home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.rsa.com
/
2014.05.ftp.rsa.com.tar
/
ftp.rsa.com
/
pub
/
otps
/
ct-kip
/
ct-kip-v1-0r1.xsd
< prev
next >
Wrap
Extensible Markup Language
|
2014-05-02
|
13KB
|
366 lines
<?xml version="1.0" encoding="UTF-8"?>
<!-- Schema file for CT-KIP v1.0 Revision 1 -->
<!-- $Revision: 1.1 $ $Date: 2006/12/04 10:57:46 $ -->
<!-- Copyright (c) RSA Security Inc. 2006. All rights reserved. -->
<!-- License to copy and use this schema file is granted provided that
it is identified as "RSA Security Inc. Cryptographic Token Key
Initialization Protocol (CT-KIP) v1.0" in all material mentioning
or referencing it.
RSA Security Inc. makes no representations concerning either the
merchantability of this schema or the suitability of this schema
for any particular purpose. It is provided "as is" without
express or implied warranty of any kind.
-->
<xs:schema
targetNamespace=
"http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns=
"http://www.rsasecurity.com/rsalabs/otps/schemas/2005/12/ct-kip#">
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
xmldsig-core-schema.xsd"/>
<!-- Basic types -->
<xs:complexType name="AbstractRequestType" abstract="true">
<xs:attribute name="Version" type="VersionType" use="required"/>
</xs:complexType>
<xs:complexType name="AbstractResponseType" abstract="true">
<xs:attribute name="Version" type="VersionType" use="required"/>
<xs:attribute name="SessionID" type="IdentifierType"/>
<xs:attribute name="Status" type="StatusCode" use="required"/>
</xs:complexType>
<xs:simpleType name="StatusCode">
<xs:restriction base="xs:string">
<xs:enumeration value="Continue"/>
<xs:enumeration value="Success"/>
<xs:enumeration value="Abort"/>
<xs:enumeration value="AccessDenied"/>
<xs:enumeration value="MalformedRequest"/>
<xs:enumeration value="UnknownRequest"/>
<xs:enumeration value="UnknownCriticalExtension"/>
<xs:enumeration value="UnsupportedVersion"/>
<xs:enumeration value="NoSupportedKeyTypes"/>
<xs:enumeration value="NoSupportedEncryptionAlgorithms"/>
<xs:enumeration value="NoSupportedMACAlgorithms"/>
<xs:enumeration value="InitializationFailed"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="VersionType">
<xs:restriction base="xs:string">
<xs:pattern value="\d{1,2}\.\d{1,3}"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="IdentifierType">
<xs:restriction base="xs:string">
<xs:maxLength value="128"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="NonceType">
<xs:restriction base="xs:base64Binary">
<xs:length value="16"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="LogoType">
<xs:simpleContent>
<xs:extension base="xs:base64Binary">
<xs:attribute name="MimeType" type="MimeTypeType"
use="required"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="MimeTypeType">
<xs:restriction base="xs:string">
<xs:enumeration value="image/jpeg"/>
<xs:enumeration value="image/gif"/>
</xs:restriction>
</xs:simpleType>
<!-- Algorithms are identified through URIs -->
<xs:complexType name="AlgorithmsType">
<xs:sequence maxOccurs="unbounded">
<xs:element name="Algorithm" type="AlgorithmType"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="AlgorithmType">
<xs:restriction base="xs:anyURI"/>
</xs:simpleType>
<xs:complexType name="MacType">
<xs:simpleContent>
<xs:extension base="xs:base64Binary">
<xs:attribute name="MacAlgorithm"
type="xs:anyURI"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<!-- CT-KIP extensions (for future use) -->
<xs:complexType name="ExtensionsType">
<xs:sequence maxOccurs="unbounded">
<xs:element name="Extension" type="AbstractExtensionType"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="AbstractExtensionType" abstract="true">
<xs:attribute name="Critical" type="xs:boolean"/>
</xs:complexType>
<xs:complexType name="ClientInfoType">
<xs:complexContent>
<xs:extension base="AbstractExtensionType">
<xs:sequence>
<xs:element name="Data" type="xs:base64Binary"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="ServerInfoType">
<xs:complexContent>
<xs:extension base="AbstractExtensionType">
<xs:sequence>
<xs:element name="Data" type="xs:base64Binary"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="OTPKeyConfigurationDataType">
<xs:annotation>
<xs:documentation xml:lang="en">
This extension is only valid in ServerFinished PDUs. It
carries additional configuration data that an OTP token should
use (subject to local policy) when generating OTP values from a
newly generated OTP key.
</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="AbstractExtensionType">
<xs:sequence>
<xs:element name="OTPFormat" type="OTPFormatType"/>
<xs:element name="OTPLength" type="xs:positiveInteger"/>
<xs:element name="OTPMode" type="OTPModeType" minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:simpleType name="OTPFormatType">
<xs:restriction base="xs:string">
<xs:enumeration value="Decimal"/>
<xs:enumeration value="Hexadecimal"/>
<xs:enumeration value="Alphanumeric"/>
<xs:enumeration value="Binary"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="OTPModeType">
<xs:choice maxOccurs="unbounded">
<xs:element name="Time" type="TimeType"/>
<xs:element name="Counter"/>
<xs:element name="Challenge"/>
<xs:any namespace="##other" processContents="strict"/>
</xs:choice>
</xs:complexType>
<xs:complexType name="TimeType">
<xs:complexContent>
<xs:restriction base="xs:anyType">
<xs:attribute name="TimeInterval" type="xs:positiveInteger"/>
</xs:restriction>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PayloadType">
<xs:annotation>
<xs:documentation xml:lang="en">
</xs:documentation>
</xs:annotation>
<xs:choice>
<xs:element name="Nonce" type="NonceType"/>
<xs:any namespace="##other" processContents="strict"/>
</xs:choice>
</xs:complexType>
<xs:simpleType name="PlatformType">
<xs:restriction base="xs:string">
<xs:enumeration value="Hardware"/>
<xs:enumeration value="Software"/>
<xs:enumeration value="Unspecified"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="TokenPlatformInfoType">
<xs:annotation>
<xs:documentation xml:lang="en">
Carries token platform information helping the client to select
a suitable token.
