From dd45e938564249a5e6897bd92dd29808d8990868 Mon Sep 17 00:00:00 2001
From: rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 24 Oct 2003 08:34:56 +0000
Subject: MOA-ID version 1.1 (initial)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id.server/data/test/conf/ConfigurationTest.xml     | 103 ++++++
 id.server/data/test/conf/OAConfBasicAuth.xml       |  10 +
 id.server/data/test/conf/OAConfHeaderAuth.xml      |  13 +
 id.server/data/test/conf/OAConfParamAuth.xml       |  10 +
 id.server/data/test/conf/log4j.properties          |  10 +
 .../test/conf/transforms/TransformsInfosHTML.xml   |  63 ++++
 .../ixsil/init/properties/algorithms.properties    |  94 +++++
 .../test/ixsil/init/properties/init.properties     | 214 +++++++++++
 .../ixsil/init/properties/keyManager.properties    |  74 ++++
 .../data/test/ixsil/init/schemas/Signature.xsd     | 328 +++++++++++++++++
 .../data/test/ixsil/init/schemas/XMLSchema.dtd     | 402 +++++++++++++++++++++
 .../data/test/ixsil/init/schemas/datatypes.dtd     | 203 +++++++++++
 id.server/data/test/xmldata/ErrorResponse.xml      |   4 +
 .../data/test/xmldata/GetIdentityLinkForm.html     |  20 +
 .../standard/AuthenticationDataAssertion.xml       | 127 +++++++
 .../xmldata/standard/CreateXMLSignatureRequest.xml |  52 +++
 .../standard/CreateXMLSignatureResponse.xml        |  59 +++
 .../xmldata/standard/VerifyXMLSignaterResponse.xml |   2 +
 .../xmldata/testperson1/InfoboxReadResponse.xml    |  97 +++++
 19 files changed, 1885 insertions(+)
 create mode 100644 id.server/data/test/conf/ConfigurationTest.xml
 create mode 100644 id.server/data/test/conf/OAConfBasicAuth.xml
 create mode 100644 id.server/data/test/conf/OAConfHeaderAuth.xml
 create mode 100644 id.server/data/test/conf/OAConfParamAuth.xml
 create mode 100644 id.server/data/test/conf/log4j.properties
 create mode 100644 id.server/data/test/conf/transforms/TransformsInfosHTML.xml
 create mode 100644 id.server/data/test/ixsil/init/properties/algorithms.properties
 create mode 100644 id.server/data/test/ixsil/init/properties/init.properties
 create mode 100644 id.server/data/test/ixsil/init/properties/keyManager.properties
 create mode 100644 id.server/data/test/ixsil/init/schemas/Signature.xsd
 create mode 100644 id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
 create mode 100644 id.server/data/test/ixsil/init/schemas/datatypes.dtd
 create mode 100644 id.server/data/test/xmldata/ErrorResponse.xml
 create mode 100644 id.server/data/test/xmldata/GetIdentityLinkForm.html
 create mode 100644 id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
 create mode 100644 id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
 create mode 100644 id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
 create mode 100644 id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
 create mode 100644 id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml

(limited to 'id.server/data/test')

diff --git a/id.server/data/test/conf/ConfigurationTest.xml b/id.server/data/test/conf/ConfigurationTest.xml
new file mode 100644
index 000000000..5c18e35cc
--- /dev/null
+++ b/id.server/data/test/conf/ConfigurationTest.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<AuthComponent>
+		<SecurityLayer>
+			<TransformsInfo filename="file:data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services">
+				<AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+				<!-- <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> -->
+			</ConnectionParameter>
+			<VerifyIdentityLink>
+				<TrustProfileID>TrustProfile1</TrustProfileID>
+			</VerifyIdentityLink>
+			<VerifyAuthBlock>
+				<TrustProfileID>TrustProfile1</TrustProfileID>
+				<VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>				
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<IdentityLinkSigners>
+			<X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+		</IdentityLinkSigners>
+	</AuthComponent>
+	<ProxyComponent>
+		<AuthComponent>
+			<ConnectionParameter URL="AuthComponentURL">
+				<AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+				<ClientKeyStore password="String">http://www.altova.com</ClientKeyStore>
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+	<OnlineApplication publicURLPrefix="http://localhost:9080/">
+		<AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfParamAuth.xml" sessionTimeOut="10" loginParameterResolverImpl="StringloginParameterResolverImpl1" connectionBuilderImpl="StringconnectionBuilderImpl1">
+			<ConnectionParameter URL="ProxyComponentURL">
+				<AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+				<ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="http://verisign.moa.gv.at/">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+			<ConnectionParameter URL="https://www.verisign.com/">
+				<AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="http://a-trust.moa.gv.at/">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+			<ConnectionParameter URL="https://www.a-trust.at/">
+				<AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="http://baltimore.moa.gv.at/">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+			<ConnectionParameter URL="https://www.baltimore.com/">
+				<AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="http://cio.moa.gv.at/">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+			<ConnectionParameter URL="https://www.cio.gv.at/">
+				<AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="StringOALoginURL2">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2">
+			<ConnectionParameter URL="ProxyComponentURL2">
+				<AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+				<ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="StringOALoginURL3">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3">
+			<ConnectionParameter URL="ProxyComponentURL3">
+				<AcceptedServerCertificates>url:AcceptedServerCertificates3</AcceptedServerCertificates>
+				<ClientKeyStore password="ClientKeystoreOAPAss3">URL:toClientKeystoreOA3</ClientKeyStore>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<ChainingModes systemDefaultMode="chaining">
+		<TrustAnchor mode="chaining">
+			<dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+			<dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+		</TrustAnchor>
+	</ChainingModes>
+	<TrustedCACertificates>file:c:/java/id.server/data/test/certs/ca-certs</TrustedCACertificates>
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="c:/java/id.server/data/test/certs/cert-store-root"/>
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<GenericConfiguration name="ProxyComponent.DisableHostnameVerification" value="true"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/test/conf/OAConfBasicAuth.xml b/id.server/data/test/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..61455f903
--- /dev/null
+++ b/id.server/data/test/conf/OAConfBasicAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateful</LoginType>
+	<BasicAuth>
+		<UserID>MOAGivenName</UserID>
+		<Password>MOAFamilyName</Password>
+	</BasicAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfHeaderAuth.xml b/id.server/data/test/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..c92e055e9
--- /dev/null
+++ b/id.server/data/test/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateful</LoginType>
+	<HeaderAuth>
+		<Header Name="Param1" Value="MOAPublicAuthority"/>
+		<Header Name="Param2" Value="MOABKZ"/>
+		<Header Name="Param3" Value="MOAQualifiedCertificate"/>
+		<Header Name="Param4" Value="MOAZMRZahl"/>
+		<Header Name="Param5" Value="MOAIPAddress"/>
+	</HeaderAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/OAConfParamAuth.xml b/id.server/data/test/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..a70f6a6c0
--- /dev/null
+++ b/id.server/data/test/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateful</LoginType>
+	<ParamAuth>
+		<Parameter Name="Param1" Value="MOADateOfBirth"/>
+		<Parameter Name="Param2" Value="MOAVPK"/>
+	</ParamAuth>
+</Configuration>
diff --git a/id.server/data/test/conf/log4j.properties b/id.server/data/test/conf/log4j.properties
new file mode 100644
index 000000000..9a808f925
--- /dev/null
+++ b/id.server/data/test/conf/log4j.properties
@@ -0,0 +1,10 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=debug, stdout
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
new file mode 100644
index 000000000..e003297f4
--- /dev/null
+++ b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms>
+		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+							<table border="1">
+								<tr>
+									<td>
