Showing:

Annotations
Attributes
Diagrams
Facets
Model
Properties
Source
Used by
Element BindingType / Signer
Namespace urn:us:gov:ic:tdf
Annotations

Information pertaining to the person or entity that performed the signing/binding and their credentials.

Diagram
Diagram CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_BindingType_Signer_subject CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_BindingType_Signer_issuer
Properties
content complex
minOccurs 1
maxOccurs 1
Attributes
QName Type Use
issuer restriction of xs:string required
subject restriction of xs:string required
Source
<xs:element name="Signer" maxOccurs="1" minOccurs="1">
  <xs:annotation>
    <xs:documentation>
      <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Information pertaining to the person or entity that performed the signing/binding and their credentials.</p>
    </xs:documentation>
  </xs:annotation>
  <xs:complexType>
    <!--Replacing:
<xs:attribute name="subject" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the person or entity who is doing the
                                        signing. Refer to RFC 5280 for more information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
    <!-- CdsManifest: Replace entirety of subject to enable max length and a pattern to keep Xsat Happy.  -->
    <xs:attribute name="subject" use="required">
      <xs:simpleType>
        <xs:restriction base="xs:string">
          <xs:minLength value="1"/>
          <xs:maxLength value="50"/>
          <xs:pattern value="([a-zA-Z0-9i\*\.\s=_-])*"/>
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
    <!--Replacing:
<xs:attribute name="issuer" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the authority that issued the
                                        credentials to the subject. Refer to RFC 5280 for more
                                        information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
    <!-- CdsManifest: Replace entirety of issuer force a max length and pattern to keep Xsat Happy.  -->
    <!-- CdsManifest: Force issuer to be required since we don't use serial.  -->
    <xs:attribute name="issuer" use="required">
      <xs:simpleType>
        <xs:restriction base="xs:string">
          <xs:minLength value="1"/>
          <xs:maxLength value="50"/>
          <xs:pattern value="([a-zA-Z0-9\.\s=_-])*"/>
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
    <!--Replacing:
<xs:attribute name="serial" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        unique serial number of the credentials given to the subject
                                        by the issuer. Refer to RFC 5280 for more information.
                                    </xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
    <!-- CdsManifest: Remove serial since we require issuer.  -->
  </xs:complexType>
</xs:element>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Element BindingType / SignatureValue
Namespace urn:us:gov:ic:tdf
Diagram
Diagram CDSM-TDF_xsd_Complex_Type_SignatureValueType.tmp#SignatureValueType_signatureAlgorithm CDSM-TDF_xsd_Attribute_normalizationMethod.tmp#normalizationMethod CDSM-TDF_xsd_Attribute_includesStatementMetadata.tmp#includesStatementMetadata CDSM-TDF_xsd_Complex_Type_SignatureValueType.tmp#SignatureValueType
Type SignatureValueType
Properties
content complex
minOccurs 1
maxOccurs 1
Attributes
QName Type Use Annotation
includesStatementMetadata xs:boolean optional

Used to indicate whether or not to include element StatementMetadata when referencing an Assertion. In the case of signatures and binding, this attribute indicates whether or not the statement metadata is covered by the signature or binding. If not, it cannot be cryptographically verified and should be considered informative only. IncludesStatementMetadata should never be set on SignatureValue if there is a boundValueList, because the BoundValue elements in the list each have their own explicit includesStatementMetadata attribute.

normalizationMethod restriction of xs:anyURI required

A URI that provides guidance on how to format the included values such as whitespace, attributes, and child nodes in a universally consistent manner. The normalization method is essential to prevent formatting such as whitespace and order from interfering with the validation of the cryptographic integrity of data. Assertions should explicitly declare all their namespaces at the assertion level rather than relying on those provided by the root node.

signatureAlgorithm restriction of xs:string required
Source
<xs:element name="SignatureValue" type="SignatureValueType" minOccurs="1" maxOccurs="1"/>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Complex Type BindingType
Namespace urn:us:gov:ic:tdf
Diagram
Diagram CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_Signer CDSM-TDF_xsd_Complex_Type_BindingType.tmp#BindingType_SignatureValue
Used by
Model
Children SignatureValue , Signer
Source
<xs:complexType name="BindingType">
  <xs:sequence>
    <!-- This order is important because it allows for a single pass 
                verification of the actual SignatureValue using a streaming parser -->
    <xs:choice>
      <xs:element name="Signer" maxOccurs="1" minOccurs="1">
        <xs:annotation>
          <xs:documentation>
            <p xmlns="http://www.w3.org/1999/xhtml" ism:classification="U" ism:ownerProducer="USA">Information pertaining to the person or entity that performed the signing/binding and their credentials.</p>
          </xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <!--Replacing:
<xs:attribute name="subject" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the person or entity who is doing the
                                        signing. Refer to RFC 5280 for more information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
          <!-- CdsManifest: Replace entirety of subject to enable max length and a pattern to keep Xsat Happy.  -->
          <xs:attribute name="subject" use="required">
            <xs:simpleType>
              <xs:restriction base="xs:string">
                <xs:minLength value="1"/>
                <xs:maxLength value="50"/>
                <xs:pattern value="([a-zA-Z0-9i\*\.\s=_-])*"/>
              </xs:restriction>
            </xs:simpleType>
          </xs:attribute>
          <!--Replacing:
<xs:attribute name="issuer" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        distinguished name of the authority that issued the
                                        credentials to the subject. Refer to RFC 5280 for more
                                        information.</xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
          <!-- CdsManifest: Replace entirety of issuer force a max length and pattern to keep Xsat Happy.  -->
          <!-- CdsManifest: Force issuer to be required since we don't use serial.  -->
          <xs:attribute name="issuer" use="required">
            <xs:simpleType>
              <xs:restriction base="xs:string">
                <xs:minLength value="1"/>
                <xs:maxLength value="50"/>
                <xs:pattern value="([a-zA-Z0-9\.\s=_-])*"/>
              </xs:restriction>
            </xs:simpleType>
          </xs:attribute>
          <!--Replacing:
<xs:attribute name="serial" type="xs:string">
                            <xs:annotation>
                                <xs:documentation>
                                    <xhtml:p ism:classification="U" ism:ownerProducer="USA">The
                                        unique serial number of the credentials given to the subject
                                        by the issuer. Refer to RFC 5280 for more information.
                                    </xhtml:p>
                                </xs:documentation>
                            </xs:annotation>
                        </xs:attribute>
-->
          <!-- CdsManifest: Remove serial since we require issuer.  -->
        </xs:complexType>
      </xs:element>
    </xs:choice>
    <xs:element name="SignatureValue" type="SignatureValueType" minOccurs="1" maxOccurs="1"/>
    <!--Replacing:
<xs:element name="BoundValueList" type="BoundValueListType" minOccurs="0" maxOccurs="1"/>
-->
    <!-- CdsManifest: Remove references to BoundValueList this type of binding is not supported for CdsManifest.  -->
  </xs:sequence>
</xs:complexType>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute BindingType / Signer / @subject
Namespace urn:us:gov:ic:tdf
Type restriction of xs:string
Properties
use required
Facets
minLength 1
maxLength 50
pattern ([a-zA-Z0-9i\*\.\s=_-])*
Used by
Source
<xs:attribute name="subject" use="required">
  <xs:simpleType>
    <xs:restriction base="xs:string">
      <xs:minLength value="1"/>
      <xs:maxLength value="50"/>
      <xs:pattern value="([a-zA-Z0-9i\*\.\s=_-])*"/>
    </xs:restriction>
  </xs:simpleType>
</xs:attribute>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.
Attribute BindingType / Signer / @issuer
Namespace urn:us:gov:ic:tdf
Type restriction of xs:string
Properties
use required
Facets
minLength 1
maxLength 50
pattern ([a-zA-Z0-9\.\s=_-])*
Used by
Source
<xs:attribute name="issuer" use="required">
  <xs:simpleType>
    <xs:restriction base="xs:string">
      <xs:minLength value="1"/>
      <xs:maxLength value="50"/>
      <xs:pattern value="([a-zA-Z0-9\.\s=_-])*"/>
    </xs:restriction>
  </xs:simpleType>
</xs:attribute>
Schema location CDSM-TDF.xsd Copy and paste this link to your file browser, clicking the link MAY open in the browser. Opening in an XML aware editor is best.

This document has been approved for Public Release by the Office of the Director of National Intelligence. See Distribution Notice for details. Click Here