</xs:documentation>
</xs:annotation>
<xs:attribute name="KeyLocation" type="PlatformType"/>
<xs:attribute name="AlgorithmLocation" type="PlatformType"/>
</xs:complexType>
<xs:complexType name="InitializationTriggerType">
<xs:sequence>
<xs:element name="TokenID" type="xs:base64Binary" minOccurs="0"/>
<xs:element name="KeyID" type="xs:base64Binary" minOccurs="0"/>
<xs:element name="TokenPlatformInfo" type="TokenPlatformInfoType"
minOccurs="0"/>
<xs:element name="TriggerNonce" type="NonceType"/>
<xs:element name="CT-KIPURL" type="xs:anyURI" minOccurs="0"/>
<xs:any namespace="##other" processContents="strict"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<!-- CT-KIP PDUs -->
<!-- CT-KIP trigger -->
<xs:element name="CT-KIPTrigger" type="CT-KIPTriggerType"/>
<xs:complexType name="CT-KIPTriggerType">
<xs:annotation>
<xs:documentation xml:lang="en">
Message used to trigger the device to initiate a CT-KIP run.
</xs:documentation>
</xs:annotation>
<xs:sequence>
<xs:choice>
<xs:element name="InitializationTrigger"
type="InitializationTriggerType"/>
<xs:any namespace="##other" processContents="strict"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="Version" type="VersionType"/>
</xs:complexType>
<!-- ClientHello PDU -->
<xs:element name="ClientHello" type="ClientHelloPDU"/>
<xs:complexType name="ClientHelloPDU">
<xs:annotation>
<xs:documentation xml:lang="en">
Message sent from CT-KIP client to CT-KIP server to initiate an
CT-KIP session.
</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="AbstractRequestType">
<xs:sequence>
<xs:element name="TokenID" type="xs:base64Binary"
minOccurs="0"/>
<xs:element name="KeyID" type="xs:base64Binary"
minOccurs="0"/>
<xs:element name="ClientNonce" type="NonceType"
minOccurs="0"/>
<xs:element name="TriggerNonce" type="NonceType"
minOccurs="0"/>
<xs:element name="SupportedKeyTypes" type="AlgorithmsType"/>
<xs:element name="SupportedEncryptionAlgorithms"
type="AlgorithmsType"/>
<xs:element name="SupportedMACAlgorithms"
type="AlgorithmsType"/>
<xs:element name="Extensions" type="ExtensionsType"
minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- ServerHello PDU -->
<xs:element name="ServerHello" type="ServerHelloPDU"/>
<xs:complexType name="ServerHelloPDU">
<xs:annotation>
<xs:documentation xml:lang="en">
Message sent from CT-KIP server to CT-KIP client in response to
a received ClientHello PDU.
</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="AbstractResponseType">
<xs:sequence minOccurs="0">
<xs:element name="KeyType" type="AlgorithmType"/>
<xs:element name="EncryptionAlgorithm" type="AlgorithmType"/>
<xs:element name="MacAlgorithm" type="AlgorithmType"/>
<xs:element name="EncryptionKey" type="ds:KeyInfoType"/>
<xs:element name="Payload" type="PayloadType"/>
<xs:element name="Extensions" type="ExtensionsType"
minOccurs="0"/>
<xs:element name="Mac" type="MacType" minOccurs="0"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- ClientNonce PDU -->
<xs:element name="ClientNonce" type="ClientNoncePDU"/>
<xs:complexType name="ClientNoncePDU">
<xs:annotation>
<xs:documentation xml:lang="en">
Second message sent from CT-KIP client to CT-KIP server to
convey the client's chosen secret.
</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="AbstractRequestType">
<xs:sequence>
<xs:element name="EncryptedNonce" type="xs:base64Binary"/>
<xs:element name="Extensions" type="ExtensionsType"
minOccurs="0"/>
</xs:sequence>
<xs:attribute name="SessionID" type="IdentifierType"
use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- ServerFinished PDU -->
<xs:element name="ServerFinished" type="ServerFinishedPDU"/>
<xs:complexType name="ServerFinishedPDU">
<xs:annotation>
<xs:documentation xml:lang="en">
Final message sent from CT-KIP server to CT-KIP client in an
CT-KIP session.
</xs:documentation>
</xs:annotation>
<xs:complexContent>
<xs:extension base="AbstractResponseType">
<xs:sequence minOccurs="0">
<xs:element name="TokenID" type="xs:base64Binary"/>
<xs:element name="KeyID" type="xs:base64Binary"/>
<xs:element name="KeyExpiryDate" type="xs:dateTime"
minOccurs="0"/>
<xs:element name="ServiceID" type="IdentifierType"
minOccurs="0"/>
<xs:element name="ServiceLogo" type="LogoType"
minOccurs="0"/>
<xs:element name="UserID" type="IdentifierType"
minOccurs="0"/>
<xs:element name="Extensions" type="ExtensionsType"
minOccurs="0"/>
<xs:element name="Mac" type="MacType"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:schema>