OASIS Digital Signature Services eXtended (DSS-X) TC

Hi all, see my draft on a JSON binding attached. A JSON schema created b y the JAXB framework is attached, but the expressiveness and readability leaves room for improvements. Does anyone has experience in deriving a readable JSON schema from a given JSON sample or a XML schema? Moreover, did the dust settle for an agreed JSON schema format? Greetings, Andreas -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales Attachment: DSS_REST_JSON.odt Description: application/vnd.oasis.opendocument.text { "type":"object", "properties":{ "OptionalInputs":{ "type":"object", "properties":{ "signatureForm":{ "type":"string" }, "returnVerificationReport":{ "type":"object", "properties":{ "IncludeVerifier":{ "type":"boolean" }, "IncludeCertificateValues":{ "type":"boolean" }, "IncludeRevocationValues":{ "type":"boolean" }, "ExpandBinaryValues":{ "type":"boolean" }, "ReportDetailLevel":{ "type":"string" } } }, "SignatureType":{ "type":"string" }, "AdditionalProfile":{ "type":"array", "items":{ "type":"string" } }, "SignedReferences":{ "type":"object", "properties":{ "SignedReference":{ "type":"array", "items":{ "type":"object", "properties":{ "transforms":{ "type":"object", "properties":{ "Transform":{ "type":"array", "items":{ "type":"object", "properties":{ "XPath":{ "type":"array", "items":{ "type":"any" } }, "Algorithm":{ "type":"string" } } } } } }, "WhichDocument":null, "RefURI":{ "type":"string" }, "RefId":{ "type":"string" } } } } } }, "ServicePolicy":{ "type":"string" }, "ClaimedIdentity":{ "type":"object", "properties":{ "Name":{ "type":"object", "properties":{ "value":{ "type":"string" }, "NameQualifier":{ "type":"string" }, "Format":{ "type":"string" } } }, "SupportingInfo":{ "type":"object", "properties":{ "Base64Content":{ "type":"array", "items":{ "type":"string" } } } } } }, "Language":{ "type":"string" }, "Schemas":{ "type":"object", "properties":{ "schema":{ "type":"array", "items":{ "type":"object", "properties":{ "id":{ "type":"string" }, "refURI":{ "type":"string" }, "refType":{ "type":"string" }, "schemaRefs":{ "type":"array", "items":{ "type":"any" } }, "Base64XML":{ "type":"array", "items":{ "type":"string" } }, "Base64Data":{ "type":"object", "properties":{ "value":{ "type":"array", "items":{ "type":"string" } }, "MimeType":{ "type":"string" } } }, "AttachmentReference":{ "type":"object", "properties":{ "digestMethod":{ "type":"object", "properties":{ "content":{ "type":"array", "items":{ "type":"any" } }, "Algorithm":{ "type":"string" } } }, "digestValue":{ "type":"array", "items":{ "type":"string" } }, "attRefURI":{ "type":"string" }, "mimeType":{ "type":"string" } } } } } } } }, "AddTimestamp":{ "type":"object", "properties":{ "Type":{ "type":"string" } } }, "IntendedAudience":{ "type":"object", "properties":{ "Recipient":{ "type":"array", "items":{ "type":"object", "properties":{ "value":{ "type":"string" }, "NameQualifier":{ "type":"string" }, "Format":{ "type":"string" } } } } } }, "KeySelector":{ "type":"object", "properties":{ "KeyInfo":{ "type":"object", "properties":{ "pgpdata":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "spkidata":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "spkisexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "SPKISexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "KeyName":{ "type":"array", "items":{ "type":"string" } }, "KeyValue":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"string" } }, "rsakeyValue":{ "type":"object", "properties":{ "Modulus":{ "type":"array", "items":{ "type":"string" } }, "Exponent":{ "type":"array", "items":{ "type":"string" } } } }, "dsakeyValue":{ "type":"object", "properties":{ "P":{ "type":"array", "items":{ "type":"string" } }, "Q":{ "type":"array", "items":{ "type":"string" } }, "G":{ "type":"array", "items":{ "type":"string" } }, "Y":{ "type":"array", "items":{ "type":"string" } }, "J":{ "type":"array", "items":{ "type":"string" } }, "Seed":{ "type":"array", "items":{ "type":"string" } }, "PgenCounter":{ "type":"array", "items":{ "type":"string" } } } }, "DSAKeyValue":{ "type":"object", "properties":{ "P":{ "type":"array", "items":{ "type":"string" } }, "Q":{ "type":"array", "items":{ "type":"string" } }, "G":{ "type":"array", "items":{ "type":"string" } }, "Y":{ "type":"array", "items":{ "type":"string" } }, "J":{ "type":"array", "items":{ "type":"string" } }, "Seed":{ "type":"array", "items":{ "type":"string" } }, "PgenCounter":{ "type":"array", "items":{ "type":"string" } } } }, "RSAKeyValue":{ "type":"object", "properties":{ "Modulus":{ "type":"array", "items":{ "type":"string" } }, "Exponent":{ "type":"array", "items":{ "type":"string" } } } } } } }, "RetrievalMethod":{ "type":"array", "items":{ "type":"object", "properties":{ "transforms":{ "type":"object", "properties":{ "Transform":{ "type":"array", "items":{ "type":"object", "properties":{ "XPath":{ "type":"array", "items":{ "type":"any" } }, "Algorithm":{ "type":"string" } } } } } }, "uri":{ "type":"string" }, "type":{ "type":"string" } } } }, "X509Data":{ "type":"array", "items":{ "type":"object", "properties":{ "X509IssuerSerial":{ "type":"array", "items":{ "type":"object", "properties":{ "X509IssuerName":{ "type":"string" }, "X509SerialNumber":{ "type":"integer" } } } }, "X509SKI":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "X509SubjectName":{ "type":"array", "items":{ "type":"string" } }, "X509Certificate":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "X509CRL":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "PGPData":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "SPKIData":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "spkisexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "SPKISexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "MgmtData":{ "type":"array", "items":{ "type":"string" } }, "Id":{ "type":"string" } } }, "Other":{ "type":"object", "properties":{ "Base64Content":{ "type":"array", "items":{ "type":"string" } } } } } }, "Properties":{ "type":"object", "properties":{ "SignedProperties":{ "type":"object", "properties":{ "Property":{ "type":"array", "items":{ "type":"object", "properties":{ "Identifier":{ "type":"string" }, "Value":{ "type":"object", "properties":{ "Base64Content":{ "type":"array", "items":{ "type":"string" } } } } } } } } }, "UnsignedProperties":{ "type":"object", "properties":{ "Property":{ "type":"array", "items":{ "type":"object", "properties":{ "Identifier":{ "type":"string" }, "Value":{ "type":"object", "properties":{ "Base64Content":{ "type":"array", "items":{ "type":"string" } } } } } } } } } } }, "IncludeObject":{ "type":"object", "properties":{ "WhichDocument":null, "hasObjectTagsAndAttributesSet":{ "type":"boolean", "required":true }, "ObjId":{ "type":"string" }, "createReference":{ "type":"boolean", "required":true } } }, "SignaturePlacement":{ "type":"object", "properties":{ "xpathAfter":{ "type":"string" }, "xpathFirstChildOf":{ "type":"string" }, "XPathAfter":{ "type":"string" }, "XPathFirstChildOf":{ "type":"string" }, "WhichDocument":null, "CreateEnvelopedSignature":{ "type":"boolean", "required":true } } }, "UseVerificationTime":{ "type":"boolean" }, "ReturnVerificationTimeInfo":{ "type":"boolean" }, "AdditionalKeyInfo":{ "type":"object", "properties":{ "KeyInfo":{ "type":"object", "properties":{ "pgpdata":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "spkidata":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "spkisexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "SPKISexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "KeyName":{ "type":"array", "items":{ "type":"string" } }, "KeyValue":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"string" } }, "rsakeyValue":{ "type":"object", "properties":{ "Modulus":{ "type":"array", "items":{ "type":"string" } }, "Exponent":{ "type":"array", "items":{ "type":"string" } } } }, "dsakeyValue":{ "type":"object", "properties":{ "P":{ "type":"array", "items":{ "type":"string" } }, "Q":{ "type":"array", "items":{ "type":"string" } }, "G":{ "type":"array", "items":{ "type":"string" } }, "Y":{ "type":"array", "items":{ "type":"string" } }, "J":{ "type":"array", "items":{ "type":"string" } }, "Seed":{ "type":"array", "items":{ "type":"string" } }, "PgenCounter":{ "type":"array", "items":{ "type":"string" } } } }, "DSAKeyValue":{ "type":"object", "properties":{ "P":{ "type":"array", "items":{ "type":"string" } }, "Q":{ "type":"array", "items":{ "type":"string" } }, "G":{ "type":"array", "items":{ "type":"string" } }, "Y":{ "type":"array", "items":{ "type":"string" } }, "J":{ "type":"array", "items":{ "type":"string" } }, "Seed":{ "type":"array", "items":{ "type":"string" } }, "PgenCounter":{ "type":"array", "items":{ "type":"string" } } } }, "RSAKeyValue":{ "type":"object", "properties":{ "Modulus":{ "type":"array", "items":{ "type":"string" } }, "Exponent":{ "type":"array", "items":{ "type":"string" } } } } } } }, "RetrievalMethod":{ "type":"array", "items":{ "type":"object", "properties":{ "transforms":{ "type":"object", "properties":{ "Transform":{ "type":"array", "items":{ "type":"object", "properties":{ "XPath":{ "type":"array", "items":{ "type":"any" } }, "Algorithm":{ "type":"string" } } } } } }, "uri":{ "type":"string" }, "type":{ "type":"string" } } } }, "X509Data":{ "type":"array", "items":{ "type":"object", "properties":{ "X509IssuerSerial":{ "type":"array", "items":{ "type":"object", "properties":{ "X509IssuerName":{ "type":"string" }, "X509SerialNumber":{ "type":"integer" } } } }, "X509SKI":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "X509SubjectName":{ "type":"array", "items":{ "type":"string" } }, "X509Certificate":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "X509CRL":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "PGPData":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "pgpkeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyID":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "PGPKeyPacket":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "SPKIData":{ "type":"array", "items":{ "type":"object", "properties":{ "base64Content":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "spkisexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } }, "SPKISexp":{ "type":"array", "items":{ "type":"array", "items":{ "type":"string" } } } } } }, "MgmtData":{ "type":"array", "items":{ "type":"string" } }, "Id":{ "type":"string" } } } } }, "ReturnProcessingDetails":{ "type":"boolean" }, "ReturnSigningTimeInfo":{ "type":"boolean" }, "ReturnSignerIdentity":{ "type":"boolean" }, "ReturnUpdatedSignature":{ "type":"boolean" }, "ReturnTransformedDocument":{ "type":"boolean" }, "ReturnTimestampedSignature":{

Dear Andreas, Thank you very much. I have not much experience on JSON so far. What I see is that it could be useful to include comments (I have seen that there are JSON schema components for adding comments) to make it more understable and make it clear where the definitions of the different types start and end. As for the contents itself, would say that when the DSS specified the XML schema it thought about the relevant elements required for meeting a number of good requirements for detailing some of the componentes of the signatures, and it seems to be appropiate to keep them in JSON... Regards Juan Carlos. El 28/11/16 a las 10:04, Andreas Kuehne escribió: Hi all, see my draft on a JSON binding attached. A JSON schema created b y the JAXB framework is attached, but the expressiveness and readability leaves room for improvements. Does anyone has experience in deriving a readable JSON schema from a given JSON sample or a XML schema? Moreover, did the dust settle for an agreed JSON schema format? Greetings, Andreas -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

Hallo Andreas,   could you provide the source schema as well?   @Juan Carlos, Stefan, could you try to include me in the call (I’m detlef.huehnlein @ Skype)?   BR, Detlef   Von: dss-x@lists.oasis-open.org [mailto:dss-x@lists.oasis-open.org] Im Auftrag von Andreas Kuehne Gesendet: Montag, 28. November 2016 10:04 An: dss-x <dss-x@lists.oasis-open.org> Betreff: [dss-x] DSS-JSON binding   Hi all, see my draft on a JSON binding attached. A JSON schema created by the JAXB framework is attached, but the expressiveness and readability leaves room for improvements. Does anyone has experience in deriving a readable JSON schema from a given JSON sample or a XML schema? Moreover, did the dust settle for an agreed JSON schema format?   Greetings,   Andreas     -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de   Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612   Director Andreas Kühne   Company UK Company No: 5218868 Registered in England and Wales

