teservices.messages.certservice-messages.2408.1.source-code.eid-dss-extensions-1.1.2.xsd Maven / Gradle / Ivy
The newest version!
Version: 1.1.2
Schema location URL: https://docs.swedenconnect.se/schemas/csig/1.1/EidCentralSigDssExt-1.1.2-DRAFT.xsd
Extension to an OASIS DSS SignRequest, providing additional
information about a sign request. This element extends the
dss:OptionalInputs element of a dss:SignRequest.
Extension to an OASIS DSS SignResponse, providing additional information
about a sign response. This element extends the dss:OptionalOutput element
of a dss:SignResponse.
Time when the request was created.
The identity of the signer expressed as a sequence of SAML attributes
using the AttributesType complex type.
The SAML entityID of the Identity Provider that MUST be used to
authenticate the signer before signing. The EntitID value is specified
using the saml:NameIDType complex type and MUST include a Format
attribute with the value urn:oasis:names:tc:SAML:2.0:nameid-format:entity.
An opaque string that can be used to inform the Signing Service about
specific requirements regarding the user authentication at the given
Identity Provider.
The SAML entityID of the service that sends this request to the signing service.
The entityID value is specified using the saml:NameIDType complex type and MUST
include a Format attribute with the value
urn:oasis:names:tc:SAML:2.0:nameid-format:entity.
The SAML entityID of the service to which this Sign Request is sent.
The entityID value is specified using the saml:NameIDType complex type
and MUST include a Format attribute with the value
urn:oasis:names:tc:SAML:2.0:nameid-format:entity.
An identifier of the signature algorithm the requesting service prefers
when generating the requested signature.
The requested properties of the signature certificate being issued by the
signature service.
An optional set of requested attributes that the requesting service prefers
or requires in the subject name of the generated signing certificate.
Sign message included as a choice of a Base64 encoded string or
an encrypted sign message.
Any additional inputs to the request extension.
The time when the sign response was created.
An element of type EncodedRequestType with base64Binary base type, holding
a representation of a complete and signed dss:SignRequest element that is
related to this sign response. This element MUST be present if signing was
successful.
An element of type SignerAssertionInfoType holding information about how
the signer was authenticated by the sign service as well as information
about subject attribute values present in the SAML assertion authenticating
the signer, which was incorporated into the signer certificate. This element
MUST be present if signing was successful.
An element of type CertificateChainType holding the signer certificate as
well as other certificates that may be used to validate the signature. This
element MUST be present if signing was successful and MUST contain all
certificate that are necessary to compile a complete and functional signed
document.
Optional sign response elements of type AnyType.
The octets that are hashed and signed when generating the signture. For
PDF and common modes of CMS this is the DER encoded SignedAttributess field.
For XML this is the canonicalized SignedInfo octets.
Information in support of AdES signature creation.
Result signature bytes
Conditions that MUST be evaluated when assessing the validity of and/or
when using the Sign Request. See Section 2.5 of SAML2.0 for additional
information on how to evaluate conditions.
This element MUST include the attributes NotBefore and NotOnOrAfter and
MUST include the element saml:AudienceRestriction which in turn MUST
contain one saml:Audience element, specifying the return URL for any
resulting Sign Response message.
If set, the Version attribute MUST be 1.4 or higher.
The version of the DSS extensions specification. If absent, the version value defaults to "1.1".
The version of the DSS specification. If absent, the version value defaults to "1.1".
A distinguishing id of this sign task which is used to distinguish between
multiple sign tasks in the same request.
Enumeration of the type of signature the canonical signed information is
associated with.
Specifies the type of AdES signature. BES means that the signing certificate
hash must be covered by the signature. EPES means that the signing
certificate hash and a signature policy identifier must be covered by
the signature.
An identifier for processing rules that must be executed by the signature
service when processing data in this element.
The URI reference(s) to the requested level of assurance with which the
certificate subject should be authenticated.