Showing:

Annotations
Attributes
Diagrams
Facets
Model
Properties
Source
Used by
Element BindingType / Signer
Namespace urn:us:gov:ic:tdf
Annotations

Information pertaining to the person or entity that performed the signing/binding and their credentials.
Diagram
Diagram CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_BindingType_Signer_subject CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_BindingType_Signer_issuer
Properties
content complex
minOccurs 1
maxOccurs 1
Attributes
QName Type Use Annotation
issuer restriction of xs:string required

The distinguished name of the authority that issued the credentials to the subject. Refer to RFC 5280 for more information.
subject restriction of xs:string required

The distinguished name of the person or entity who is doing the signing. Refer to RFC 5280 for more information.
Source 
<xs:element name="Signer" maxOccurs="1" minOccurs="1">
  <xs:annotation>
    <xs:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Information pertaining to the person or entity that performed the signing/binding and their credentials.</p>
    </xs:documentation>
  </xs:annotation>
  <xs:complexType>
    <!--Replacing:
<xs:attribute name="subject" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the person or entity who is doing the
                                        signing. Refer to RFC 5280 for more information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
    <!-- CdsManifest: Replace entirety of subject to enable max length and a pattern to keep Xsat Happy.  -->
    <xs:attribute name="subject" use="required">
      <xs:annotation>
        <xs:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The distinguished name of the person or entity who is doing the signing. Refer to RFC 5280 for more information.</p>
        </xs:documentation>
      </xs:annotation>
      <xs:simpleType>
        <xs:restriction base="xs:string">
          <xs:minLength value="1"/>
          <xs:maxLength value="50"/>
          <xs:pattern value="([a-zA-Z0-9i\*\.\s=_-])*"/>
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
    <!--Replacing:
<xs:attribute name="issuer" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the authority that issued the
                                        credentials to the subject. Refer to RFC 5280 for more
                                        information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
    <!-- CdsManifest: Replace entirety of issuer force a max length and pattern to keep Xsat Happy.  -->
    <!-- CdsManifest: Force issuer to be required since we don't use serial.  -->
    <xs:attribute name="issuer" use="required">
      <xs:annotation>
        <xs:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The distinguished name of the authority that issued the credentials to the subject. Refer to RFC 5280 for more information.</p>
        </xs:documentation>
      </xs:annotation>
      <xs:simpleType>
        <xs:restriction base="xs:string">
          <xs:minLength value="1"/>
          <xs:maxLength value="50"/>
          <xs:pattern value="([a-zA-Z0-9\.\s=_-])*"/>
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
    <!--Replacing:
<xs:attribute name="serial" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        unique serial number of the credentials given to the subject
                                        by the issuer. Refer to RFC 5280 for more information.
                                    </xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
    <!-- CdsManifest: Remove serial since we require issuer.  -->
  </xs:complexType>
</xs:element>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Element BindingType / SignatureValue
Namespace urn:us:gov:ic:tdf
Annotations

Stores the value of the Signature over the bound entities.
Diagram
Diagram CDSM-TDF_xsd_Complex_Type_SignatureValueType.tmp#SignatureValueType_signatureAlgorithm CDSM-TDF_xsd_Attribute_normalizationMethod.tmp#normalizationMethod CDSM-TDF_xsd_Attribute_includesStatementMetadata.tmp#includesStatementMetadata CDSM-TDF_xsd_Complex_Type_SignatureValueType.tmp#SignatureValueType
Type SignatureValueType
Properties
content complex
minOccurs 1
maxOccurs 1
Attributes
QName Type Use Annotation
includesStatementMetadata xs:boolean optional

Used to indicate whether or not to include element StatementMetadata when referencing an Assertion. In the case of signatures and binding, this attribute indicates whether or not the statement metadata is covered by the signature or binding. If not, it cannot be cryptographically verified and should be considered informative only. IncludesStatementMetadata should never be set on SignatureValue if there is a boundValueList, because the BoundValue elements in the list each have their own explicit includesStatementMetadata attribute.
normalizationMethod restriction of xs:anyURI required

A URI that provides guidance on how to format the included values such as whitespace, attributes, and child nodes in a universally consistent manner. The normalization method is essential to prevent formatting such as whitespace and order from interfering with the validation of the cryptographic integrity of data. Assertions should explicitly declare all their namespaces at the assertion level rather than relying on those provided by the root node.

signatureAlgorithm restriction of xs:string required

The algorithm or pattern used by the signature restricted to the following values below.