Sure! See the zip of preprocessed schemas attached ... and the stylesheet that did the magic. Greetings, Andreas > Hallo Andreas, > > > > could you provide the source schema as well? > > > > @Juan Carlos, Stefan, could you try to include me in the > > call (I’m detlef.huehnlein @ Skype)? > > > > BR, > > Detlef > > > > Von: dss-x@lists.oasis-open.org [ mailto:dss-x@lists.oasis-open.org ] Im Auftrag von Andreas Kuehne > Gesendet: Montag, 28. November 2016 10:04 > An: dss-x <dss-x@lists.oasis-open.org> > Betreff: [dss-x] DSS-JSON binding > > > > Hi all, > > see my draft on a JSON binding attached. > > A JSON schema created by the JAXB framework is attached, but the expressiveness and readability leaves room for improvements. Does anyone has experience in deriving a readable JSON schema from a given JSON sample or a XML schema? > > Moreover, did the dust settle for an agreed JSON schema format? > > > > Greetings, > > > > Andreas > > > > > -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales Attachment: preprocessed_XSDs.zip Description: Zip compressed data <?xml version="1.0"?> <xsl:stylesheet version="2.0" xmlns:xsl=" http://www.w3.org/1999/XSL/Transform" ; xmlns:xs=" http://www.w3.org/2001/XMLSchema" ; > <xsl:param name="IncludeAdESProfile">true</xsl:param> <xsl:param name="IncludeVerificationProfile"/> <xsl:variable name="includeAdESProfile" select="translate($IncludeAdESProfile, 'tTrRuUeE', 'ttrruuee')"/> <xsl:variable name="includeVerificationProfile" select="translate($IncludeVerificationProfile, 'tTrRuUeE', 'ttrruuee')"/> <xsl:template match="/xs:schema"> <xsl:copy> <xsl:apply-templates select="@*"/> <xsl:namespace name="xs" select="' http://www.w3.org/2001/XMLSchema '"/> <xsl:namespace name="ades" select="'urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#'"/> <xsl:namespace name="vr" select="'urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#'"/> <xsl:apply-templates select="node()"/> </xsl:copy> </xsl:template> <xsl:template match="/xs:schema[@targetNamespace='urn:oasis:names:tc:dss:1.0:core:schema']/xs:annotation[last()]"> <xsl:copy> <xsl:apply-templates select="@* node()"/> </xsl:copy> <xsl:if test="$includeAdESProfile = 'true'"> <xs:import namespace="urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#" schemaLocation="oasis-dss-profiles-AdES-schema-v1.0-os.xsd"/> </xsl:if> <xsl:if test="$includeVerificationProfile = 'true'"> <xs:import namespace="urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#" schemaLocation="oasis-dssx-1.0-profiles-verification-report-cs1.xsd"/> </xsl:if> </xsl:template> <!-- rewrite schema location to refer to local re-written instances --> <xsl:template match="//xs:import [@namespace='urn:oasis:names:tc:dss:1.0:core:schema']"> <xs:import namespace="urn:oasis:names:tc:dss:1.0:core:schema" schemaLocation="oasis-dss-core-schema-v1.0-os.xsd"/> </xsl:template> <xsl:template match="//xs:import [@namespace=' http://www.w3.org/2000/09/xmldsig# ']"> <xs:import namespace=" http://www.w3.org/2000/09/xmldsig#" ; schemaLocation="xmldsig-core-schema.xsd"/> </xsl:template> <xsl:template match="//xs:import [@namespace='urn:oasis:names:tc:SAML:1.0:assertion']"> <xs:import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="oasis-sstc-saml-schema-protocol-1.1.xsd"/> </xsl:template> <xsl:template match="//xs:import [@namespace=' http://www.w3.org/XML/1998/namespace ']"> <xs:import namespace=" http://www.w3.org/XML/1998/namespace" ; schemaLocation="xml.xsd"/> </xsl:template> <xsl:template match="//xs:import [@namespace='urn:oasis:names:tc:SAML:2.0:assertion']"> <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/> </xsl:template> <xsl:template match="//xs:import [@namespace=' http://uri.etsi.org/01903/v1.3.2# ']"> <xs:import namespace=" http://uri.etsi.org/01903/v1.3.2#" ; schemaLocation="XAdES.xsd"/> </xsl:template> <!-- ########################### rewrite verification report schema ########################### --> <xsl:template match="//xs:complexType [@name='IndividualReportType']"> <xs:complexType name="ReportDetailType"> <xs:sequence> <!-- report types defined in verification report --> <xs:element ref="vr:DetailedSignatureReport" minOccurs="0" maxOccurs="1"/> <xs:element ref="vr:IndividualTimeStampReport" minOccurs="0" maxOccurs="1"/> <xs:element ref="vr:IndividualCertificateReport" minOccurs="0" maxOccurs="1"/> <!-- xs:element ref="vr:IndividualAttributeCertificateReport" minOccurs="0" maxOccurs="1"/--> <xs:element ref="vr:IndividualCRLReport" minOccurs="0" maxOccurs="1"/> <xs:element ref="vr:IndividualOCSPReport" minOccurs="0" maxOccurs="1"/> <xs:element ref="vr:EvidenceRecordReport" minOccurs="0" maxOccurs="1"/> <!-- Optional inputs 'useful for verification' defined DSS core spec 4.5 --> <xsl:call-template name="addOptionaInputsForVerification" /> </xs:sequence> </xs:complexType> <xs:complexType name="IndividualReportType"> <xs:sequence> <xs:element name="SignedObjectIdentifier" type="vr:SignedObjectIdentifierType"> </xs:element> <xs:element ref="dss:Result"/> <!-- rewrite from any type to list of optional inputs --> <xs:element name="Details" type="vr:ReportDetailType" maxOccurs="1" minOccurs="0" /> </xs:sequence> </xs:complexType> </xsl:template> <xsl:template match="//xs:schema[@targetNamespace='urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#']/xs:complexType [@name='UnsignedSignaturePropertiesType']"> <!-- <complexType name="UnsignedSignaturePropertiesType"> <choice maxOccurs="unbounded"> <element name="CounterSignature" type="vr:SignatureValidityType" /> <element name="SignatureTimeStamp" type="vr:TimeStampValidityType" /> <element ref="XAdES:CompleteCertificateRefs" /> <element ref="XAdES:CompleteRevocationRefs" /> <element ref="XAdES:AttributeCertificateRefs" /> <element ref="XAdES:AttributeRevocationRefs" /> <element name="SigAndRefsTimeStamp" type="vr:TimeStampValidityType" /> <element name="RefsOnlyTimeStamp" type="vr:TimeStampValidityType" /> <element name="CertificateValues" type="vr:CertificateValuesType" /> <element name="RevocationValues" type="vr:RevocationValuesType" /> <element name="AttrAuthoritiesCertValues" type="vr:CertificateValuesType"/> <element name="AttributeRevocationValues" type="vr:RevocationValuesType"/> <element name="ArchiveTimeStamp" type="vr:TimeStampValidityType" /> </choice> <attribute name="Id" type="ID" use="optional" /> </complexType> --> <xs:complexType name="UnsignedSignaturePropertiesType"> <xs:sequence> <xs:element name="CounterSignature" type="vr:SignatureValidityType" /> <xs:element name="SignatureTimeStamp" type="vr:TimeStampValidityType" /> <xs:element ref="XAdES:CompleteCertificateRefs" /> <xs:element ref="XAdES:CompleteRevocationRefs" /> <xs:element ref="XAdES:AttributeCertificateRefs" /> <xs:element ref="XAdES:AttributeRevocationRefs" /> <xs:element name="SigAndRefsTimeStamp" type="vr:TimeStampValidityType" /> <xs:element name="RefsOnlyTimeStamp" type="vr:TimeStampValidityType" /> <xs:element name="CertificateValues" type="vr:CertificateValuesType" /> <xs:element name="RevocationValues" type="vr:RevocationValuesType" /> <xs:element name="AttrAuthoritiesCertValues" type="vr:CertificateValuesType"/> <xs:element name="AttributeRevocationValues" type="vr:RevocationValuesType"/> <xs:element name="ArchiveTimeStamp" type="vr:TimeStampValidityType" /> </xs:sequence> <xs:attribute name="Id" type="ID" use="optional" /> </xs:complexType> </xsl:template> <xsl:template match="/xs:schema/xs:complexType [@name='CRLContentType']"> <xsl:copy> <xsl:apply-templates select="@* node()"/> </xsl:copy> <xs:complexType name="RevokedCertificateType"> <xs:sequence> <xs:element name="UserCertificate" type="integer"/> <xs:element name="RevocationDate" type="dateTime"/> <xs:element name="CrlEntryExtensions" minOccurs="0" type="vr:ExtensionsType"/> </xs:sequence> </xs:complexType> </xsl:template> <xsl:template match="/xs:schema/xs:complexType [@name='CRLContentType']/xs:sequence/xs:element [@name='RevokedCertificates']"> <xs:element name="RevokedCertificates" minOccurs="0"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="RevokedCertificate" type="vr:RevokedCertificateType"/> </xs:sequence> </xs:complexType> </xs:element> </xsl:template> <!-- ########################### cut down the SAML scemata to the (few) relevant definitions ########################### --> <xsl:template match="/xs:schema[@targetNamespace='urn:oasis:names:tc:SAML:1.0:assertion']" priority="2"> <xsl:copy> <xsl:apply-templates select="@*"/> <xsl:apply-templates select="//xs:element [@name='NameIdentifier']"/> <xsl:apply-templates select="//xs:complexType [@name='NameIdentifierType']"/> </xsl:copy> </xsl:template> <xsl:template match="/xs:schema[@targetNamespace='urn:oasis:names:tc:SAML:2.0:assertion']" priority="2"> <xsl:copy> <xsl:apply-templates select="@*"/> <xsl:apply-templates select="//xs:attributeGroup [@name='IDNameQualifiers']"/> <xsl:apply-templates select="//xs:element [@name='NameID']"/> <xsl:apply-templates select="//xs:complexType [@name='NameIDType']"/> </xsl:copy> </xsl:template> <!