence> <xs:element name="Name" type="saml:NameIdentifierType"/> <xs:element name="SupportingInfo" type="dss:AnyType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="Language" type="xs:language"/> <!-- --> <xs:element name="AdditionalProfile" type="xs:anyURI"/> <!-- COMMON PROTOCOL STRUCTURES --> <!-- PROTOCOL MESSAGES BEGIN --> <xs:complexType name="RequestBaseType" abstract="true"> <xs:sequence> <xs:element ref="dss:OptionalInputs" minOccurs="0"/> <xs:element ref="dss:InputDocuments"/> </xs:sequence> <xs:attribute name="RequestID" type="xs:string" use="optional"/> <xs:attribute name="Profile" type="xs:anyURI" use="optional"/> </xs:complexType> <xs:complexType name="ResponseBaseType" abstract="true"> <xs:sequence> <xs:element ref="dss:Result"/> <xs:element ref="dss:OptionalOutputs" minOccurs="0"/> </xs:sequence> <xs:attribute name="RequestID" type="xs:string" use="optional"/> <xs:attribute name="Profile" type="xs:anyURI" use="required"/> </xs:complexType> <xs:element name="SignRequest"> <xs:complexType> <xs:complexContent> <xs:extension base="dss:RequestBaseType"> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="IncludeObject"> <xs:complexType> <xs:attribute name="WhichDocument" type="xs:IDREF"/> <xs:attribute name="hasObjectTagsAndAttributesSet" type="xs:boolean" default="false"/> <xs:attribute name="ObjId" type="xs:string" use="optional"/> <xs:attribute name="createReference" type="xs:boolean" use="optional" default="true"/> </xs:complexType> </xs:element> <!-- --> <xs:element name="SignaturePlacement"> <xs:complexType> <xs:choice> <xs:element name="XPathAfter" type="xs:string"/> <xs:element name="XPathFirstChildOf" type="xs:string"/> </xs:choice> <xs:attribute name="WhichDocument" type="xs:IDREF"/> <xs:attribute name="createEnvelopedSignature" type="xs:boolean" default="true"/> </xs:complexType> </xs:element> <!-- --> <xs:element name="SignResponse"> <xs:complexType> <xs:complexContent> <xs:extension base="dss:ResponseBaseType"> <xs:sequence> <xs:element ref="dss:SignatureObject" minOccurs="0"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <!-- SIGNRESPONSE OPTIONAL OUTPUTS START --> <xs:element name="DocumentWithSignature"> <xs:complexType> <xs:sequence> <xs:element ref="dss:Document"/> </xs:sequence> </xs:complexType> </xs:element> <!-- SIGNRESPONSE OPTIONAL OUTPUTS END --> <!-- --> <xs:element name="VerifyRequest"> <xs:complexType> <xs:complexContent> <xs:extension base="dss:RequestBaseType"> </xs:extension> <xs:sequence> <xs:element ref="dss:SignatureObject" minOccurs="0"/> </xs:sequence> </xs:complexContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="VerifyResponse"> <xs:complexType> <xs:complexContent> <xs:extension base="dss:ResponseBaseType"> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <!-- PROTOCOL MESSAGES END --> <!-- SIGNREQUEST OPTIONAL INPUTS START --> <xs:element name="SignatureType" type="xs:anyURI"/> <xs:element name="AddTimestamp"> <xs:complexType> <xs:attribute name="Type" type="xs:anyURI" use="optional"/> </xs:complexType> </xs:element> <!-- --> <xs:element name="IntendedAudience"> <xs:complexType> <xs:sequence> <xs:element name="Recipient" type="saml:NameIdentifierType" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="KeySelector"> <xs:annotation> <xs:documentation xml:lang="en"> <xs:any namespace="##other" processContents="lax"/> is not possible here to allow extensibility as another namespace than the target namespace is used in the choice hence <xs:element name="Other" type="dss:AnyType"/> allowes to introduce new top level elements from namespaces including dss to support other types of key selectors in the future. Note that namespace="##other" is the complement of the target namespace. Note also that xml schema does not support complements for other namespaces or sets of namespaces which is a defect in xml schema. It only supports sets of namespaces which is not useful however as we cannot know which namespaces might be relevant in the future. </xs:documentation> </xs:annotation> <xs:complexType> <xs:choice> <xs:element ref="ds:KeyInfo"/> <xs:element name="Other" type="dss:AnyType"/> </xs:choice> </xs:complexType> </xs:element> <!-- --> <xs:element name="SignedReferences"> <xs:complexType> <xs:sequence> <xs:element ref="dss:SignedReference" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="Properties"> <xs:complexType> <xs:sequence> <xs:element name="SignedProperties" type="dss:PropertiesType" minOccurs="0"/> <xs:element name="UnsignedProperties" type="dss:PropertiesType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="Property"> <xs:complexType> <xs:sequence> <xs:element name="Identifier" type="xs:anyURI"/> <xs:element name="Value" type="dss:AnyType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:complexType name="PropertiesType"> <xs:sequence> <xs:element ref="dss:Property" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="SignedReference"> <xs:annotation> <xs:documentation xml:lang="en"> RefURI overrides the of <dss:Document> </xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element ref="ds:Transforms" minOccurs="0"/> </xs:sequence> <xs:attribute name="WhichDocument" type="xs:IDREF" use="required"/> <xs:attribute name="RefURI" type="xs:anyURI" use="optional"/> <xs:attribute name="RefId" type="xs:string" use="optional"/> </xs:complexType> </xs:element> <!-- SIGNREQUEST OPTIONAL INPUTS END --> <!-- VERIFYREQUEST OPTIONAL INPUTS START --> <xs:element name="VerifyManifests"/> <xs:element name="VerificationTime" type="xs:dateTime"/> <xs:element name="AdditionalKeyInfo"> <xs:complexType> <xs:sequence> <xs:element ref="ds:KeyInfo"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="ReturnProcessingDetails"/> <!-- --> <xs:element name="ReturnSigningTime"/> <!-- --> <xs:element name="ReturnTimestampTime"/> <!-- --> <xs:element name="ReturnSignerIdentity"/> <!-- --> <xs:element name="ReturnUpdatedSignature"> <xs:complexType> <xs:attribute name="Type" type="xs:anyURI" use="optional"/> </xs:complexType> </xs:element> <!-- --> <xs:element name="ReturnTransformedDocument"> <xs:complexType> <xs:attribute name="WhichReference" type="xs:integer" use="required"/> </xs:complexType> </xs:element> <!-- VERIFYREQUEST OPTIONAL INPUTS END --> <!-- VERIFYRESPONSE OPTIONAL OUTPUTS START --> <xs:element name="ProcessingDetails"> <xs:complexType> <xs:sequence> <xs:element name="ValidDetail" type="dss:DetailType" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="IndeterminateDetail" type="dss:DetailType" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="InvalidDetail" type="dss:DetailType" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <!-- --> <xs:element name="SigningTime"> <xs:complexType> <xs:simpleContent> <xs:extension base="xs:dateTime"> <xs:attribute name="ThirdPartyTimestamp" type="xs:boolean" use="required"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xs:element> <!-- --> <xs:element name="TimestampTime" type="xs:dateTime"/> <!-- --> <xs:element name="SignerIdentity" type="saml:NameIdentifierType"/> <!-- --> <xs:element name="UpdatedSignature"> <xs:complexType> <xs:sequence> <xs:element ref="dss:SignatureObject"/> </xs:sequence> <xs:attribute name="Type" type="xs:anyURI" use="optional"/> </xs:complexType> </xs:element> <!-- --> <xs:element name="TransformedDocument"> <xs:complexType> <xs:sequence> <xs:element ref="dss:Document"/> </xs:sequence> <xs:attribute name="WhichReference" type="xs:integer" use="required"/> </xs:complexType> </xs:element> <!-- --> <xs:complexType name="DetailType"> <xs:sequence> <xs:element name="Code" type="xs:anyURI" minOccurs="0"/> <xs:element name="Message" type="dss:InternationalStringType" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="Type" type="xs:anyURI" use="required"/> </xs:complexType> <!-- VERIFYRESPONSE OPTIONAL OUTPUTS END --> <!-- TIMESTAMP BEGIN --> <xs:element name="Timestamp"> <xs:complexType> <xs:choice> <xs:element ref="ds:Signature"/> <xs:element name="RFC3161TimeStampToken" type="xs:base64Binary"/> <xs:element name="Other" type="dss:AnyType"/> </xs:choice> </xs:complexType> </xs:element> <!-- --> <xs:element name="TstInfo"> <xs:complexType> <xs:sequence> <xs:element name="SerialNumber" type="xs:integer"/> <xs:element name="CreationTime" type="xs:dateTime"/> <xs:element name="Policy" type="xs:anyURI" minOccurs="0"/> <xs:element name="ErrorBound" type="xs:duration" minOccurs="0"/> <xs:element name="Ordered" type="xs:boolean" default="false" minOccurs="0"/> <xs:element name="TSA" type="saml:NameIdentifierType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- TIMESTAMP END --> <!-- REQUESTER IDENTITY BEGIN --> <xs:element name="RequesterIdentity"> <xs:complexType> <xs:sequence> <xs:element name="Name" type="saml:NameIdentifierType"/> <xs:element name="SupportingInfo" type="dss:AnyType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <!-- REQUESTER IDENTITY END --> </xs:schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]