home *** CD-ROM | disk | FTP | other *** search
/ ftp.rsa.com / 2014.05.ftp.rsa.com.tar / ftp.rsa.com / pub / otps / ct-kip / ct-kip-v1-0r1.xsd < prev    next >
Extensible Markup Language  |  2014-05-02  |  13KB  |  366 lines
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!-- Schema file for CT-KIP v1.0 Revision 1 -->
  3. <!-- $Revision: 1.1 $ $Date: 2006/12/04 10:57:46 $ -->
  4.  
  5. <!-- Copyright (c) RSA Security Inc. 2006. All rights reserved. -->
  6. <!-- License to copy and use this schema file is granted provided that
  7.      it is identified as "RSA Security Inc. Cryptographic Token Key
  8.      Initialization Protocol (CT-KIP) v1.0" in all material mentioning
  9.      or referencing it.
  10.  
  11.      RSA Security Inc. makes no representations concerning either the
  12.      merchantability of this schema or the suitability of this schema
  13.      for any particular purpose. It is provided "as is" without
  14.      express or implied warranty of any kind.
  15. -->
  16.  
  17. <xs:schema
  18.      targetNamespace=
  19.      "http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#"
  20.      xmlns:xs="http://www.w3.org/2001/XMLSchema"
  21.      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  22.      xmlns=
  23.      "http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#">
  24.  
  25.    <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
  26.      schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
  27.    xmldsig-core-schema.xsd"/>
  28.  
  29.    <!-- Basic types -->
  30.  
  31.    <xs:complexType name="AbstractRequestType" abstract="true">
  32.      <xs:attribute name="Version" type="VersionType" use="required"/>
  33.    </xs:complexType>
  34.  
  35.    <xs:complexType name="AbstractResponseType" abstract="true">
  36.      <xs:attribute name="Version" type="VersionType" use="required"/>
  37.      <xs:attribute name="SessionID" type="IdentifierType"/>
  38.      <xs:attribute name="Status" type="StatusCode" use="required"/>
  39.    </xs:complexType>
  40.  
  41.    <xs:simpleType name="StatusCode">
  42.      <xs:restriction base="xs:string">
  43.        <xs:enumeration value="Continue"/>
  44.        <xs:enumeration value="Success"/>
  45.        <xs:enumeration value="Abort"/>
  46.        <xs:enumeration value="AccessDenied"/>
  47.        <xs:enumeration value="MalformedRequest"/>
  48.        <xs:enumeration value="UnknownRequest"/>
  49.        <xs:enumeration value="UnknownCriticalExtension"/>
  50.        <xs:enumeration value="UnsupportedVersion"/>
  51.        <xs:enumeration value="NoSupportedKeyTypes"/>
  52.        <xs:enumeration value="NoSupportedEncryptionAlgorithms"/>
  53.        <xs:enumeration value="NoSupportedMACAlgorithms"/>
  54.        <xs:enumeration value="InitializationFailed"/>
  55.      </xs:restriction>
  56.    </xs:simpleType>
  57.  
  58.    <xs:simpleType name="VersionType">
  59.      <xs:restriction base="xs:string">
  60.        <xs:pattern value="\d{1,2}\.\d{1,3}"/>
  61.      </xs:restriction>
  62.    </xs:simpleType>
  63.  
  64.    <xs:simpleType name="IdentifierType">
  65.      <xs:restriction base="xs:string">
  66.        <xs:maxLength value="128"/>
  67.      </xs:restriction>
  68.    </xs:simpleType>
  69.  
  70.    <xs:simpleType name="NonceType">
  71.      <xs:restriction base="xs:base64Binary">
  72.        <xs:length value="16"/>
  73.      </xs:restriction>
  74.    </xs:simpleType>
  75.  
  76.    <xs:complexType name="LogoType">
  77.      <xs:simpleContent>
  78.        <xs:extension base="xs:base64Binary">
  79.          <xs:attribute name="MimeType" type="MimeTypeType"
  80.          use="required"/>
  81.        </xs:extension>
  82.      </xs:simpleContent>
  83.    </xs:complexType>
  84.  
  85.    <xs:simpleType name="MimeTypeType">
  86.      <xs:restriction base="xs:string">
  87.        <xs:enumeration value="image/jpeg"/>
  88.        <xs:enumeration value="image/gif"/>
  89.      </xs:restriction>
  90.    </xs:simpleType>
  91.  