-- ########################### mangle the key selector from XMLDSig ########################### --> <xsl:template match="//xs:complexType [@name='PGPDataType']"> <xs:complexType name="PGPDataType"> <xs:choice> <xs:sequence maxOccurs="unbounded"> <xs:element name="PGPKeyID" type="base64Binary"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="PGPKeyPacket" type="base64Binary"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="Base64Content" type="xs:base64Binary" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:choice> </xs:complexType> </xsl:template> <xsl:template match="//xs:complexType [@name='SPKIDataType']"> <xs:complexType name="SPKIDataType"> <xs:choice> <xs:sequence maxOccurs="unbounded"> <xs:element name="SPKISexp" type="base64Binary" /> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="Base64Content" type="xs:base64Binary" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:choice> </xs:complexType> </xsl:template> <xsl:template match="//xs:complexType [@name='KeyValueType']"> <xs:complexType name="KeyValueType" > <xs:choice> <xs:element ref="ds:DSAKeyValue" /> <xs:element ref="ds:RSAKeyValue" /> <xs:element name="Base64Content" type="xs:base64Binary" minOccurs="0" maxOccurs="1"/> </xs:choice> </xs:complexType> </xsl:template> <xsl:template match="//xs:complexType [@name='ReferenceType']/xs:sequence/xs:element [@ref='ds:DigestValue']"> <xs:element name="DigestValue" type="xs:base64Binary" minOccurs="0" maxOccurs="1"/> </xsl:template> <!-- XMLDSig original content <complexType name="KeyInfoType" mixed="true"> <choice maxOccurs="unbounded"> <element ref="ds:KeyName"/> <element ref="ds:KeyValue"/> <element ref="ds:RetrievalMethod"/> <element ref="ds:X509Data"/> <element ref="ds:PGPData"/> <element ref="ds:SPKIData"/> <element ref="ds:MgmtData"/> <any processContents="lax" namespace="##other"/> </choice> <attribute name="Id" type="ID" use="optional"/> </complexType> --> <xsl:template match="//xs:complexType [@name='KeyInfoType']"> <xs:complexType name="KeyInfoType"> <xs:choice> <xs:sequence maxOccurs="unbounded"> <xs:element name="KeyName" type="string"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="KeyValue" type="ds:KeyValueType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="RetrievalMethod" type="ds:RetrievalMethodType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="X509Data" type="ds:X509DataType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="PGPData" type="ds:PGPDataType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="SPKIData" type="ds:SPKIDataType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="MgmtData" type="string"/> </xs:sequence> <!--xs:element name="Other" type="dss:AnyType" /--> </xs:choice> <xs:attribute name="Id" type="ID" use="optional"/> </xs:complexType> </xsl:template> <xsl:template match="//xs:complexType [@name='X509DataType']"> <xs:complexType name="X509DataType"> <xs:choice> <xs:sequence maxOccurs="unbounded"> <xs:element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="X509SKI" type="base64Binary"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="X509SubjectName" type="string"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="X509Certificate" type="base64Binary"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="X509CRL" type="base64Binary"/> </xs:sequence> </xs:choice> </xs:complexType> </xsl:template> <!-- ########################### reworking DSS core types ########################### --> <xsl:template match="//xs:element [@name='ResultMajor']"> <xs:element name="ResultMajor"> <xs:simpleType> <xs:restriction base="xs:anyURI"> <xs:enumeration value="urn:oasis:names:tc:dss:1.0:resultmajor:Success"/> <xs:enumeration value="urn:oasis:names:tc:dss:1.0:resultmajor:RequesterError"/> <xs:enumeration value="urn:oasis:names:tc:dss:1.0:resultmajor:ResponderError"/> <xs:enumeration value="urn:oasis:names:tc:dss:1.0:resultmajor:InsufficientInformation"/> </xs:restriction> </xs:simpleType> </xs:element> </xsl:template> <xsl:template match="//xs:element [@name='DocumentHash']"> <xs:element name="DocumentHash" type="dss:DocumentHashType"/> <xs:complexType name="DocumentHashType"> <xsl:apply-templates select="xs:complexType/*"/> </xs:complexType> </xsl:template> <xsl:template match="//xs:element [@name='TransformedData']"> <!