+										<b>Name:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//@Issuer"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Zeit:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//@IssueInstant"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Applikation:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Geschäftsbereich:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Anmeldeserver:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:NameIdentifier"/>
+									</td>
+								</tr>
+							</table>
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>text/html</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/test/ixsil/init/properties/algorithms.properties b/id.server/data/test/ixsil/init/properties/algorithms.properties
new file mode 100644
index 000000000..35a41cfdd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/algorithms.properties
@@ -0,0 +1,94 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses to maintain the available algorithms.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Canonicalization algorithms
+#
+# The following properties (starting with "Canonicalization.") are associations between canonicalization
+# algorithm URIs and their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the canonicalization algorithm
+# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm
+# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI,
+# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+#              property name.
+
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML
+Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML
+Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments
+
+#----------------------------------------------------------------------------------------------------------
+# Signature algorithms
+#
+# The following properties (starting with "Signature.") are associations between signature algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the signature algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm
+# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI,
+# prepended by the signature algorithm property identifier ("Signature."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+#              property name.
+
+Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA
+Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA
+Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Digest algorithms
+#
+# The following properties (starting with "Digest.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the digest algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm
+# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI,
+# prepended by the digest algorithm property identifier ("Digest."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+#              property name.
+
+Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# Transform algorithms
+#
+# The following properties (starting with "Transform.") are associations between digest algorithm URIs and
+# their corresponding implementation classes.
+#
+# For instance, if you would like to specify the implementation class for the transform algorithm
+# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm
+# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI,
+# prepended by the transform algorithm property identifier ("Transform."). The value of the
+# property is the fully qualified class name of the implementation for this algorithm, for instance the
+# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode".
+#
+# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the
+#              property name.
+
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML
+Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML
+Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments
+Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode
+Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath
+Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature
+Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT
+Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2
diff --git a/id.server/data/test/ixsil/init/properties/init.properties b/id.server/data/test/ixsil/init/properties/init.properties
new file mode 100644
index 000000000..a679a2635
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/init.properties
@@ -0,0 +1,214 @@
+# IXSIL init properties
+#
+# This file contains the basic initialization properties for IXSIL.
+
+#----------------------------------------------------------------------------------------------------------
+# Properties for localizing exeption messages
+
+# This property specifies the ISO language code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOLanguageCode = "en"
+
+
+
+# This property specifies the ISO country code, which is used to select the appropriate exception message
+# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information.
+
+IXSILException.ISOCountryCode = "US"
+
+
+#----------------------------------------------------------------------------------------------------------
+# Other property files
+
+# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e.
+# this file). The URI MUST be absolute.
+#
+# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using
+# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the
+# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below).
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+#              authority component. This means that the part following the scheme identifier starts with "/"
+#              (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties"
+
+location.initProperties = file:data/test/ixsil/init/properties/init.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+#              authority component. This means that the part following the scheme identifier starts with "/"
+#              (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties"
+# Example 4 (relative URI): "../otherpath/algorithms.properties"
+# Example 5 (relative URI): "algorithms.properties"
+
+location.algorithmsProperties = file:data/test/ixsil/init/properties/algorithms.properties
+
+
+
+# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can
+# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's
+# URI as the base.
+#
+# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an
+#              authority component. This means that the part following the scheme identifier starts with "/"
+#              (single slash character), and not with "//" (two slash characters).
+#
+# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties"
+# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties"
+# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties"
+# Example 4 (relative URI): "../otherpath/keyManager.properties"
+# Example 5 (relative URI): "keyManager.properties"
+
+location.keyManagerProperties = file:data/test/ixsil/init/properties/keyManager.properties
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# AlgorithmFactory properties
+
+
+
+This property specifies the extension class for the abstract class
+iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method
+iaik.ixsil.algorithms.AlgorithmFactory.createFactory().
+Please specifiy the fully qualified java class name for the class to be instantiated.
+
+AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# VerifierKeyManager properties
+
+# This property specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the
+# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo
+# element which contains hints that can be used to deduce the verification key.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XML namespace prefix properties
+
+# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSignature = dsig:
+
+
+
+# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace.
+#
+# PLEASE NOTE: The prefix must not be empty.
+
+namespacePrefix.XMLSchemaInstance = xsi:
+
+
+#----------------------------------------------------------------------------------------------------------
+# DOMUtils properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies
+# on. If you would like to employ a parser different from Apache Xerces, you must implement the
+# DOMUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportWarnings = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception
+# or not.
+
+DOMUtils.ErrorHandler.reportErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser
+# exception or not.
+
+DOMUtils.ErrorHandler.reportFatalErrors = true
+
+
+
+# This property is used by the standard implementation class for the interface
+# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL.
+# It specifies an URI for the location of the XML schema for an XML signature, which is used as the
+# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement.
+# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for
+# this init property file as the base.
