Commit bdac45af authored by Peter Waher's avatar Peter Waher

Legal identities

parent 9818cacd
Legal Identities
=====================
It is possible to assign a legal identity to an account. By assigning a legal identity to the account, it becomes possible for the account to sign legal
contracts. Such contracts can be used by owners to regulate conditions for accessing their things, allowing for automation of decision support and provisioning.
| Legal Identities ||
| ------------|----------------------------------------------------------|
| Namespace: | urn:ieee:iot:leg:id:1.0 |
| Schema: | [LegalIdentities.xsd](Schemas/LegalIdentities.xsd) |
......@@ -55,7 +55,7 @@ Administration
Marketplace
------------------
* Physical Identities
* [Legal Identities](LegalIdentities.md)
* Contracts
......
<?xml version='1.0' encoding='UTF-8'?>
<xs:schema
xmlns:xs='http://www.w3.org/2001/XMLSchema'
targetNamespace='urn:ieee:iot:leg:id:1.0'
xmlns='urn:ieee:iot:leg:id:1.0'
xmlns:e2='urn:ieee:iot:e2e:1.0'
elementFormDefault='qualified'>
<!--
Copyright 2017-2018 The Institute of Electrical and Electronics Engineers,
Incorporated (IEEE).
This work is licensed to The Institute of Electrical and Electronics
Engineers, Incorporated (IEEE) under one or more contributor license
agreements.
See the LICENSE.md file distributed with this work for additional
information regarding copyright ownership. Use of this file is
governed by a BSD-style license, the terms of which are as follows:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
Redistributions of source code must retain the above copyright
notice, this list of conditions, the following disclaimer, and the
NOTICE file.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions, the following disclaimer in the
documentation and/or other materials provided with the
distribution, and the NOTICE file.
Neither the name of The Institute of Electrical and Electronics
Engineers, Incorporated (IEEE) nor the names of its contributors
may be used to endorse or promote products derived from this
software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
SPDX-License-Identifier: BSD-3-Clause
Disclaimer: This open source repository contains material that may be
included-in or referenced by an unapproved draft of a proposed IEEE
Standard. All material in this repository is subject to change. The
material in this repository is presented "as is" and with all faults.
Use of the material is at the sole risk of the user. IEEE specifically
disclaims all warranties and representations with respect to all
material contained in this repository and shall not be liable, under
any theory, for any use of the material. Unapproved drafts of proposed
IEEE standards must not be utilized for any conformance/compliance
purposes.
-->
<xs:import namespace='urn:ieee:iot:e2e:1.0'/>
<xs:element name='apply'>
<xs:annotation>
<xs:documentation>Sent by a client in an iq set to a Trust Anchor, to apply for a pairing between the online identity (bare JID) of the sender and a Legal Identity.</xs:documentation>
<xs:documentation>Note: The approval process is taken care of out-of-band.</xs:documentation>
<xs:documentation>Expected response element: identity</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref='e2:e2e'>
<xs:annotation>
<xs:documentation>Public keys corressponding to available methods to create signatures.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref='identity'>
<xs:annotation>
<xs:documentation>The legal identity the client wishes to assign to the account.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name='identity'>
<xs:annotation>
<xs:documentation>Element containing information about a legal identity.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name='status' minOccurs='0' maxOccurs='1'>
<xs:annotation>
<xs:documentation>The status object is created and signed by the Trust Anchor.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name='achor' type='xs:string' use='required'>
<xs:annotation>
<xs:documentation>JID of Trust Anchor validating the correctness of the identity.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name='state' type='IdentityState' use='required'>
<xs:annotation>
<xs:documentation>Contains information about the current statue of the legal identity registration.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name='created' type='xs:dateTime' use='required'>
<xs:annotation>
<xs:documentation>When the legal identity was first created.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name='updated' type='xs:dateTime' use='optional'>
<xs:annotation>
<xs:documentation>When the legal identity was last updated.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name='from' type='xs:date' use='optional'>
<xs:annotation>
<xs:documentation>From what date (inclusive) the legal identity can be used.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name='to' type='xs:date' use='optional'>
<xs:annotation>
<xs:documentation>To what date (inclusive) the legal identity can be used.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attributeGroup ref='e2:signatureAttributes'>
<xs:annotation>
<xs:documentation>Signature of the identity.</xs:documentation>
<xs:documentation>The signature is calculated on the identity element excluding the signature attributes.</xs:documentation>
<xs:documentation>All text nodes contain normalized Unicode text (in NFC).</xs:documentation>
<xs:documentation>The normalized XML is UTF-8 encoded before being signed.</xs:documentation>
<xs:documentation>Note: The signature is just the first method to authenticate a legal identity. Using the identifier and the signature, the client can validate the registration is valid and up-to-date.</xs:documentation>
</xs:annotation>
</xs:attributeGroup>
</xs:complexType>
</xs:element>
<xs:element name='property' minOccurs='1' maxOccurs='unbounded'>
<xs:annotation>
<xs:documentation>An identity consists of a sequence of properties.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name='name' type='xs:string' use='required'>
<xs:annotation>
<xs:documentation>Name of the property.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name='value' type='xs:string' use='required'>
<xs:annotation>
<xs:documentation>Value of the property.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name='id' type='xs:string' use='optional'>
<xs:annotation>
<xs:documentation>An identifier assigned to the legal identity.</xs:documentation>
<xs:documentation>The identifier is unique within the scope of the Trust Anchor issuing it.</xs:documentation>
<xs:documentation>A client must not include an identifier when it applies for a legal identity pairing with the Trust Anchor.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:simpleType name='IdentityState'>
<xs:annotation>
<xs:documentation>Lists recognized legal identity states.</xs:documentation>
</xs:annotation>
<xs:restriction base='xs:string'>
<xs:enumeration value='Created'>
<xs:annotation>
<xs:documentation>An application has been received.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value='ChallengingKeys'>
<xs:annotation>
<xs:documentation>Submitted keys are being challenged.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value='Rejected'>
<xs:annotation>
<xs:documentation>The legal identity has been rejected.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value='PendingIdentification'>
<xs:annotation>
<xs:documentation>The legal identity is pending confirmation out-of-band.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value='Approved'>
<xs:annotation>
<xs:documentation>The legal identity is authenticated and approved by the Trust Anchor.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
<xs:element name='challenge'>
<xs:complexType>
<xs:simpleContent>
<xs:extension base='xs:base64Binary'>
<xs:annotation>
<xs:documentation>Random binary data that has to be signed by the client applying for the registration of a new legal identity.</xs:documentation>
</xs:annotation>
<xs:attribute name='id' type='xs:string' use='required'>
<xs:annotation>
<xs:documentation>Identifier for the legal identity being challenged.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<!--
challenge/response
validate (id, jid, signatue), receive most recent identity if signature historical.
-->
</xs:schema>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment