LegalIdentities.xsd 9.44 KB
Newer Older
Peter Waher's avatar
Peter Waher committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
<?xml version='1.0' encoding='UTF-8'?>
<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:ieee:iot:leg:id:1.0'
    xmlns='urn:ieee:iot:leg:id:1.0'
    xmlns:e2='urn:ieee:iot:e2e:1.0'
    elementFormDefault='qualified'>

	<!--
Copyright 2017-2018 The Institute of Electrical and Electronics Engineers, 
Incorporated (IEEE).

This work is licensed to The Institute of Electrical and Electronics
Engineers, Incorporated (IEEE) under one or more contributor license
agreements.

See the LICENSE.md file distributed with this work for additional
information regarding copyright ownership. Use of this file is
governed by a BSD-style license, the terms of which are as follows:

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:

Redistributions of source code must retain the above copyright
notice, this list of conditions, the following disclaimer, and the
NOTICE file.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions, the following disclaimer in the
documentation and/or other materials provided with the
distribution, and the NOTICE file.
Neither the name of The Institute of Electrical and Electronics
Engineers, Incorporated (IEEE) nor the names of its contributors
may be used to endorse or promote products derived from this
software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

SPDX-License-Identifier: BSD-3-Clause
  
Disclaimer: This open source repository contains material that may be 
included-in or referenced by an unapproved draft of a proposed IEEE 
Standard. All material in this repository is subject to change. The 
material in this repository is presented "as is" and with all faults. 
Use of the material is at the sole risk of the user. IEEE specifically 
disclaims all warranties and representations with respect to all 
material contained in this repository and shall not be liable, under 
any theory, for any use of the material. Unapproved drafts of proposed 
IEEE standards must not be utilized for any conformance/compliance 
purposes.
-->

	<xs:import namespace='urn:ieee:iot:e2e:1.0'/>

	<xs:element name='apply'>
		<xs:annotation>
			<xs:documentation>Sent by a client in an iq set to a Trust Anchor, to apply for a pairing between the online identity (bare JID) of the sender and a Legal Identity.</xs:documentation>
			<xs:documentation>Note: The approval process is taken care of out-of-band.</xs:documentation>
			<xs:documentation>Expected response element: identity</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:sequence>
				<xs:element ref='e2:e2e'>
					<xs:annotation>
						<xs:documentation>Public keys corressponding to available methods to create signatures.</xs:documentation>
					</xs:annotation>
				</xs:element>
				<xs:element ref='identity'>
					<xs:annotation>
						<xs:documentation>The legal identity the client wishes to assign to the account.</xs:documentation>
					</xs:annotation>
				</xs:element>
			</xs:sequence>
		</xs:complexType>
	</xs:element>