  92.    <!-- Algorithms are identified through URIs -->
  93.    <xs:complexType name="AlgorithmsType">
  94.      <xs:sequence maxOccurs="unbounded">
  95.        <xs:element name="Algorithm" type="AlgorithmType"/>
  96.      </xs:sequence>
  97.    </xs:complexType>
  98.  
  99.    <xs:simpleType name="AlgorithmType">
  100.      <xs:restriction base="xs:anyURI"/>
  101.    </xs:simpleType>
  102.  
  103.    <xs:complexType name="MacType">
  104.      <xs:simpleContent>
  105.        <xs:extension base="xs:base64Binary">
  106.          <xs:attribute name="MacAlgorithm"
  107.          type="xs:anyURI"/>
  108.        </xs:extension>
  109.      </xs:simpleContent>
  110.    </xs:complexType>
  111.  
  112.    <!-- CT-KIP extensions (for future use) -->
  113.    <xs:complexType name="ExtensionsType">
  114.      <xs:sequence maxOccurs="unbounded">
  115.        <xs:element name="Extension" type="AbstractExtensionType"/>
  116.      </xs:sequence>
  117.    </xs:complexType>
  118.  
  119.    <xs:complexType name="AbstractExtensionType" abstract="true">
  120.      <xs:attribute name="Critical" type="xs:boolean"/>
  121.    </xs:complexType>
  122.  
  123.    <xs:complexType name="ClientInfoType">
  124.      <xs:complexContent>
  125.        <xs:extension base="AbstractExtensionType">
  126.          <xs:sequence>
  127.            <xs:element name="Data" type="xs:base64Binary"/>
  128.          </xs:sequence>
  129.        </xs:extension>
  130.      </xs:complexContent>
  131.    </xs:complexType>
  132.  
  133.    <xs:complexType name="ServerInfoType">
  134.      <xs:complexContent>
  135.        <xs:extension base="AbstractExtensionType">
  136.          <xs:sequence>
  137.            <xs:element name="Data" type="xs:base64Binary"/>
  138.          </xs:sequence>
  139.        </xs:extension>
  140.      </xs:complexContent>
  141.    </xs:complexType>
  142.  
  143.    <xs:complexType name="OTPKeyConfigurationDataType">
  144.      <xs:annotation>
  145.        <xs:documentation xml:lang="en">
  146.          This extension is only valid in ServerFinished PDUs.  It
  147.          carries additional configuration data that an OTP token should
  148.          use (subject to local policy) when generating OTP values from a
  149.          newly generated OTP key.
  150.        </xs:documentation>
  151.      </xs:annotation>
  152.      <xs:complexContent>
  153.        <xs:extension base="AbstractExtensionType">
  154.          <xs:sequence>
  155.            <xs:element name="OTPFormat" type="OTPFormatType"/>
  156.            <xs:element name="OTPLength" type="xs:positiveInteger"/>
  157.            <xs:element name="OTPMode" type="OTPModeType" minOccurs="0"/>
  158.          </xs:sequence>
  159.        </xs:extension>
  160.      </xs:complexContent>
  161.    </xs:complexType>
  162.  
  163.    <xs:simpleType name="OTPFormatType">
  164.      <xs:restriction base="xs:string">
  165.        <xs:enumeration value="Decimal"/>
  166.        <xs:enumeration value="Hexadecimal"/>
  167.        <xs:enumeration value="Alphanumeric"/>
  168.        <xs:enumeration value="Binary"/>
  169.      </xs:restriction>
  170.    </xs:simpleType>
  171.  
  172.    <xs:complexType name="OTPModeType">
  173.      <xs:choice maxOccurs="unbounded">
  174.        <xs:element name="Time" type="TimeType"/>
  175.        <xs:element name="Counter"/>
  176.        <xs:element name="Challenge"/>
  177.        <xs:any namespace="##other" processContents="strict"/>
  178.      </xs:choice>
  179.    </xs:complexType>
  180.  
  181.    <xs:complexType name="TimeType">
  182.      <xs:complexContent>
  183.        <xs:restriction base="xs:anyType">
  184.          <xs:attribute name="TimeInterval" type="xs:positiveInteger"/>
  185.        </xs:restriction>
  186.      </xs:complexContent>
  187.    </xs:complexType>
  188.  