Source 
<xs:element name="SignatureValue" type="SignatureValueType" minOccurs="1" maxOccurs="1">
  <xs:annotation>
    <xs:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Stores the value of the Signature over the bound entities.</p>
    </xs:documentation>
  </xs:annotation>
</xs:element>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Complex Type BindingType
Namespace urn:us:gov:ic:tdf
Annotations

A list of the objects that belong to the scope of the assertion.
Diagram
Diagram CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_Signer CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_SignatureValue
Used by
Model
Children SignatureValue , Signer
Source 
<xs:complexType name="BindingType">
  <xs:annotation>
    <xs:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">A list of the objects that belong to the scope of the assertion.</p>
    </xs:documentation>
  </xs:annotation>
  <xs:sequence>
    <!-- This order is important because it allows for a single pass 
                verification of the actual SignatureValue using a streaming parser -->
    <xs:choice>
      <xs:element name="Signer" maxOccurs="1" minOccurs="1">
        <xs:annotation>
          <xs:documentation>
            <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Information pertaining to the person or entity that performed the signing/binding and their credentials.</p>
          </xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <!--Replacing:
<xs:attribute name="subject" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the person or entity who is doing the
                                        signing. Refer to RFC 5280 for more information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
          <!-- CdsManifest: Replace entirety of subject to enable max length and a pattern to keep Xsat Happy.  -->
          <xs:attribute name="subject" use="required">
            <xs:annotation>
              <xs:documentation>
                <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The distinguished name of the person or entity who is doing the signing. Refer to RFC 5280 for more information.</p>
              </xs:documentation>
            </xs:annotation>
            <xs:simpleType>
              <xs:restriction base="xs:string">
                <xs:minLength value="1"/>
                <xs:maxLength value="50"/>
                <xs:pattern value="([a-zA-Z0-9i\*\.\s=_-])*"/>
              </xs:restriction>
            </xs:simpleType>
          </xs:attribute>
          <!--Replacing:
<xs:attribute name="issuer" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the authority that issued the
                                        credentials to the subject. Refer to RFC 5280 for more
                                        information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
          <!-- CdsManifest: Replace entirety of issuer force a max length and pattern to keep Xsat Happy.  -->
          <!-- CdsManifest: Force issuer to be required since we don't use serial.  -->
          <xs:attribute name="issuer" use="required">
            <xs:annotation>
              <xs:documentation>
                <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The distinguished name of the authority that issued the credentials to the subject. Refer to RFC 5280 for more information.</p>
              </xs:documentation>
            </xs:annotation>
            <xs:simpleType>
              <xs:restriction base="xs:string">
                <xs:minLength value="1"/>
                <xs:maxLength value="50"/>
                <xs:pattern value="([a-zA-Z0-9\.\s=_-])*"/>
              </xs:restriction>
            </xs:simpleType>
          </xs:attribute>
          <!--Replacing:
<xs:attribute name="serial" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        unique serial number of the credentials given to the subject
                                        by the issuer. Refer to RFC 5280 for more information.
                                    </xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
          <!-- CdsManifest: Remove serial since we require issuer.  -->
        </xs:complexType>
      </xs:element>
    </xs:choice>
    <xs:element name="SignatureValue" type="SignatureValueType" minOccurs="1" maxOccurs="1">
      <xs:annotation>
        <xs:documentation>
          <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Stores the value of the Signature over the bound entities.</p>
        </xs:documentation>
      </xs:annotation>
    </xs:element>
    <!--Replacing:
<xs:element name="BoundValueList" type="BoundValueListType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>
                        <xhtml:p ism:classification="U" ism:ownerProducer="USA">BoundValueList is a
                            container of bound value references that point to the elements that are included
                            in a cryptographic binding. The intent of the BoundValueList is to allow
                            granular control over the scope of the binding signature. In the future, when
                            BoundValueList is present, the SignatureValue will be calculated over the
                            normalized value of the BoundValueList using the normalization method denoted in
                            the Binding/SignatureValue/@normalizationMethod attribute.</xhtml:p>
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
-->
    <!-- CdsManifest: Remove references to BoundValueList this type of binding is not supported for CdsManifest.  -->
  </xs:sequence>
</xs:complexType>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute BindingType / Signer / @subject
Namespace urn:us:gov:ic:tdf
Annotations

The distinguished name of the person or entity who is doing the signing. Refer to RFC 5280 for more information.
Type restriction of xs:string
Properties
use required
Facets
minLength 1
maxLength 50
pattern ([a-zA-Z0-9i\*\.\s=_-])*
Used by
Source 
<xs:attribute name="subject" use="required">
  <xs:annotation>
    <xs:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The distinguished name of the person or entity who is doing the signing. Refer to RFC 5280 for more information.</p>
    </xs:documentation>
  </xs:annotation>
  <xs:simpleType>
    <xs:restriction base="xs:string">
      <xs:minLength value="1"/>
      <xs:maxLength value="50"/>
      <xs:pattern value="([a-zA-Z0-9i\*\.\s=_-])*"/>
    </xs:restriction>
  </xs:simpleType>
</xs:attribute>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute BindingType / Signer / @issuer
Namespace urn:us:gov:ic:tdf
Annotations

The distinguished name of the authority that issued the credentials to the subject. Refer to RFC 5280 for more information.
Type restriction of xs:string
Properties
use required
Facets
minLength 1
maxLength 50
pattern ([a-zA-Z0-9\.\s=_-])*
Used by
Source 
<xs:attribute name="issuer" use="required">
  <xs:annotation>
    <xs:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">The distinguished name of the authority that issued the credentials to the subject. Refer to RFC 5280 for more information.</p>
    </xs:documentation>
  </xs:annotation>
  <xs:simpleType>
    <xs:restriction base="xs:string">
      <xs:minLength value="1"/>
      <xs:maxLength value="50"/>
      <xs:pattern value="([a-zA-Z0-9\.\s=_-])*"/>
    </xs:restriction>
  </xs:simpleType>
</xs:attribute>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here