+
+DOMUtils.SignatureSchema = ../schemas/Signature.xsd
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# XPathUtils properties
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies
+# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the
+# XPathUtilsInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl
+
+
+
+#----------------------------------------------------------------------------------------------------------
+# CanonicalXMLSerializer properties
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according
+# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an
+# implemenation different from the standard implementation shipped with IXSIL, you must implement the
+# CanonicalXMLSerialierInterface and specify your implementation class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
+
+
+
+# This property specifies the implementation class IXSIL should use for the interface
+# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML
+# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120).
+# If you would like to employ an implemenation different from the standard implementation shipped with
+# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation
+# class using this property.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl
diff --git a/id.server/data/test/ixsil/init/properties/keyManager.properties b/id.server/data/test/ixsil/init/properties/keyManager.properties
new file mode 100644
index 000000000..24ece437a
--- /dev/null
+++ b/id.server/data/test/ixsil/init/properties/keyManager.properties
@@ -0,0 +1,74 @@
+# IXSIL algorithm properties
+#
+# This file contains the properties which IXSIL uses in context of key management.
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement,
+# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that
+# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage
+# subelements of that type.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements,
+# the property name is the fully qualified XML name for the "KeyValue" element, namely
+# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class
+# name of the key provider implementation class, for instance the standard implementation which ships with
+# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue".
+#
+# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the
+#                  element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+#                  element (e.g. "KeyValue"). Both components are seperated by a colon.
+#
+# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the
+#                   property name.
+
+http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue
+http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data
+http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following properties specify the order in which the different types of "KeyInfo" subelements are used
+# by the key manager to deduce the verification key.
+#
+# These properties are only of interest, if you are using the standard key manager shipped with IXISL
+# (which is class iaik.ixsil.keyInfo.KeyManagerImpl).
+#
+# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo"
+# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an
+# example configuration:
+#
+# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+#
+# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the
+# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second
+# chance. Of course you can specify more than only two different subelement types.
+#
+# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the
+#              element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the
+#              element (e.g. "KeyValue"). Both components are seperated by a colon.
+
+Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue
+Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data
+Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod
+
+
+
+#----------------------------------------------------------------------------------------------------------
+#
+# The following property is used by standard implementation of the "X509Data" key provider, which ships
+# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface
+# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust
+# manager for this key provider.
+# Please specifiy the fully qualified java class name for the class to be instantiated.
+
+KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl
+
diff --git a/id.server/data/test/ixsil/init/schemas/Signature.xsd b/id.server/data/test/ixsil/init/schemas/Signature.xsd
new file mode 100644
index 000000000..7867883f9
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/Signature.xsd
@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+  SYSTEM "XMLSchema.dtd"
+ [
+   <!ATTLIST schema 
+     xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+   <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+   <!ENTITY % p ''>
+   <!ENTITY % s ''>
+  ]>
+
+<!-- Schema for XML Signatures
+    http://www.w3.org/2000/09/xmldsig#
+    $Revision: 1.3 $ on $Date: 2001/08/28 16:14:01 $ by $Author: reagle $
+
+    Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+    of Technology, Institut National de Recherche en Informatique et en
+    Automatique, Keio University). All Rights Reserved.
+    http://www.w3.org/Consortium/Legal/
+
+    This document is governed by the W3C Software License [1] as described
+    in the FAQ [2].
+
+    [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+    [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+        targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+        version="0.1" elementFormDefault="qualified"> 
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+  <restriction base="base64Binary">
+  </restriction>
+</simpleType>
+ -->
+ 
+<simpleType name="CryptoBinary">
+  <restriction base="string">
+   <whiteSpace value="preserve"/>
+   <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/> 
+  </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+  <sequence> 
+    <element ref="ds:SignedInfo"/> 
+    <element ref="ds:SignatureValue"/> 
+    <element ref="ds:KeyInfo" minOccurs="0"/> 
+    <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> 
+  </sequence>  
+  <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+  <element name="SignatureValue" type="ds:SignatureValueType"/> 
+  <complexType name="SignatureValueType">
+    <simpleContent>
+      <extension base="ds:CryptoBinary">
+        <attribute name="Id" type="ID" use="optional"/>
+      </extension>
+    </simpleContent>
+  </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+  <sequence> 
+    <element ref="ds:CanonicalizationMethod"/> 
+    <element ref="ds:SignatureMethod"/> 
+    <element ref="ds:Reference" maxOccurs="unbounded"/> 
+  </sequence>  
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+  <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/> 
+  <complexType name="CanonicalizationMethodType" mixed="true">
+    <sequence>
+      <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+      <!-- (0,unbounded) elements from (1,1) namespace -->
+    </sequence>
+    <attribute name="Algorithm" type="anyURI" use="required"/> 
+  </complexType>
+
+  <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+  <complexType name="SignatureMethodType" mixed="true">
+    <sequence>
+      <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+      <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+      <!-- (0,unbounded) elements from (1,1) external namespace -->
+    </sequence>
+    <attribute name="Algorithm" type="anyURI" use="required"/> 
+  </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+  <sequence> 
+    <element ref="ds:Transforms" minOccurs="0"/> 
+    <element ref="ds:DigestMethod"/> 
+    <element ref="ds:DigestValue"/> 
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+  <attribute name="URI" type="anyURI" use="optional"/> 
+  <attribute name="Type" type="anyURI" use="optional"/> 
+</complexType>
+
+  <element name="Transforms" type="ds:TransformsType"/>
+  <complexType name="TransformsType">
+    <sequence>
+      <element ref="ds:Transform" maxOccurs="unbounded"/>  
+    </sequence>
+  </complexType>
+
+  <element name="Transform" type="ds:TransformType"/>
+  <complexType name="TransformType" mixed="true">
+    <choice minOccurs="0" maxOccurs="unbounded"> 