-- xs:element name="TransformedData" type="dss:TransformedDataType"/--> <xs:complexType name="TransformedDataType"> <xsl:apply-templates select="xs:complexType/*"/> </xs:complexType> </xsl:template> <xsl:template match="//xs:element [@name='InputDocuments']"> <xs:element name="InputDocuments"> <xs:complexType> <xs:choice> <xs:sequence maxOccurs="unbounded"> <xs:element name="Document" type="dss:DocumentType"/> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="TransformedData" type="dss:TransformedDataType" /> </xs:sequence> <xs:sequence maxOccurs="unbounded"> <xs:element name="DocumentHash" type="dss:DocumentHashType" /> </xs:sequence> <!--xs:element name="Other" type="dss:AnyType" /--> </xs:choice> </xs:complexType> </xs:element> </xsl:template> <xsl:template match="//xs:element [@name='ReturnProcessingDetails' or @name='UseVerificationTime' or @name='ReturnVerificationTimeInfo' or @name='ReturnSigningTimeInfo' or @name='ReturnSignerIdentity' or @name='ReturnUpdatedSignature' or @name='ReturnTransformedDocument' or @name='ReturnTimestampedSignature' ]"> <xs:element type="xs:boolean"> <xsl:attribute name="name"><xsl:value-of select="@name"/></xsl:attribute> </xs:element> </xsl:template> <xsl:template match="//xs:element [@name='OptionalInputs']"> <xs:element name="OptionalInputs" > <xs:complexType> <xs:sequence> <xs:element ref="dss:SignatureType" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:AdditionalProfile" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="dss:SignedReferences" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:ServicePolicy" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:ClaimedIdentity" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:Language" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:Schemas" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:AddTimestamp" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:IntendedAudience" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:KeySelector" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:Properties" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:IncludeObject" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="dss:SignaturePlacement" minOccurs="0" maxOccurs="1"/> <!-- Optional inputs 'useful for verification' defined DSS core spec 4.5 --> <xsl:call-template name="addOptionaInputsForVerification" /> <xsl:if test="$includeAdESProfile = 'true'"> <xs:element name="SignatureForm" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> </xsl:if> <xsl:if test="$includeVerificationProfile = 'true'"> <!-- optional input define in 'profile for comprehensive multisignature verification reports' --> <xs:element ref="vr:ReturnVerificationReport" minOccurs="0" maxOccurs="1"/> </xsl:if> </xs:sequence> </xs:complexType> </xs:element> </xsl:template> <xsl:template match="//xs:element [@name='OptionalOutputs']"> <xs:element name="OptionalOutputs" > <xs:complexType> <xs:sequence> <xs:element ref="dss:Schemas" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:VerifyManifestResults" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:VerificationTimeInfo" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:ProcessingDetails" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:SigningTimeInfo" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:SignerIdentity" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:DocumentWithSignature" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:UpdatedSignature" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:TransformedDocument" minOccurs="0" maxOccurs="1"/> <xs:element ref="dss:TimestampedSignature" minOccurs="0" maxOccurs="1"/> <xsl:if test="$includeVerificationProfile = 'true'"> <xs:element ref="vr:VerificationReport" minOccurs="0" maxOccurs="1"/> </xsl:if> </xs:sequence> </xs:complexType> </xs:element> </xsl:template> <!