  189.    <xs:complexType name="PayloadType">
  190.      <xs:annotation>
  191.        <xs:documentation xml:lang="en">
  192.        </xs:documentation>
  193.      </xs:annotation>
  194.      <xs:choice>
  195.        <xs:element name="Nonce" type="NonceType"/>
  196.        <xs:any namespace="##other" processContents="strict"/>
  197.      </xs:choice>
  198.    </xs:complexType>
  199.  
  200.    <xs:simpleType name="PlatformType">
  201.      <xs:restriction base="xs:string">
  202.        <xs:enumeration value="Hardware"/>
  203.        <xs:enumeration value="Software"/>
  204.        <xs:enumeration value="Unspecified"/>
  205.      </xs:restriction>
  206.    </xs:simpleType>
  207.  
  208.    <xs:complexType name="TokenPlatformInfoType">
  209.      <xs:annotation>
  210.        <xs:documentation xml:lang="en">
  211.          Carries token platform information helping the client to select
  212.          a suitable token.
  213.        </xs:documentation>
  214.      </xs:annotation>
  215.      <xs:attribute name="KeyLocation" type="PlatformType"/>
  216.      <xs:attribute name="AlgorithmLocation" type="PlatformType"/>
  217.    </xs:complexType>
  218.  
  219.    <xs:complexType name="InitializationTriggerType">
  220.      <xs:sequence>
  221.        <xs:element name="TokenID" type="xs:base64Binary" minOccurs="0"/>
  222.        <xs:element name="KeyID" type="xs:base64Binary" minOccurs="0"/>
  223.        <xs:element name="TokenPlatformInfo" type="TokenPlatformInfoType"
  224.          minOccurs="0"/>
  225.        <xs:element name="TriggerNonce" type="NonceType"/>
  226.        <xs:element name="CT-KIPURL" type="xs:anyURI" minOccurs="0"/>
  227.        <xs:any namespace="##other" processContents="strict"
  228.          minOccurs="0"/>
  229.      </xs:sequence>
  230.    </xs:complexType>
  231.  
  232.    <!-- CT-KIP PDUs -->
  233.  
  234.    <!-- CT-KIP trigger -->
  235.    <xs:element name="CT-KIPTrigger" type="CT-KIPTriggerType"/>
  236.  
  237.    <xs:complexType name="CT-KIPTriggerType">
  238.      <xs:annotation>
  239.        <xs:documentation xml:lang="en">
  240.          Message used to trigger the device to initiate a CT-KIP run.
  241.        </xs:documentation>
  242.      </xs:annotation>
  243.      <xs:sequence>
  244.        <xs:choice>
  245.          <xs:element name="InitializationTrigger"
  246.          type="InitializationTriggerType"/>
  247.          <xs:any namespace="##other" processContents="strict"/>
  248.        </xs:choice>
  249.      </xs:sequence>
  250.      <xs:attribute name="Version" type="VersionType"/>
  251.    </xs:complexType>
  252.  
  253.    <!-- ClientHello PDU -->
  254.    <xs:element name="ClientHello" type="ClientHelloPDU"/>
  255.  
  256.    <xs:complexType name="ClientHelloPDU">
  257.      <xs:annotation>
  258.        <xs:documentation xml:lang="en">
  259.          Message sent from CT-KIP client to CT-KIP server to initiate an
  260.          CT-KIP session.
  261.        </xs:documentation>
  262.      </xs:annotation>
  263.      <xs:complexContent>
  264.        <xs:extension base="AbstractRequestType">
  265.          <xs:sequence>
  266.            <xs:element name="TokenID" type="xs:base64Binary"
  267.              minOccurs="0"/>
  268.            <xs:element name="KeyID" type="xs:base64Binary"
  269.              minOccurs="0"/>
  270.            <xs:element name="ClientNonce" type="NonceType"
  271.              minOccurs="0"/>
  272.            <xs:element name="TriggerNonce" type="NonceType"
  273.              minOccurs="0"/>
  274.            <xs:element name="SupportedKeyTypes" type="AlgorithmsType"/>
  275.            <xs:element name="SupportedEncryptionAlgorithms"
  276.              type="AlgorithmsType"/>
  277.            <xs:element name="SupportedMACAlgorithms"
  278.              type="AlgorithmsType"/>
  279.            <xs:element name="Extensions" type="ExtensionsType"
  280.              minOccurs="0"/>
  281.          </xs:sequence>
  282.        </xs:extension>
  283.      </xs:complexContent>
  284.    </xs:complexType>
  285.  