+      <any namespace="##other" processContents="lax"/>
+      <!-- (1,1) elements from (0,unbounded) namespaces -->
+      <element name="XPath" type="string"/> 
+    </choice>
+    <attribute name="Algorithm" type="anyURI" use="required"/> 
+  </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true"> 
+  <sequence>
+    <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+  </sequence>    
+  <attribute name="Algorithm" type="anyURI" use="required"/> 
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+  <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/> 
+<complexType name="KeyInfoType" mixed="true">
+  <choice maxOccurs="unbounded">     
+    <element ref="ds:KeyName"/> 
+    <element ref="ds:KeyValue"/> 
+    <element ref="ds:RetrievalMethod"/> 
+    <element ref="ds:X509Data"/> 
+    <element ref="ds:PGPData"/> 
+    <element ref="ds:SPKIData"/>
+    <element ref="ds:MgmtData"/>
+    <any processContents="lax" namespace="##other"/>
+    <!-- (1,1) elements from (0,unbounded) namespaces -->
+  </choice>
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+  <element name="KeyName" type="string"/>
+  <element name="MgmtData" type="string"/>
+
+  <element name="KeyValue" type="ds:KeyValueType"/> 
+  <complexType name="KeyValueType" mixed="true">
+   <choice>
+     <element ref="ds:DSAKeyValue"/>
+     <element ref="ds:RSAKeyValue"/>
+     <any namespace="##other" processContents="lax"/>
+   </choice>
+  </complexType>
+
+  <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> 
+  <complexType name="RetrievalMethodType">
+    <sequence>
+      <element name="Transforms" type="ds:TransformsType" minOccurs="0"/> 
+    </sequence>  
+    <attribute name="URI" type="anyURI"/>
+    <attribute name="Type" type="anyURI" use="optional"/>
+  </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/> 
+<complexType name="X509DataType">
+  <sequence maxOccurs="unbounded">
+    <choice>
+      <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+      <element name="X509SKI" type="ds:CryptoBinary"/>
+      <element name="X509SubjectName" type="string"/>
+      <element name="X509Certificate" type="ds:CryptoBinary"/>
+      <element name="X509CRL" type="ds:CryptoBinary"/>
+      <any namespace="##other" processContents="lax"/>
+    </choice>
+  </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType"> 
+  <sequence> 
+    <element name="X509IssuerName" type="string"/> 
+    <element name="X509SerialNumber" type="integer"/> 
+  </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/> 
+<complexType name="PGPDataType"> 
+  <choice>
+    <sequence>
+      <element name="PGPKeyID" type="ds:CryptoBinary"/> 
+      <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/> 
+      <any namespace="##other" processContents="lax" minOccurs="0"
+       maxOccurs="unbounded"/>
+    </sequence>
+    <sequence>
+      <element name="PGPKeyPacket" type="ds:CryptoBinary"/> 
+      <any namespace="##other" processContents="lax" minOccurs="0"
+       maxOccurs="unbounded"/>
+    </sequence>
+  </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/> 
+<complexType name="SPKIDataType">
+  <sequence maxOccurs="unbounded">
+    <element name="SPKISexp" type="ds:CryptoBinary"/>
+    <any namespace="##other" processContents="lax" minOccurs="0"/>
+  </sequence>
+</complexType> 
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/> 
+<complexType name="ObjectType" mixed="true">
+  <sequence minOccurs="0" maxOccurs="unbounded">
+    <any namespace="##any" processContents="lax"/>
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+  <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+  <attribute name="Encoding" type="anyURI" use="optional"/> 
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/> 
+<complexType name="ManifestType">
+  <sequence>
+    <element ref="ds:Reference" maxOccurs="unbounded"/> 
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/> 
+<complexType name="SignaturePropertiesType">
+  <sequence>
+    <element ref="ds:SignatureProperty" maxOccurs="unbounded"/> 
+  </sequence>
+  <attribute name="Id" type="ID" use="optional"/> 
+</complexType>
+
+   <element name="SignatureProperty" type="ds:SignaturePropertyType"/> 
+   <complexType name="SignaturePropertyType" mixed="true">
+     <choice maxOccurs="unbounded">
+       <any namespace="##any" processContents="lax"/> 
+       <!-- (1,1) elements from (1,unbounded) namespaces -->
+     </choice>
+     <attribute name="Target" type="anyURI" use="required"/> 
+     <attribute name="Id" type="ID" use="optional"/> 
+   </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+  <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+  <sequence>
+    <sequence minOccurs="0">
+      <element name="P" type="ds:CryptoBinary"/>
+      <element name="Q" type="ds:CryptoBinary"/>
+    </sequence>
+    <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+    <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+    <element name="Y" type="ds:CryptoBinary"/>
+    <sequence minOccurs="0">
+      <element name="Seed" type="ds:CryptoBinary"/>
+      <element name="PgenCounter" type="ds:CryptoBinary"/>
+    </sequence>
+  </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+  <sequence>
+    <element name="Modulus" type="ds:CryptoBinary"/> 
+    <element name="Exponent" type="ds:CryptoBinary"/> 
+  </sequence>
+</complexType> 
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
new file mode 100644
index 000000000..678cfc8dd
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd
@@ -0,0 +1,402 @@
+<!-- DTD for XML Schemas: Part 1: Structures
+     Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+     Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. -->           <!--d-->
+<!-- prose copy in the structures REC is the definitive version -->    <!--d-->
+<!-- (which shouldn't differ from this one except for this -->         <!--d-->
+<!-- comment and entity expansions, but just in case) -->              <!--d-->
+<!-- With the exception of cases with multiple namespace
+     prefixes for the XML Schema namespace, any XML document which is
+     not valid per this DTD given redefinitions in its internal subset of the
+     'p' and 's' parameter entities below appropriate to its namespace
+     declaration of the XML Schema namespace is almost certainly not
+     a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+     are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+                         schema document to establish a different
+                         namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+                         also define %s as the suffix for the appropriate
+                         namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+     Define one of these if your schema takes advantage of the
+     anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+      <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+      <!-- #all or space-separated list drawn from
+                      derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls    '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+     which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+                    ((%simpleType; | %complexType;
+                      | %element; | %attribute;
+                      | %attributeGroup; | %group;
+                      | %notation; ),
+                     (%annotation;)*)* )>
+<!ATTLIST %schema;
+   targetNamespace      %URIref;               #IMPLIED
+   version              CDATA                  #IMPLIED
+   %nds;                %URIref;               #FIXED 'http://www.w3.org/2001/XMLSchema'
+   xmlns                CDATA                  #IMPLIED
+   finalDefault         %complexDerivationSet; ''
+   blockDefault         %blockSet;             ''
+   id                   ID                     #IMPLIED
+   elementFormDefault   %formValues;           'unqualified'
+   attributeFormDefault %formValues;           'unqualified'
+   xml:lang             CDATA                  #IMPLIED
+   %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+     because at the Infoset level where schemas operate,
+     xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+ 
+<!-- The id attribute here and below is for use in external references
+     from non-schemas using simple fragment identifiers.