	<xs:element name='identity'>
		<xs:annotation>
			<xs:documentation>Element containing information about a legal identity.</xs:documentation>
		</xs:annotation>
		<xs:complexType>
			<xs:sequence>
				<xs:element name='status' minOccurs='0' maxOccurs='1'>
					<xs:annotation>
						<xs:documentation>The status object is created and signed by the Trust Anchor.</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name='achor' type='xs:string' use='required'>
							<xs:annotation>
								<xs:documentation>JID of Trust Anchor validating the correctness of the identity.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name='state' type='IdentityState' use='required'>
							<xs:annotation>
								<xs:documentation>Contains information about the current statue of the legal identity registration.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name='created' type='xs:dateTime' use='required'>
							<xs:annotation>
								<xs:documentation>When the legal identity was first created.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name='updated' type='xs:dateTime' use='optional'>
							<xs:annotation>
								<xs:documentation>When the legal identity was last updated.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name='from' type='xs:date' use='optional'>
							<xs:annotation>
								<xs:documentation>From what date (inclusive) the legal identity can be used.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name='to' type='xs:date' use='optional'>
							<xs:annotation>
								<xs:documentation>To what date (inclusive) the legal identity can be used.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attributeGroup ref='e2:signatureAttributes'>
							<xs:annotation>
								<xs:documentation>Signature of the identity.</xs:documentation>
								<xs:documentation>The signature is calculated on the identity element excluding the signature attributes.</xs:documentation>
								<xs:documentation>All text nodes contain normalized Unicode text (in NFC).</xs:documentation>
								<xs:documentation>The normalized XML is UTF-8 encoded before being signed.</xs:documentation>
								<xs:documentation>Note: The signature is just the first method to authenticate a legal identity. Using the identifier and the signature, the client can validate the registration is valid and up-to-date.</xs:documentation>
							</xs:annotation>
						</xs:attributeGroup>
					</xs:complexType>
				</xs:element>
				<xs:element name='property' minOccurs='1' maxOccurs='unbounded'>
					<xs:annotation>
						<xs:documentation>An identity consists of a sequence of properties.</xs:documentation>
					</xs:annotation>
					<xs:complexType>
						<xs:attribute name='name' type='xs:string' use='required'>
							<xs:annotation>
								<xs:documentation>Name of the property.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
						<xs:attribute name='value' type='xs:string' use='required'>
							<xs:annotation>
								<xs:documentation>Value of the property.</xs:documentation>
							</xs:annotation>
						</xs:attribute>
					</xs:complexType>
				</xs:element>
			</xs:sequence>
			<xs:attribute name='id' type='xs:string' use='optional'>
				<xs:annotation>
					<xs:documentation>An identifier assigned to the legal identity.</xs:documentation>
					<xs:documentation>The identifier is unique within the scope of the Trust Anchor issuing it.</xs:documentation>
					<xs:documentation>A client must not include an identifier when it applies for a legal identity pairing with the Trust Anchor.</xs:documentation>
				</xs:annotation>
			</xs:attribute>
		</xs:complexType>
	</xs:element>

	<xs:simpleType name='IdentityState'>
		<xs:annotation>
			<xs:documentation>Lists recognized legal identity states.</xs:documentation>
		</xs:annotation>
		<xs:restriction base='xs:string'>
			<xs:enumeration value='Created'>
				<xs:annotation>
					<xs:documentation>An application has been received.</xs:documentation>
				</xs:annotation>
			</xs:enumeration>
			<xs:enumeration value='ChallengingKeys'>
				<xs:annotation>
					<xs:documentation>Submitted keys are being challenged.</xs:documentation>
				</xs:annotation>
			</xs:enumeration>
			<xs:enumeration value='Rejected'>
				<xs:annotation>
					<xs:documentation>The legal identity has been rejected.</xs:documentation>
				</xs:annotation>
			</xs:enumeration>
			<xs:enumeration value='PendingIdentification'>
				<xs:annotation>
					<xs:documentation>The legal identity is pending confirmation out-of-band.</xs:documentation>
				</xs:annotation>
			</xs:enumeration>
			<xs:enumeration value='Approved'>
				<xs:annotation>
					<xs:documentation>The legal identity is authenticated and approved by the Trust Anchor.</xs:documentation>
				</xs:annotation>
			</xs:enumeration>
		</xs:restriction>
	</xs:simpleType>
	
	<xs:element name='challenge'>
		<xs:complexType>
			<xs:simpleContent>
				<xs:extension base='xs:base64Binary'>
					<xs:annotation>
						<xs:documentation>Random binary data that has to be signed by the client applying for the registration of a new legal identity.</xs:documentation>
					</xs:annotation>
					<xs:attribute name='id' type='xs:string' use='required'>
						<xs:annotation>
							<xs:documentation>Identifier for the legal identity being challenged.</xs:documentation>
						</xs:annotation>
					</xs:attribute>
				</xs:extension>
			</xs:simpleContent>
		</xs:complexType>
	</xs:element>
	
	<!--
	challenge/response
	validate (id, jid, signatue), receive most recent identity if signature historical.
	-->
	
</xs:schema>