-- <xsl:template match="//xs:complexType [@name='ReferenceType']"> <complexType name="ReferenceType"> <sequence> <xs:element name="Transforms" type="ds:TransformsType" minOccurs="0"/> <xs:element name="DigestMethod" type="ds:DigestMethodType"/> <xs:element name="DigestValue" type="ds:DigestValueType"/> </sequence> <attribute name="Id" type="ID" use="optional"/> <attribute name="URI" type="anyURI" use="optional"/> <attribute name="Type" type="anyURI" use="optional"/> </complexType> </xsl:template> --> <!-- drop the XML ds:Signature object from the valid represenation of SignatureObjects --> <xsl:template match="//xs:element [@name='SignatureObject']/xs:complexType/xs:sequence/xs:choice/xs:element [@ref='ds:Signature']"> </xsl:template> <!-- replace the XML ds:Signature object within the dss:Timestamp by a basde64 holder --> <xsl:template match="//xs:element [@name='Timestamp']/xs:complexType/xs:choice/xs:element [@ref='ds:Signature']"> <xs:element name="Base64Data" type="dss:Base64DataType"/> </xsl:template> <!-- drop InlineXML and EscapedXML--> <xsl:template match="//xs:complexType [@name='DocumentType']"> <xs:complexType name="DocumentType"> <xs:complexContent> <xs:extension base="dss:DocumentBaseType"> <xs:choice> <xs:element name="Base64XML" type="xs:base64Binary"/> <xs:element name="Base64Data" type="dss:Base64DataType"/> <xs:element ref="dss:AttachmentReference"/> </xs:choice> </xs:extension> </xs:complexContent> </xs:complexType> </xsl:template> <xsl:template match="//xs:element [@name='Base64Data']"> <xs:element name="Base64Data" type= "dss:Base64DataType"/> <xs:complexType name="Base64DataType"> <xs:simpleContent> <xs:extension base="xs:base64Binary"> <xs:attribute name="MimeType" type="xs:string" use="optional"/> </xs:extension> </xs:simpleContent> </xs:complexType> </xsl:template> <!-- drop non-Base64-Representations of XML --> <xsl:template match="//xs:complexType [@name='InlineXMLType']"/> <xsl:template match="//xs:element [@name='InlineXML']"/> <xsl:template match="//xs:element [@name='EscapedXML']"/> <!-- change nasty AnyType, xs:any does not fit well into a typesafe binding --> <xsl:template match="//xs:complexType [@name='AnyType']"> <xs:complexType name="AnyType"> <xs:sequence> <xs:element name="Base64Content" type="xs:base64Binary" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xsl:template> <!-- drop nasty AnyType, it does not fit well into a typesafe binding <xsl:template match="//xs:complexType [@name='AnyType']"/> <xsl:template match="//xs:choice/xs:element [@type='dss:AnyType']"/> <xsl:template match="//xs:sequence/xs:element [@type='dss:AnyType']"/> --> <!-- replace remaining xs:any --> <xsl:template match="//xs:any" > <xs:sequence> <xsl:if test="string-length(@minOccurs) > 0"> <xsl:attribute name="minOccurs"><xsl:value-of select="@minOccurs"/></xsl:attribute> </xsl:if> <xsl:if test="string-length(@maxOccurs) > 0"> <xsl:attribute name="maxOccurs"><xsl:value-of select="@maxOccurs"/></xsl:attribute> </xsl:if> <xs:element name="Base64Content" type="xs:base64Binary" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xsl:template> <xsl:template name="addOptionaInputsForVerification" > <!-- Optional inputs 'useful for verification' defined DSS core spec 4.5 --> <!-- 4.5.1 --> <!-- xs:element ref="dss:VerifyManifests" minOccurs="0" maxOccurs="1"/--> <!-- 4.5.2 --> <xs:element ref="dss:UseVerificationTime" minOccurs="0" maxOccurs="1"/> <!-- 4.5.3 --> <xs:element ref="dss:ReturnVerificationTimeInfo" minOccurs="0" maxOccurs="1"/> <!-- 4.5.4 --> <xs:element ref="dss:AdditionalKeyInfo" minOccurs="0" maxOccurs="1"/> <!-- 4.5.5 --> <xs:element ref="dss:ReturnProcessingDetails" minOccurs="0" maxOccurs="1"/> <!-- 4.5.6 --> <xs:element ref="dss:ReturnSigningTimeInfo" minOccurs="0" maxOccurs="1"/> <!-- 4.5.7 --> <xs:element ref="dss:ReturnSignerIdentity" minOccurs="0" maxOccurs="1"/> <!-- 4.5.8 --> <xs:element ref="dss:ReturnUpdatedSignature" minOccurs="0" maxOccurs="1"/> <!-- 4.5.9 --> <xs:element ref="dss:ReturnTransformedDocument" minOccurs="0" maxOccurs="1"/> <!-- 4.5.10 --> <xs:element ref="dss:ReturnTimestampedSignature" minOccurs="0" maxOccurs="1"/> </xsl:template> <xsl:template match="/"> <xsl:apply-templates select="node()"/> </xsl:template> <xsl:template match="@* node()" priority="-1"> <xsl:copy> <xsl:apply-templates select="@* node()"/> </xsl:copy> </xsl:template> </xsl:stylesheet>