+     It is NOT used for schema-to-schema reference, internal or
+     external. -->
+
+<!-- a type is a named content type specification which allows attribute
+     declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+                         (%simpleContent;|%complexContent;|
+                          %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+          name      %NCName;                        #IMPLIED
+          id        ID                              #IMPLIED
+          abstract  %boolean;                       #IMPLIED
+          final     %complexDerivationSet;          #IMPLIED
+          block     %complexDerivationSet;          #IMPLIED
+          mixed (true|false) 'false'
+          %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+     has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+     and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+          mixed (true|false) #IMPLIED
+          id    ID           #IMPLIED
+          %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+     one from part2; extension should use the full model  -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+          id    ID           #IMPLIED
+          %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the 
+     one defined above; extension should have no particle  -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+          base  %QName;      #REQUIRED
+          id    ID           #IMPLIED
+          %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+                     (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+            name               %NCName;               #IMPLIED
+            id                 ID                     #IMPLIED
+            ref                %QName;                #IMPLIED
+            type               %QName;                #IMPLIED
+            minOccurs          %nonNegativeInteger;   #IMPLIED
+            maxOccurs          CDATA                  #IMPLIED
+            nillable           %boolean;              #IMPLIED
+            substitutionGroup  %QName;                #IMPLIED
+            abstract           %boolean;              #IMPLIED
+            final              %complexDerivationSet; #IMPLIED
+            block              %blockSet;             #IMPLIED
+            default            CDATA                  #IMPLIED
+            fixed              CDATA                  #IMPLIED
+            form               %formValues;           #IMPLIED
+            %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+     name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+     substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group; 
+          name        %NCName;               #IMPLIED
+          ref         %QName;                #IMPLIED
+          minOccurs   %nonNegativeInteger;   #IMPLIED
+          maxOccurs   CDATA                  #IMPLIED
+          id          ID                     #IMPLIED
+          %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+          minOccurs   (1)                    #IMPLIED
+          maxOccurs   (1)                    #IMPLIED
+          id          ID                     #IMPLIED
+          %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+          minOccurs   %nonNegativeInteger;   #IMPLIED
+          maxOccurs   CDATA                  #IMPLIED
+          id          ID                     #IMPLIED
+          %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+          minOccurs   %nonNegativeInteger;   #IMPLIED
+          maxOccurs   CDATA                  #IMPLIED
+          id          ID                     #IMPLIED
+          %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+     a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+     If order is 'all' THIS group must be alone (or referenced alone) at
+     the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+            namespace       CDATA                  '##any'
+            processContents (skip|lax|strict)      'strict'
+            minOccurs       %nonNegativeInteger;   '1'
+            maxOccurs       CDATA                  '1'
+            id              ID                     #IMPLIED
+            %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+                  ##any      - - any non-conflicting WFXML at all
+
+                  ##other    - - any non-conflicting WFXML from namespace other
+                                  than targetNamespace
+
+                  ##local    - - any unqualified non-conflicting WFXML/attribute
+                  one or     - - any non-conflicting WFXML from
+                  more URI        the listed namespaces
+                  references
+
+                  ##targetNamespace ##local may appear in the above list,
+                    with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+            namespace       CDATA              '##any'
+            processContents (skip|lax|strict)  'strict'
+            id              ID                 #IMPLIED
+            %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+          name      %NCName;      #IMPLIED
+          id        ID            #IMPLIED
+          ref       %QName;       #IMPLIED
+          type      %QName;       #IMPLIED
+          use       (prohibited|optional|required) #IMPLIED
+          default   CDATA         #IMPLIED
+          fixed     CDATA         #IMPLIED
+          form      %formValues;  #IMPLIED
+          %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+     name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+     reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+                       (%attribute; | %attributeGroup;)*,
+                       (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+                 name       %NCName;       #IMPLIED
+                 id         ID             #IMPLIED
+                 ref        %QName;        #IMPLIED
+                 %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name.  ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+          name     %NCName;       #REQUIRED
+    id       ID             #IMPLIED
+    %uniqueAttrs;>
+
+<!ELEMENT %key;    ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+          name     %NCName;       #REQUIRED
+    id       ID             #IMPLIED
+    %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+          name     %NCName;       #REQUIRED
+    refer    %QName;        #REQUIRED
+    id       ID             #IMPLIED
+    %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+          xpath %XPathExpr; #REQUIRED
+          id    ID          #IMPLIED
+          %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+          xpath %XPathExpr; #REQUIRED
+          id    ID          #IMPLIED
+          %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+          schemaLocation %URIref; #REQUIRED
+          id             ID       #IMPLIED
+          %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+          namespace      %URIref; #IMPLIED
+          schemaLocation %URIref; #IMPLIED
+          id             ID       #IMPLIED
+          %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+                      %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+          schemaLocation %URIref; #REQUIRED
+          id             ID       #IMPLIED
+          %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+    name        %NCName;    #REQUIRED
+    id          ID          #IMPLIED
+    public      CDATA       #REQUIRED
+    system      %URIref;    #IMPLIED
+    %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+     as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+     to work -->
+<!ELEMENT %appinfo; ANY>   <!-- too restrictive -->
+<!ATTLIST %appinfo;
+          source     %URIref;      #IMPLIED
+          id         ID         #IMPLIED
+          %appinfoAttrs;>
+<!ELEMENT %documentation; ANY>   <!-- too restrictive -->
+<!ATTLIST %documentation;
+          source     %URIref;   #IMPLIED
+          id         ID         #IMPLIED
+          xml:lang   CDATA      #IMPLIED
+          %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+           'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+           'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/test/ixsil/init/schemas/datatypes.dtd b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
new file mode 100644
index 000000000..8e48553be
--- /dev/null
+++ b/id.server/data/test/ixsil/init/schemas/datatypes.dtd
@@ -0,0 +1,203 @@
+<!--
+        DTD for XML Schemas: Part 2: Datatypes
+        $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $
+        Note this DTD is NOT normative, or even definitive. - - the
+        prose copy in the datatypes REC is the definitive version
+        (which shouldn't differ from this one except for this comment
+        and entity expansions, but just in case)
+  -->
+
+<!--
+        This DTD cannot be used on its own, it is intended
+        only for incorporation in XMLSchema.dtd, q.v.