  286.    <!-- ServerHello PDU -->
  287.    <xs:element name="ServerHello" type="ServerHelloPDU"/>
  288.  
  289.    <xs:complexType name="ServerHelloPDU">
  290.      <xs:annotation>
  291.        <xs:documentation xml:lang="en">
  292.          Message sent from CT-KIP server to CT-KIP client in response to
  293.          a received ClientHello PDU.
  294.        </xs:documentation>
  295.      </xs:annotation>
  296.      <xs:complexContent>
  297.        <xs:extension base="AbstractResponseType">
  298.          <xs:sequence minOccurs="0">
  299.            <xs:element name="KeyType" type="AlgorithmType"/>
  300.            <xs:element name="EncryptionAlgorithm" type="AlgorithmType"/>
  301.            <xs:element name="MacAlgorithm" type="AlgorithmType"/>
  302.            <xs:element name="EncryptionKey" type="ds:KeyInfoType"/>
  303.            <xs:element name="Payload" type="PayloadType"/>
  304.            <xs:element name="Extensions" type="ExtensionsType"
  305.              minOccurs="0"/>
  306.            <xs:element name="Mac" type="MacType" minOccurs="0"/>
  307.          </xs:sequence>
  308.        </xs:extension>
  309.      </xs:complexContent>
  310.    </xs:complexType>
  311.  
  312.    <!-- ClientNonce PDU -->
  313.    <xs:element name="ClientNonce" type="ClientNoncePDU"/>
  314.  
  315.    <xs:complexType name="ClientNoncePDU">
  316.      <xs:annotation>
  317.        <xs:documentation xml:lang="en">
  318.          Second message sent from CT-KIP client to CT-KIP server to
  319.          convey the client's chosen secret.
  320.        </xs:documentation>
  321.      </xs:annotation>
  322.      <xs:complexContent>
  323.        <xs:extension base="AbstractRequestType">
  324.          <xs:sequence>
  325.            <xs:element name="EncryptedNonce" type="xs:base64Binary"/>
  326.            <xs:element name="Extensions" type="ExtensionsType"
  327.              minOccurs="0"/>
  328.          </xs:sequence>
  329.          <xs:attribute name="SessionID" type="IdentifierType"
  330.            use="required"/>
  331.        </xs:extension>
  332.      </xs:complexContent>
  333.    </xs:complexType>
  334.  
  335.    <!-- ServerFinished PDU -->
  336.    <xs:element name="ServerFinished" type="ServerFinishedPDU"/>
  337.    <xs:complexType name="ServerFinishedPDU">
  338.      <xs:annotation>
  339.        <xs:documentation xml:lang="en">
  340.          Final message sent from CT-KIP server to CT-KIP client in an
  341.          CT-KIP session.
  342.        </xs:documentation>
  343.      </xs:annotation>
  344.      <xs:complexContent>
  345.        <xs:extension base="AbstractResponseType">
  346.          <xs:sequence minOccurs="0">
  347.            <xs:element name="TokenID" type="xs:base64Binary"/>
  348.            <xs:element name="KeyID" type="xs:base64Binary"/>
  349.            <xs:element name="KeyExpiryDate" type="xs:dateTime"
  350.              minOccurs="0"/>
  351.            <xs:element name="ServiceID" type="IdentifierType"
  352.              minOccurs="0"/>
  353.            <xs:element name="ServiceLogo" type="LogoType"
  354.              minOccurs="0"/>
  355.            <xs:element name="UserID" type="IdentifierType"
  356.              minOccurs="0"/>
  357.            <xs:element name="Extensions" type="ExtensionsType"
  358.              minOccurs="0"/>
  359.            <xs:element name="Mac" type="MacType"/>
  360.          </xs:sequence>
  361.        </xs:extension>
  362.      </xs:complexContent>
  363.    </xs:complexType>
  364.  
  365. </xs:schema>
  366.