+  -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+        Customisation entities for the ATTLIST of each element
+        type. Define one of these if your schema takes advantage
+        of the anyAttribute='##other' in the schema for schemas
+  -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+        types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+        #all or space-separated list drawn from derivationChoice
+  -->
+
+<!--
+        Note that the use of 'facet' below is less restrictive
+        than is really intended:  There should in fact be no
+        more than one of each of minInclusive, minExclusive,
+        maxInclusive, maxExclusive, totalDigits, fractionDigits,
+        length, maxLength, minLength within datatype,
+        and the min- and max- variants of Inclusive and Exclusive
+        are mutually exclusive. On the other hand,  pattern and
+        enumeration may repeat.
+  -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+   "%pattern; | %enumeration; | %whiteSpace; | %length; |
+   %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr 
+        "value CDATA #REQUIRED
+        id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+        ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+    name      %NCName; #IMPLIED
+    final     %simpleDerivationSet; #IMPLIED
+    id        ID       #IMPLIED
+    %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+                         (%restriction1; |
+                          ((%simpleType;)?,(%facet;)*)),
+                         (%attrDecls;))>
+<!ATTLIST %restriction;
+    base      %QName;                  #IMPLIED
+    id        ID       #IMPLIED
+    %restrictionAttrs;>
+<!--
+        base and simpleType child are mutually exclusive,
+        one is required.
+
+        restriction is shared between simpleType and
+        simpleContent and complexContent (in XMLSchema.xsd).
+        restriction1 is for the latter cases, when this
+        is restricting a complex type, as is attrDecls.
+  -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+    itemType      %QName;             #IMPLIED
+    id        ID       #IMPLIED
+    %listAttrs;>
+<!--
+        itemType and simpleType child are mutually exclusive,
+        one is required
+  -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+    id            ID       #IMPLIED
+    memberTypes   %QNames;            #IMPLIED
+    %unionAttrs;>
+<!--
+        At least one item in memberTypes or one simpleType
+        child is required
+  -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+        %facetAttr;
+        %fixedAttr;
+        %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+        %facetAttr;
+        %fixedAttr;
+        %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+        %facetAttr;
+        %fixedAttr;
+        %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+        %facetAttr;
+        %fixedAttr;
+        %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+        %facetAttr;
+        %fixedAttr;
+        %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+        %facetAttr;
+        %fixedAttr;
+        %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+        %facetAttr;
+        %fixedAttr;
+        %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+        %facetAttr;
+        %fixedAttr;
+        %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+        %facetAttr;
+        %fixedAttr;
+        %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+        %facetAttr;
+        %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+        %facetAttr;
+        %fixedAttr;
+        %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+        %facetAttr;
+        %patternAttrs;>
diff --git a/id.server/data/test/xmldata/ErrorResponse.xml b/id.server/data/test/xmldata/ErrorResponse.xml
new file mode 100644
index 000000000..db70c2560
--- /dev/null
+++ b/id.server/data/test/xmldata/ErrorResponse.xml
@@ -0,0 +1,4 @@
+<?xml version='1.0' encoding='UTF-8'?><sl10:ErrorResponse xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>
+	<sl10:ErrorCode>29002</sl10:ErrorCode>
+	<sl10:Info>Ein unerwarteter Fehler ist aufgetreten. Die Verarbeitung wurde abgebrochen. Fehler:null</sl10:Info>
+</sl10:ErrorResponse>
\ No newline at end of file
diff --git a/id.server/data/test/xmldata/GetIdentityLinkForm.html b/id.server/data/test/xmldata/GetIdentityLinkForm.html
new file mode 100644
index 000000000..b7828e598
--- /dev/null
+++ b/id.server/data/test/xmldata/GetIdentityLinkForm.html
@@ -0,0 +1,20 @@
+<html>
+<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+<head>
+<title>Auslesen der Personenbindung</title>
+
+</head>
+<body>
+<form name="GetIdentityLinkForm"
+      action="http://localhost:3495/http-security-layer-request"
+      method="post">
+  <input type="hidden" 
+         name="XMLRequest"
+         value="<?xml version='1.0' encoding='ISO-8859-1' ?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"/>
+  <input type="hidden" 
+         name="DataURL"
+         value="https://localhost:8443/moa-id-auth/VerifyIdentityLink?MOASessionID=3579795857269397498"/>
+  <input type="submit" value="Auslesen der Personenbindung"/>
+</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
new file mode 100644
index 000000000..2cfa65c96
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Paul Ivancsics (My Own) -->
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="-4633313027464114584" Issuer="http://localhost:8080/moa-id-auth/" IssueInstant="2003-04-02T14:55:42+02:00">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">MTk2OC0xMC0yMmdi</saml:NameIdentifier>
+			<saml:SubjectConfirmation>
+				<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+				<saml:SubjectConfirmationData>
+					<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="any" Issuer="Hermann Muster" IssueInstant="2003-04-02T14:55:27+02:00">
+						<saml:AttributeStatement>
+							<saml:Subject>
+								<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+							</saml:Subject>
+							<saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+								<saml:AttributeValue>gb</saml:AttributeValue>
+							</saml:Attribute>
+							<saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+								<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+							</saml:Attribute>
+						</saml:AttributeStatement>
+					</saml:Assertion>
+					<saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+						<saml:AttributeStatement>
+							<saml:Subject>
+								<saml:SubjectConfirmation>
+									<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+									<saml:SubjectConfirmationData>
+										<pr:Person xsi:type="pr:PhysicalPersonType">
+											<pr:Identification>
+												<pr:Value>123456789012</pr:Value>
+												<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+											</pr:Identification>
+											<pr:Name>
+												<pr:GivenName>Hermann</pr:GivenName>
+												<pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+											</pr:Name>
+											<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+										</pr:Person>
+									</saml:SubjectConfirmationData>
+								</saml:SubjectConfirmation>
+							</saml:Subject>
+							<saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+								<saml:AttributeValue>
+									<dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+										<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+										<dsig:Exponent>AQAB</dsig:Exponent>
+									</dsig:RSAKeyValue>
+								</saml:AttributeValue>
+							</saml:Attribute>
+							<saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+								<saml:AttributeValue>
+									<dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+										<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+										<dsig:Exponent>AQAB</dsig:Exponent>
+									</dsig:RSAKeyValue>
+								</saml:AttributeValue>
+							</saml:Attribute>
+						</saml:AttributeStatement>
+						<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+							<dsig:SignedInfo>
+								<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+								<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+								<dsig:Reference URI="">
+									<dsig:Transforms>
+										<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+											<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+										</dsig:Transform>
+										<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+									</dsig:Transforms>
+									<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+									<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>
+								</dsig:Reference>
+								<dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="">
+									<dsig:Transforms>
+										<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+											<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>
+										</dsig:Transform>
+									</dsig:Transforms>
+									<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+									<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>
+								</dsig:Reference>
+							</dsig:SignedInfo>
+							<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>
+							<dsig:KeyInfo>
+								<dsig:X509Data>
+									<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>
+									<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>
+									<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>
+								</dsig:X509Data>
+							</dsig:KeyInfo>
+							<dsig:Object>
+								<dsig:Manifest>
+									<dsig:Reference URI="">
+										<dsig:Transforms>
+											<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+										</dsig:Transforms>
+										<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+										<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>
+									</dsig:Reference>
+								</dsig:Manifest>
+							</dsig:Object>
+						</dsig:Signature>
+					</saml:Assertion>
+				</saml:SubjectConfirmationData>
+			</saml:SubjectConfirmation>
+		</saml:Subject>
+		<saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+			<saml:AttributeValue>
+				<pr:Person xsi:type="pr:PhysicalPersonType">
+					<pr:Identification>
+						<pr:Value>123456789012</pr:Value>
+						<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+					</pr:Identification>
+					<pr:Name>
+						<pr:GivenName>Hermann</pr:GivenName>
+						<pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+					</pr:Name>
+					<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+				</pr:Person>
+			</saml:AttributeValue>
+		</saml:Attribute>
+		<saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+			<saml:AttributeValue>false</saml:AttributeValue>
+		</saml:Attribute>
+	</saml:AttributeStatement>
+</saml:Assertion>
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
new file mode 100644
index 000000000..4a5f02dcd
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml
@@ -0,0 +1,52 @@
+<?xml version='1.0' encoding='ISO-8859-1' ?>
+<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'>
+	<sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>
+		<sl11:DataObjectInfo Structure='detached'>
+			<sl10:DataObject Reference=''/>
+<sl10:TransformsInfo>
+	<dsig:Transforms>
+		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" >
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: 
+<br /><br />
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer" /></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant" /></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue" /></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier" /></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
+   	    </dsig:Transform>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>text/html</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>		</sl11:DataObjectInfo>
+   <sl11:SignatureInfo>
+     <sl11:SignatureEnvironment>
+				<sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-02-26T09:25:50+01:00'>
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+		</saml:Subject>
+		<saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+			<saml:AttributeValue>gb</saml:AttributeValue>
+		</saml:Attribute>
+		<saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>
+			<saml:AttributeValue>http://localhost:9080/login.html</saml:AttributeValue>
+		</saml:Attribute>
+	</saml:AttributeStatement>
+</saml:Assertion></sl10:XMLContent>
+     </sl11:SignatureEnvironment>
+     <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation>
+   </sl11:SignatureInfo>
+</sl11:CreateXMLSignatureRequest>
\ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..5a4759b7a
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>
+		</saml:Subject>
+		<saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+			<saml:AttributeValue>gb</saml:AttributeValue>
+		</saml:Attribute>
+		<saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+			<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>
+		</saml:Attribute>
+	</saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n
+FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0
+YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file
diff --git a/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
new file mode 100644
index 000000000..9b8fa743f
--- /dev/null
+++ b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace"><SignerInfo><dsig:X509Data><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>0</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate><PublicAuthority><Code>BMOLS-IKT</Code></PublicAuthority></dsig:X509Data></SignerInfo><HashInputData><Base64Content>PFZlcmlmeVhNTFNpZ25hdHVyZVJlcXVlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVu Y2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4 bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4g IDxWZXJpZnlTaWduYXR1cmVJbmZvPiAgICA8VmVyaWZ5U2lnbmF0dXJlRW52aXJv bm1lbnQ+ICAgICAgPFhNTENvbnRlbnQgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHNh bWw6QXNzZXJ0aW9uIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJu bWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5z OnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHht bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu Y2UiIEFzc2VydGlvbklEPSJ6bXIuYm1pLmd2LmF0LUFzc2VydGlvbklELTIwMDMt MDItMTJUMjA6Mjg6MzQuNDc0IiBJc3N1ZUluc3RhbnQ9IjIwMDMtMDItMTJUMjA6 Mjg6MzQuNDc0IiBJc3N1ZXI9Imh0dHA6Ly96bXIuYm1pLmd2LmF0L3ptcmEvbmFt ZXMjSXNzdWVyIiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI+CiAg PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPHNhbWw6U3ViamVjdD4KICAg ICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8c2FtbDpDb25m aXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNl bmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KICAgICAgICA8 c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KICAgICAgICAgIDxwcjpQZXJz b24geHNpOnR5cGU9InByOlBoeXNpY2FsUGVyc29uVHlwZSI+CiAgICAgICAgICAg IAogICAgICAgICAgICA8cHI6TmFtZT4KICAgICAgICAgICAgICA8cHI6R2l2ZW5O YW1lPkhlcm1hbm48L3ByOkdpdmVuTmFtZT4KICAgICAgICAgICAgICA8cHI6RmFt aWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3RlcjwvcHI6RmFtaWx5TmFt ZT4KICAgICAgICAgICAgPC9wcjpOYW1lPgogICAgICAgICAgICA8cHI6RGF0ZU9m QmlydGg+MTk2OC0xMC0yMjwvcHI6RGF0ZU9mQmlydGg+CiAgICAgICAgICA8L3By OlBlcnNvbj4KICAgICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+ CiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgogICAgPC9zYW1sOlN1 YmplY3Q+CiAgICA8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXpl blB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmJ1ZXJn ZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMi PgogICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgICA8ZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgICAgIDxkc2lnOk1vZHVsdXM+MHYxRnRmN1dYZ29leHgw Sm8vR3JsRXhIT0huUUlFUTVGRlNqcHRMUmQ1Qk4xbVpZUmcyUzlLZk9NYkhTQ3Np UG04QXdqQUV3RTVFTSBBNlAxOFovWXlUSXVQN2ZOR3pja2JCNVBZSWdOTUhMOC9U WUpoSEE4Q2phbXNCckVmWURYaXZFOGlBdkFMZzVJOVJNTFpBRG16TDdhIGYyZGFZ WXVPOGR5Y1F3M3hnNlU9PC9kc2lnOk1vZHVsdXM+CiAgICAgICAgICA8ZHNpZzpF eHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PgogICAgICAgIDwvZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgPC9zYW1s OkF0dHJpYnV0ZT4KICAgIDxzYW1sOkF0dHJpYnV0ZSBBdHRyaWJ1dGVOYW1lPSJD aXRpemVuUHVibGljS2V5IiBBdHRyaWJ1dGVOYW1lc3BhY2U9Imh0dHA6Ly93d3cu YnVlcmdlcmthcnRlLmF0L25hbWVzcGFjZXMvcGVyc29uZW5iaW5kdW5nLzIwMDIw NTA2IyI+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgIDxkc2ln OlJTQUtleVZhbHVlPgogICAgICAgICAgPGRzaWc6TW9kdWx1cz5pMnFhNTZYNGZw WWVYcUZMWEFjUWxqR1UzK0RXblZnTnJBeEk5Z24yYk1lRld0TFhFMlNGYTZxdmw5 RXltVWwwbm9CbEZuMHE5RFdwIEFzeWVMblJoekNBWEplU3hpd3NVRWxvT3ZjUUNW MERmVzJVVnEwWTliVmxKOEtpZkoyQVMrNUJ4WjIxbWtjL1ZZeDVRejZFWWpQcm4g cElwZEF3UjlzdzV4bkl2VHlTYz08L2RzaWc6TW9kdWx1cz4KICAgICAgICAgIDxk c2lnOkV4cG9uZW50PkFRQUI8L2RzaWc6RXhwb25lbnQ+CiAgICAgICAgPC9kc2ln OlJTQUtleVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICA8 L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+Cjwvc2Ft bDpBc3NlcnRpb24+PC9YTUxDb250ZW50PiAgICA8L1ZlcmlmeVNpZ25hdHVyZUVu dmlyb25tZW50PiAgICA8VmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+Ly9kc2lnOlNp Z25hdHVyZTwvVmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+ICA8L1ZlcmlmeVNpZ25h dHVyZUluZm8+ICA8UmV0dXJuSGFzaElucHV0RGF0YT48L1JldHVybkhhc2hJbnB1 dERhdGE+ICA8VHJ1c3RQcm9maWxlSUQ+VHJ1c3RQcm9maWxlMTwvVHJ1c3RQcm9m aWxlSUQ+PC9WZXJpZnlYTUxTaWduYXR1cmVSZXF1ZXN0Pg==</Base64Content></HashInputData><HashInputData><Base64Content>PGRzaWc6TWFuaWZlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5t ZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4bWxuczpkc2lnPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiB4bWxuczpwcj0iaHR0 cDovL3JlZmVyZW5jZS5lLWdvdmVybm1lbnQuZ3YuYXQvbmFtZXNwYWNlL3BlcnNv bmRhdGEvMjAwMjAyMjgjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6 U0FNTDoxLjA6YXNzZXJ0aW9uIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWw6c3BhY2U9InByZXNlcnZlIj48 ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJh bnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxk c2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvZHNpZzpUcmFuc2Zvcm0+PC9kc2ln OlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDov L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHNpZzpEaWdlc3RN ZXRob2Q+PGRzaWc6RGlnZXN0VmFsdWU+QnF6ZkNCN2ROZzRHM3U0WWF4cEQxdEFM ZEtJPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpN YW5pZmVzdD4=</Base64Content></HashInputData><SignatureCheck><Code>1</Code></SignatureCheck><XMLDSIGManifestCheck><Code>1</Code><Info><ReferringSigReference>1</ReferringSigReference></Info></XMLDSIGManifestCheck><CertificateCheck><Code>1</Code></CertificateCheck></VerifyXMLSignatureResponse>
\ No newline at end of file
diff --git a/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
new file mode 100644
index 000000000..a35b7f209
--- /dev/null
+++ b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml
@@ -0,0 +1,97 @@
+<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <saml:AttributeStatement>
+    <saml:Subject>
+      <saml:SubjectConfirmation>
+        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+        <saml:SubjectConfirmationData>
+          <pr:Person xsi:type="pr:PhysicalPersonType">
+            <pr:Identification>
+              <pr:Value>123456789012</pr:Value>
+              <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>
+            </pr:Identification>
+            <pr:Name>
+              <pr:GivenName>Hermann</pr:GivenName>
+              <pr:FamilyName primary="undefined">Muster</pr:FamilyName>
+            </pr:Name>
+            <pr:DateOfBirth>1968-10-22</pr:DateOfBirth>
+          </pr:Person>
+        </saml:SubjectConfirmationData>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+      <saml:AttributeValue>
+        <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+          <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM
+A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a
+f2daYYuO8dycQw3xg6U=</dsig:Modulus>
+          <dsig:Exponent>AQAB</dsig:Exponent>
+        </dsig:RSAKeyValue>
+      </saml:AttributeValue>
+    </saml:Attribute>
+    <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#">
+      <saml:AttributeValue>
+        <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+          <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp
+AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn
+pIpdAwR9sw5xnIvTySc=</dsig:Modulus>
+          <dsig:Exponent>AQAB</dsig:Exponent>
+        </dsig:RSAKeyValue>
+      </saml:AttributeValue>
+    </saml:Attribute></saml:AttributeStatement>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz
+5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP
+3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w
+MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU
+ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3
++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0
+lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY
+hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB
+ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy
+IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII
+NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ
+etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2
+fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN
+aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0
+Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w
+MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu
+aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG
+A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU
+ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia
+2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S
+BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB
+AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC
+MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl
+aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB
+BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ
+BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl
+ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv
+7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG
+A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n
+IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx
+JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx
+MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK
+FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh
+bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
+UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk
+QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW
+nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e
+vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
+MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
+VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj
+v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp
+lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv
+RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr
+BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7
+kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file
-- 
cgit v1.2.3